Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.02.2013, 22:48   #1
Hilfe343
 
Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? - Standard

Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?



Liebe Forengemeinde,

ein sehr netter Kollege von mir hat sich diesen Sonntag einen Virus eingefangen, der alle Dokumente verschlüsselt hat. Laut Kaspersky Boot CD handelt es sich um den
"Trojan-Ransom.Win32.Foreign.abjw"

Die Dokumente auf dem Rechner heisen nun beispielsweise:
GJGXUyLLpxpgQsfs oder
leGoQsfAxEDsnjGoDT

Wie kann ich diese Dateien wieder entschlüsseln?
Wie immer sind die Daten sehr wichtig und ich wäre jedem Dankbar der mir helfen kann/will.

Vielen Dank

Daniel

Malwarebytes Log

Malwarebytes Anti-Malware (Test) 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.02.27.11

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
horst :: HORST-PC [Administrator]

Schutz: Aktiviert

27.02.2013 22:33:53
mbam-log-2013-02-27 (22-33-53).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 232787
Laufzeit: 3 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.02.2013 22:52:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\horst\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 60,86% Memory free
7,83 Gb Paging File | 6,09 Gb Available in Paging File | 77,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 183,73 Gb Free Space | 77,05% Space Free | Partition Type: NTFS
Drive D: | 332,70 Gb Total Space | 28,14 Gb Free Space | 8,46% Space Free | Partition Type: NTFS
 
Computer Name: HORST-PC | User Name: horst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.27 22:51:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\horst\Desktop\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.14 10:30:17 | 009,116,152 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
PRC - [2012.12.14 10:30:17 | 003,472,376 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.12.14 10:08:24 | 000,190,968 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
PRC - [2012.04.22 21:15:06 | 000,394,352 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe
PRC - [2012.02.10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.31 15:33:32 | 001,545,856 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2011.04.01 00:29:30 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.02.22 11:38:52 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.01.25 19:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.11.15 18:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010.08.17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.07.22 17:54:14 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
PRC - [2009.07.22 17:53:44 | 002,736,128 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
PRC - [2009.06.19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.14 09:48:51 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013.01.09 17:14:28 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0aeaf4f1629dbe8eafc8f47b1795b18a\PresentationFramework.Aero.ni.dll
MOD - [2013.01.09 17:14:02 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\83794ccfabbb2472e26d05f07a938106\PresentationFramework.ni.dll
MOD - [2013.01.09 17:13:46 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013.01.09 17:13:43 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d33c8e6f0b71f58abb7ee6db25097127\PresentationCore.ni.dll
MOD - [2013.01.09 17:13:35 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2013.01.09 17:13:30 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013.01.09 17:13:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8b5eb81362a896af2c70f97502f42013\System.Configuration.ni.dll
MOD - [2013.01.09 17:13:24 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013.01.09 17:13:16 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2011.08.31 15:33:32 | 000,208,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.08.04 10:50:05 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.08.04 10:50:05 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2009.08.04 10:49:43 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2011.01.25 22:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.04.17 00:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.14 10:30:17 | 003,472,376 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.04.22 21:15:06 | 000,394,352 | ---- | M] (PCRx.com, LLC) [Auto | Running] -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe -- (24x7HelpSvc)
SRV - [2012.02.10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.02.22 11:38:52 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.07.22 17:54:14 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2009.07.22 17:53:44 | 002,736,128 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.21 09:07:54 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.01.27 01:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.01.13 12:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.13 22:12:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.10.14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.22 02:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.17 09:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010.09.17 09:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010.09.17 09:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010.09.17 09:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010.09.13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.09.07 10:19:38 | 001,800,832 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010.08.03 19:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.04.17 00:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.03.02 17:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010.07.26 21:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = Search Assistant
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Internet Explorer Search
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Inbox Toolbar
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Google Maps [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Inbox.com
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {C04B7D22-5AEC-4561-8F49-27F6269208F6}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80195&lng=de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.gmx.net/tb/mff_startpage"
FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.4
FF - prefs.js..keyword.URL: "hxxp://go.gmx.net/tb/mff_keyurl_search/?su="
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\ [2011.11.09 12:10:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files (x86)\SiteRanker\firefox\ [2012.02.24 08:57:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 10:25:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{ED76C299-85BC-4891-9237-74A140C28832}: C:\Program Files (x86)\RebateInformer\Firefox\ [2013.02.03 13:36:47 | 000,000,000 | ---D | M]
 
[2012.07.14 09:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\Extensions
[2012.07.14 09:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2013.02.19 09:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\Firefox\Profiles\m8ccar48.default\extensions
[2012.10.18 08:08:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\horst\AppData\Roaming\mozilla\Firefox\Profiles\m8ccar48.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.02.20 09:06:33 | 000,000,000 | ---D | M] (AppGraffiti) -- C:\Users\horst\AppData\Roaming\mozilla\Firefox\Profiles\m8ccar48.default\extensions\AppGraffiti@AppGraffiti.com
[2013.02.19 09:43:53 | 000,492,222 | ---- | M] () (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\extensions\toolbar@gmx.net.xpi
[2012.01.30 11:03:03 | 000,000,933 | ---- | M] () -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\searchplugins\11-suche.xml
[2012.01.30 11:03:03 | 000,002,419 | ---- | M] () -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\searchplugins\englische-ergebnisse.xml
[2012.01.30 11:03:03 | 000,010,525 | ---- | M] () -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\searchplugins\gmx-suche.xml
[2012.01.30 11:03:03 | 000,002,457 | ---- | M] () -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\searchplugins\lastminute.xml
[2012.05.02 15:38:31 | 000,005,489 | ---- | M] () -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\searchplugins\webde-suche.xml
[2012.03.19 10:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.16 12:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2011.11.16 12:42:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.03.19 10:25:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.19 10:25:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.19 10:25:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.19 10:25:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.19 10:25:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.19 10:25:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.19 10:25:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: iGoogle
CHR - homepage: iGoogle
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~2\SITERA~1\SiteRank.dll (Crawler, LLC)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL (Omega Partners Ltd)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll (Inbox.com, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [Gygoofa] C:\Users\horst\AppData\Roaming\Azutw\xyvou.exe File not found
O4 - HKCU..\Run: [jwnenlmo] C:\Users\horst\AppData\Roaming\Txuftven\nnnkynlmo.exe File not found
O4 - HKCU..\Run: [userj] C:\Users\horst\AppData\Roaming\userj.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{323F3241-93F6-4C0B-9EE3-47A761A741B7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73C2E180-6D7C-4BEA-9EA3-3C19E27AC15A}: DhcpNameServer = 83.169.184.161 192.168.0.1
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\rebinfo - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\rebinfo {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6617214d-7f82-11e2-af38-f46d04160b67}\Shell - "" = AutoRun
O33 - MountPoints2\{6617214d-7f82-11e2-af38-f46d04160b67}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.27 22:51:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\horst\Desktop\OTL.exe
[2013.02.27 22:33:08 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Malwarebytes
[2013.02.27 22:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.27 22:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.27 22:33:00 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.27 22:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.26 07:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2013.02.25 21:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
[2013.02.25 21:42:25 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Local\Programs
[2013.02.25 20:41:01 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2013.02.25 20:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2013.02.25 20:40:49 | 000,000,000 | ---D | C] -- C:\Users\horst\ERPro
[2013.02.25 20:40:07 | 000,000,000 | ---D | C] -- C:\Users\horst\Desktop\Neuer Ordner
[2013.02.24 13:56:27 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.02.23 12:51:19 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Usxhgpyvfy
[2013.02.22 12:55:35 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Ozlee
[2013.02.22 12:55:35 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Niuseq
[2013.02.22 12:55:35 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Etul
[2013.02.15 14:56:01 | 000,000,000 | -H-D | C] -- C:\Users\horst\AppData\Roaming\Txuftven
[2013.02.15 09:08:14 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Reyz
[2013.02.15 09:08:14 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Enlo
[2013.02.15 09:08:14 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Atykhu
[2013.02.14 09:09:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 09:09:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 09:09:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 09:09:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 09:09:27 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 09:09:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 09:09:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 09:09:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 09:09:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 09:09:25 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 09:09:25 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 09:09:25 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 09:09:22 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 09:09:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 09:09:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 15:03:37 | 000,000,000 | -H-D | C] -- C:\Users\horst\AppData\Roaming\ECE760EC
[2013.02.13 14:50:41 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Ezuk
[2013.02.13 14:50:41 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Emtoi
[2013.02.13 14:50:41 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Azutw
[2013.02.13 09:02:01 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 09:02:00 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 09:01:59 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 09:01:52 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.02.13 09:01:52 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.02.13 09:01:52 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.02.13 09:01:52 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.02.13 09:01:52 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.02.13 09:01:52 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 09:01:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 09:01:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.02.13 09:01:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 09:01:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 09:01:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 09:01:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.13 09:01:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.13 09:01:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.02.13 09:01:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.02.13 09:01:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.13 09:01:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.02.13 09:01:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.02.13 09:01:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 09:01:50 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.01.31 11:59:47 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Local\{D2818443-9CB5-4A0B-AC59-CF2F9CEA56B6}
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.27 22:51:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\horst\Desktop\OTL.exe
[2013.02.27 22:50:48 | 000,000,000 | ---- | M] () -- C:\Users\horst\defogger_reenable
[2013.02.27 22:50:39 | 000,050,477 | ---- | M] () -- C:\Users\horst\Desktop\Defogger.exe
[2013.02.27 22:44:27 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.27 22:33:01 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.27 22:12:12 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.27 22:12:12 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.27 22:03:49 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013.02.27 22:03:49 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.27 22:03:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.27 22:03:15 | 3151,900,672 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.26 15:36:36 | 000,002,270 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013.02.26 15:36:29 | 000,001,243 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013.02.26 07:57:39 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8 Host.lnk
[2013.02.26 07:33:02 | 001,531,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.26 07:33:02 | 000,666,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.26 07:33:02 | 000,628,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.26 07:33:02 | 000,134,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.26 07:33:02 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.25 21:43:02 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2013.02.20 12:36:34 | 000,000,150 | ---- | M] () -- C:\Users\horst\Desktop\sesxyfrseeJqDNXnO
[2013.02.14 09:46:22 | 000,276,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.06 14:46:58 | 000,362,040 | ---- | M] () -- C:\Users\horst\Documents\AqOexrvagsjNlaOeAEl
[2013.01.30 14:11:41 | 000,013,352 | ---- | M] () -- C:\Users\horst\Desktop\GtvsraloJUxylg
 
========== Files Created - No Company Name ==========
 
[2013.02.27 22:50:48 | 000,000,000 | ---- | C] () -- C:\Users\horst\defogger_reenable
[2013.02.27 22:50:39 | 000,050,477 | ---- | C] () -- C:\Users\horst\Desktop\Defogger.exe
[2013.02.27 22:33:01 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.26 07:57:39 | 000,001,180 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8 Host.lnk
[2013.02.26 07:57:39 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8 Host.lnk
[2013.02.25 21:43:02 | 000,000,769 | ---- | C] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2011.11.09 15:09:50 | 001,557,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.08 04:39:07 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.03.08 04:39:05 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.03.08 04:39:03 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.03.08 04:37:22 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011.01.12 17:02:43 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[1601.02.13 09:28:18 | 002,021,888 | ---- | C] () -- C:\Users\horst\AejXgDsajegOytnJGlDT
[1601.02.13 09:28:18 | 001,521,376 | ---- | C] () -- C:\Users\horst\OrEflnjsofgLdtEfg
[1601.02.13 09:28:18 | 001,053,250 | ---- | C] () -- C:\Users\horst\rLNDvgfxxNAtEyQDjT
[1601.02.13 09:28:18 | 000,292,352 | ---- | C] () -- C:\Users\horst\gAagVVUdvjLyQAp
[1601.02.13 09:28:18 | 000,290,156 | ---- | C] () -- C:\Users\horst\ONAVLtUDAuOadoAuOtlE
[1601.02.13 09:28:18 | 000,221,257 | ---- | C] () -- C:\Users\horst\qjGEussApEltnvGgDTNA
[1601.02.13 09:28:18 | 000,176,640 | ---- | C] () -- C:\Users\horst\jyXUjogeXpjAgfupNJa
[1601.02.13 09:28:18 | 000,172,032 | ---- | C] () -- C:\Users\horst\oVJrsjLXofGUxn
[1601.02.13 09:28:18 | 000,124,248 | ---- | C] () -- C:\Users\horst\oLTfoAvsaToEJdTa
[1601.02.13 09:28:18 | 000,029,184 | ---- | C] () -- C:\Users\horst\DjvyXgTxXrEOLlEeJ
[1601.02.13 09:28:18 | 000,015,865 | ---- | C] () -- C:\Users\horst\vjJsgspXtvsEqQNdsa
[1601.02.13 09:28:18 | 000,013,379 | ---- | C] () -- C:\Users\horst\aXUjtEqQdlaOyGUDTouG
[1601.02.13 09:28:18 | 000,012,818 | ---- | C] () -- C:\Users\horst\nyfuonxreNGnJLvsvrsr
[1601.02.13 09:28:18 | 000,010,036 | ---- | C] () -- C:\Users\horst\ypyUoAuLgqdNaDnve
[1601.01.01 01:00:00 | 000,243,712 | ---- | C] () -- C:\Users\horst\AppData\Roaming\userj.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---

Extras.txtOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.02.2013 22:52:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\horst\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 60,86% Memory free
7,83 Gb Paging File | 6,09 Gb Available in Paging File | 77,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 183,73 Gb Free Space | 77,05% Space Free | Partition Type: NTFS
Drive D: | 332,70 Gb Total Space | 28,14 Gb Free Space | 8,46% Space Free | Partition Type: NTFS
 
Computer Name: HORST-PC | User Name: horst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{119FA9C6-D269-4C77-8976-39440E43623A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1DEF9043-1413-470B-B7AC-463B9A6D6772}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{1E1DA530-6E46-49A6-BCAD-750F6B0802E2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{29F43436-220E-42F4-A6B5-EB07DA193F97}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{32996E6E-2562-45F7-A6F4-3530D0FF9096}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3B2D6E27-6F8A-47D0-8F73-7AA9B9DB2770}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{51BDE02A-706E-4AAB-9270-8E4BD7D052AA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{53158159-126F-443C-8507-1D4526A6A587}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{539A08E2-2F15-44C0-96F2-3ECCFE570BB3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{55966B09-7615-4F13-8232-0FA2BAF80E69}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{592B8AEC-D724-4384-A27F-ADCC400E9C2B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7D2A4992-89DF-4E8A-8CF2-F0ABFAEA37CC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{93568354-1F19-475C-B4E9-19BEE5F33B92}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{941B541C-87D4-4C52-B528-D78ED09E53B7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9A313182-E5C1-4776-B0E2-30F92612D0DA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9C7B15B5-BAFB-4FBF-9E41-36A3D8B6408E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9E7D39DD-1FAA-4E28-8E09-2D7099E36D64}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A6E909CF-72ED-4D8B-B082-2F073055BDA2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B706632E-02E5-4B00-8038-8BD25B304ED6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BF8153D1-58CF-4CD7-8D1F-17B5B008FFEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DA78110C-2370-4EB5-9B93-16E4CC27C9EF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{ED77EEA8-8C76-4920-837C-E78404DE76A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F2554677-DA41-4E79-9EE1-BF82427342D2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FE22141D-73BB-48A6-BE71-A6364A7EC361}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{465423EC-0915-46CA-BA76-A9FC64226E5C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4A5A010A-74AF-47B0-A842-A2D799BE9646}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5345F2F6-1E95-470E-883C-D25315BE7F08}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{5C72C850-6E4A-44FA-BA24-8B53451CAF53}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{6C18535A-55AC-4082-8163-84DE2543A9A7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{71D43AB7-DF4B-48C8-A14B-2F602199ED1F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7E2C447A-BC1A-41AE-9314-8FEE1D01CCFA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{8722B1C6-764D-4E43-8648-7ACDF9FAD7BA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9DE504BB-94DD-435C-8B82-EDD1463191B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B6CE2B8A-3326-4CC7-A7B0-A840B904C03F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{C472DBE9-1B69-4915-854D-65DB98EAD538}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{E5989B42-F87B-4915-BA17-0A02295EEA79}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{2A7C58DE-B27D-441E-AB6D-501C7BE9BD2A}C:\users\horst\appdata\roaming\azutw\xyvou.exe" = protocol=6 | dir=in | app=c:\users\horst\appdata\roaming\azutw\xyvou.exe | 
"UDP Query User{7AC96F82-BA39-40DC-B343-7B909E7427B7}C:\users\horst\appdata\roaming\azutw\xyvou.exe" = protocol=17 | dir=in | app=c:\users\horst\appdata\roaming\azutw\xyvou.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{464F7B5E-80BB-4F34-A602-384F0702674A}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5ECA80C9-7D7A-49AC-B487-52F1CF47ECEE}" = Windows Live Family Safety
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{698EAE05-09DE-47D0-9586-29E41A0934DD}" = Windows Live Family Safety
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1" = SiteRanker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4543C6FA-89E7-4F1E-89A2-32F3FFEBB47E}" = Software-Edition 2012
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1" = RebateInformer
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1" = AppGraffiti
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
"{99C0BA09-5F99-4A0E-B5A1-B476ED73BFA8}" = Grundstücks- und Gebäudewertermittlung
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1" = 24x7 Help
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B0C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1" = PC Power Speed 1.0.0.24
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BB3085D5-7D88-4AF2-B08E-226E26E2A169}" = Haufe iDesk-Browser
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D768CAF3-57FD-446C-BE4E-FC29DCE83B93}" = Haufe iDesk-Service
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC438CEA-210E-461C-8CB7-8CB838667A09}" = Haufe Formular-Manager
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Bookworm Deluxe" = Bookworm Deluxe
"Cooking Dash" = Cooking Dash
"FBDBServer_2_1_is1" = Firebird 2.1.3.18185 (Win32)
"Google Chrome" = Google Chrome
"Governor of Poker" = Governor of Poker
"HaufeReader" = HaufeReader
"HIO" = HIO
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"IMV2000_is1" = IMV2000
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"IrfanView" = IrfanView (remove only)
"Jewel Quest 3" = Jewel Quest 3
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Luxor 3" = Luxor 3
"Mahjongg dimensions" = Mahjongg dimensions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Plants vs Zombies" = Plants vs Zombies
"TeamViewer 8 Host" = TeamViewer 8 Host
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.05.2012 08:22:19 | Computer Name = horst-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 22.05.2012 04:34:22 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: imv2000.exe, Version: 6.53.0.0, Zeitstempel:
 0x47139f24  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel:
 0x4ec49d10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000346e1  ID des fehlerhaften Prozesses:
 0x1788  Startzeit der fehlerhaften Anwendung: 0x01cd37f58015be86  Pfad der fehlerhaften
 Anwendung: C:\IMV2000\imv2000.exe  Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
 edb4ea2a-a3e8-11e1-87e0-f46d04160b67
 
Error - 04.06.2012 09:31:44 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
 Zeitstempel: 0x4d76255d  Name des fehlerhaften Moduls: Flash10d.ocx, Version: 10.0.42.34,
 Zeitstempel: 0x4ae7baed  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000cdaf9  ID des fehlerhaften
 Prozesses: 0x760  Startzeit der fehlerhaften Anwendung: 0x01cd424c1add46e4  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWow64\Macromed\Flash\Flash10d.ocx  Berichtskennung:
 a00f64ca-ae49-11e1-84be-f46d04160b67
 
Error - 20.06.2012 06:15:24 | Computer Name = horst-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren
 werden.
 
Error - 16.07.2012 13:58:19 | Computer Name = horst-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 13.09.2012 05:24:59 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
 Zeitstempel: 0x4fecf1b7  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850,
 Zeitstempel: 0x4e211485  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0xca4  Startzeit der fehlerhaften Anwendung: 0x01cd918ba3b148ad  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: e2da7755-fd84-11e1-922c-f46d04160b67
 
Error - 13.09.2012 05:30:18 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
 Zeitstempel: 0x4fecf1b7  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850,
 Zeitstempel: 0x4e211485  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0x1bb4  Startzeit der fehlerhaften Anwendung: 0x01cd9191c6aedc52  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: a0ed4150-fd85-11e1-922c-f46d04160b67
 
Error - 13.09.2012 05:34:51 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
 Zeitstempel: 0x4fecf1b7  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850,
 Zeitstempel: 0x4e211485  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0x1704  Startzeit der fehlerhaften Anwendung: 0x01cd91926aef2a02  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 4429137f-fd86-11e1-922c-f46d04160b67
 
Error - 13.09.2012 05:39:27 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
 Zeitstempel: 0x4fecf1b7  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850,
 Zeitstempel: 0x4e211485  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0xfa4  Startzeit der fehlerhaften Anwendung: 0x01cd91930ebf4f1e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: e8a9c680-fd86-11e1-922c-f46d04160b67
 
Error - 13.09.2012 09:18:07 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
 Zeitstempel: 0x4fecf1b7  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850,
 Zeitstempel: 0x4e211485  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0x4ec  Startzeit der fehlerhaften Anwendung: 0x01cd91b19998711d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 748e900b-fda5-11e1-819c-f46d04160b67
 
[ Media Center Events ]
Error - 03.06.2012 07:28:56 | Computer Name = horst-PC | Source = MCUpdate | ID = 0
Description = 13:28:50 - Fehler beim Herstellen der Internetverbindung.  13:28:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.07.2012 07:08:21 | Computer Name = horst-PC | Source = MCUpdate | ID = 0
Description = 13:08:20 - Fehler beim Herstellen der Internetverbindung.  13:08:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.07.2012 07:08:35 | Computer Name = horst-PC | Source = MCUpdate | ID = 0
Description = 13:08:26 - Fehler beim Herstellen der Internetverbindung.  13:08:26 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 23.02.2013 07:53:35 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 23.02.2013 08:06:06 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 24.02.2013 08:54:46 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 24.02.2013 08:58:36 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 25.02.2013 04:19:07 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 25.02.2013 14:41:33 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 25.02.2013 15:36:11 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 26.02.2013 02:50:19 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 26.02.2013 10:37:15 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 27.02.2013 17:04:40 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
--- --- ---

GMER
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19115 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-02-27 23:23:37
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\horst\AppData\Local\Temp\fgloipoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                            000000007648102d 5 bytes JMP 0000000103ed2a04
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                      000000007621bbdb 5 bytes JMP 0000000103ed27b0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                        00000000749fc664 5 bytes JMP 0000000103ed17b8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                             00000000749fe13a 5 bytes JMP 0000000103ed16e8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetReadFile                                           00000000749ff8d8 5 bytes JMP 0000000103ed0df4
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                                 0000000074a03184 5 bytes JMP 0000000103ed08c8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetOpenA                                              0000000074a0d5e0 5 bytes JMP 0000000103ecdcdc
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetConnectA                                           0000000074a2567e 5 bytes JMP 0000000103ecdd30
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                           0000000074a25761 5 bytes JMP 0000000103ece320
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpQueryInfoW                                             0000000074a25865 5 bytes JMP 0000000103ed1750
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                           0000000074a2632d 5 bytes JMP 0000000103ecfa54
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetReadFileExW                                        0000000074a2f9ee 5 bytes JMP 0000000103ed16c8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                        0000000074a2fa49 5 bytes JMP 0000000103ed0ff8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                           0000000074a5525a 5 bytes JMP 0000000103ecf2f0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Windows\AsScrPro.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                  00000000747f1465 2 bytes [7F, 74]
.text   C:\Windows\AsScrPro.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                 00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                            000000007648102d 5 bytes JMP 0000000101f52a04
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                      000000007621bbdb 5 bytes JMP 0000000101f527b0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                        00000000749fc664 5 bytes JMP 0000000101f517b8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                             00000000749fe13a 5 bytes JMP 0000000101f516e8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFile                                           00000000749ff8d8 5 bytes JMP 0000000101f50df4
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                                 0000000074a03184 5 bytes JMP 0000000101f508c8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetOpenA                                              0000000074a0d5e0 5 bytes JMP 0000000101f4dcdc
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetConnectA                                           0000000074a2567e 5 bytes JMP 0000000101f4dd30
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                           0000000074a25761 5 bytes JMP 0000000101f4e320
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpQueryInfoW                                             0000000074a25865 5 bytes JMP 0000000101f51750
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                           0000000074a2632d 5 bytes JMP 0000000101f4fa54
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFileExW                                        0000000074a2f9ee 5 bytes JMP 0000000101f516c8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                        0000000074a2fa49 5 bytes JMP 0000000101f50ff8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                           0000000074a5525a 5 bytes JMP 0000000101f4f2f0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                       00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread  C:\Program Files (x86)\Internet Explorer\iexplore.exe [4156:1404]                                                                                      0000000003ed3208
Thread  C:\Program Files (x86)\Internet Explorer\iexplore.exe [2368:2476]                                                                                      0000000001f57da0
Thread  C:\Program Files (x86)\Internet Explorer\iexplore.exe [2368:464]                                                                                       0000000001f57c70

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007a2bc2                                                                            
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007a2bc2 (not active ControlSet)                                                        

---- EOF - GMER 2.1 ----
         
--- --- ---

GMER

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19115 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-02-27 23:23:37
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\horst\AppData\Local\Temp\fgloipoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                            000000007648102d 5 bytes JMP 0000000103ed2a04
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                      000000007621bbdb 5 bytes JMP 0000000103ed27b0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                        00000000749fc664 5 bytes JMP 0000000103ed17b8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                             00000000749fe13a 5 bytes JMP 0000000103ed16e8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetReadFile                                           00000000749ff8d8 5 bytes JMP 0000000103ed0df4
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                                 0000000074a03184 5 bytes JMP 0000000103ed08c8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetOpenA                                              0000000074a0d5e0 5 bytes JMP 0000000103ecdcdc
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetConnectA                                           0000000074a2567e 5 bytes JMP 0000000103ecdd30
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                           0000000074a25761 5 bytes JMP 0000000103ece320
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpQueryInfoW                                             0000000074a25865 5 bytes JMP 0000000103ed1750
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                           0000000074a2632d 5 bytes JMP 0000000103ecfa54
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetReadFileExW                                        0000000074a2f9ee 5 bytes JMP 0000000103ed16c8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                        0000000074a2fa49 5 bytes JMP 0000000103ed0ff8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                           0000000074a5525a 5 bytes JMP 0000000103ecf2f0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Windows\AsScrPro.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                  00000000747f1465 2 bytes [7F, 74]
.text   C:\Windows\AsScrPro.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                 00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                            000000007648102d 5 bytes JMP 0000000101f52a04
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                      000000007621bbdb 5 bytes JMP 0000000101f527b0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                        00000000749fc664 5 bytes JMP 0000000101f517b8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                             00000000749fe13a 5 bytes JMP 0000000101f516e8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFile                                           00000000749ff8d8 5 bytes JMP 0000000101f50df4
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                                 0000000074a03184 5 bytes JMP 0000000101f508c8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetOpenA                                              0000000074a0d5e0 5 bytes JMP 0000000101f4dcdc
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetConnectA                                           0000000074a2567e 5 bytes JMP 0000000101f4dd30
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                           0000000074a25761 5 bytes JMP 0000000101f4e320
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpQueryInfoW                                             0000000074a25865 5 bytes JMP 0000000101f51750
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                           0000000074a2632d 5 bytes JMP 0000000101f4fa54
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFileExW                                        0000000074a2f9ee 5 bytes JMP 0000000101f516c8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                        0000000074a2fa49 5 bytes JMP 0000000101f50ff8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                           0000000074a5525a 5 bytes JMP 0000000101f4f2f0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                       00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread  C:\Program Files (x86)\Internet Explorer\iexplore.exe [4156:1404]                                                                                      0000000003ed3208
Thread  C:\Program Files (x86)\Internet Explorer\iexplore.exe [2368:2476]                                                                                      0000000001f57da0
Thread  C:\Program Files (x86)\Internet Explorer\iexplore.exe [2368:464]                                                                                       0000000001f57c70

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007a2bc2                                                                            
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007a2bc2 (not active ControlSet)                                                        

---- EOF - GMER 2.1 ----
         
--- --- ---

Alt 27.02.2013, 23:28   #2
Hilfe343
 
Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? - Standard

Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?



ADW CleanerAdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.113 - Datei am 27/02/2013 um 23:26:38 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : horst - HORST-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\horst\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : 24x7HelpSvc

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\horst\AppData\Roaming\Mozilla\Firefox\Profiles\m8ccar48.default\searchplugins\11-suche.xml
Ordner Gefunden : C:\Program Files (x86)\AppGraffiti
Ordner Gefunden : C:\Program Files (x86)\Inbox.com
Ordner Gefunden : C:\Program Files (x86)\RebateInformer
Ordner Gefunden : C:\Program Files (x86)\SiteRanker
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\horst\AppData\LocalLow\AppGraffiti
Ordner Gefunden : C:\Users\horst\AppData\LocalLow\RebateInformer
Ordner Gefunden : C:\Users\horst\AppData\LocalLow\SiteRanker
Ordner Gefunden : C:\Users\horst\AppData\Roaming\Mozilla\Firefox\Profiles\m8ccar48.default\extensions\AppGraffiti@AppGraffiti.com

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\24x7HELP
Schlüssel Gefunden : HKCU\Software\AppGraffiti
Schlüssel Gefunden : HKCU\Software\CToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Schlüssel Gefunden : HKLM\Software\24x7HELP
Schlüssel Gefunden : HKLM\Software\AppGraffiti
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CShared.TB4Client
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CShared.TB4Script
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CShared.TB4Server
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CShared.TB4Server2
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\rebinfo
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RebateI.Rebate Informer BHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RebateI.RebateInformImageGen
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RebateInf.RebateInfObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{438B047C-C041-4D15-98CF-A97C6B366C28}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE}
Schlüssel Gefunden : HKLM\Software\CToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF808758-C780-404C-A4EE-4526323FD9B6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB35C569-5624-4CFC-8043-E5139F55A073}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Schlüssel Gefunden : HKU\S-1-5-21-2779241894-3492057710-2065022195-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{ED76C299-85BC-4891-9237-74A140C28832}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.inbox.com/homepage.aspx?tbid=80195&lng=de
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80195
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80195
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80195
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80195

-\\ Mozilla Firefox v11.0 (de)

Datei : C:\Users\horst\AppData\Roaming\Mozilla\Firefox\Profiles\m8ccar48.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v25.0.1364.97

Datei : C:\Users\horst\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [9820 octets] - [27/02/2013 23:26:38]

########## EOF - C:\AdwCleaner[R1].txt - [9880 octets] ##########
         
--- --- ---
__________________


Alt 02.03.2013, 10:59   #3
t'john
/// Helfer-Team
 
Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? - Standard

Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

O4 - HKCU..\Run: [Gygoofa] C:\Users\horst\AppData\Roaming\Azutw\xyvou.exe File not found 
O4 - HKCU..\Run: [jwnenlmo] C:\Users\horst\AppData\Roaming\Txuftven\nnnkynlmo.exe File not found 
O4 - HKCU..\Run: [userj] C:\Users\horst\AppData\Roaming\userj.exe () 
[2011.01.12 17:02:43 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe 
[1601.01.01 01:00:00 | 000,243,712 | ---- | C] () -- C:\Users\horst\AppData\Roaming\userj.exe 
[2013.02.15 14:56:01 | 000,000,000 | -H-D | C] -- C:\Users\horst\AppData\Roaming\Txuftven 
[2013.02.13 15:03:37 | 000,000,000 | -H-D | C] -- C:\Users\horst\AppData\Roaming\ECE760EC 
[1601.02.13 09:28:18 | 002,021,888 | ---- | C] () -- C:\Users\horst\AejXgDsajegOytnJGlDT 
[1601.02.13 09:28:18 | 001,521,376 | ---- | C] () -- C:\Users\horst\OrEflnjsofgLdtEfg 
[1601.02.13 09:28:18 | 001,053,250 | ---- | C] () -- C:\Users\horst\rLNDvgfxxNAtEyQDjT 
[1601.02.13 09:28:18 | 000,292,352 | ---- | C] () -- C:\Users\horst\gAagVVUdvjLyQAp 
[1601.02.13 09:28:18 | 000,290,156 | ---- | C] () -- C:\Users\horst\ONAVLtUDAuOadoAuOtlE 
[1601.02.13 09:28:18 | 000,221,257 | ---- | C] () -- C:\Users\horst\qjGEussApEltnvGgDTNA 
[1601.02.13 09:28:18 | 000,176,640 | ---- | C] () -- C:\Users\horst\jyXUjogeXpjAgfupNJa 
[1601.02.13 09:28:18 | 000,172,032 | ---- | C] () -- C:\Users\horst\oVJrsjLXofGUxn 
[1601.02.13 09:28:18 | 000,124,248 | ---- | C] () -- C:\Users\horst\oLTfoAvsaToEJdTa 
[1601.02.13 09:28:18 | 000,029,184 | ---- | C] () -- C:\Users\horst\DjvyXgTxXrEOLlEeJ 
[1601.02.13 09:28:18 | 000,015,865 | ---- | C] () -- C:\Users\horst\vjJsgspXtvsEqQNdsa 
[1601.02.13 09:28:18 | 000,013,379 | ---- | C] () -- C:\Users\horst\aXUjtEqQdlaOyGUDTouG 
[1601.02.13 09:28:18 | 000,012,818 | ---- | C] () -- C:\Users\horst\nyfuonxreNGnJLvsvrsr 
[1601.02.13 09:28:18 | 000,010,036 | ---- | C] () -- C:\Users\horst\ypyUoAuLgqdNaDnve 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\horst\*.tmp
C:\Users\horst\AppData\*.dll
C:\Users\horst\AppData\*.exe
C:\Users\horst\AppData\Local\Temp\*.exe
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


danach:

3. Schritt

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

__________________
__________________

Alt 06.03.2013, 19:10   #4
Hilfe343
 
Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? - Standard

Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?



Hallo t'john,

vielen vielen Dank für Deine Antwort, ich habe noch eine "blöde" Vage an Dich. Damit mein Kollege weiter arbeiten kann, habe ich die Festplatte ausgetauscht und habe das verseuchte System nun in einem USB Gehäuse. Kann ich den Vorgang von einer neuen VM Windows Installation aus auch durchführen oder muss ich die Platte wieder in das ursprüngliche Notebook einbauen?

Vielen Dank

Daniel

Alt 06.03.2013, 20:53   #5
t'john
/// Helfer-Team
 
Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? - Standard

Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?



Bitte ins Notebook einbauen.

Die Tools sind nicht fuer VMs ausgelegt.

__________________
Mfg, t'john
Das TB unterstützen

Alt 28.04.2013, 16:14   #6
t'john
/// Helfer-Team
 
Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? - Standard

Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
--> Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?

Alt 09.07.2013, 19:31   #7
Hilfe343
 
Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? - Standard

Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?



Hallo Daniel,
es tut mir echt leid, dass ich mich erst jetzt wieder melde aber mein Kollege konnte mir das Laptop erst heute zur Verfügung stellen.

OTL Code:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Gygoofa deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\jwnenlmo deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\userj deleted successfully.
C:\Users\horst\AppData\Roaming\userj.exe moved successfully.
C:\ProgramData\FullRemove.exe moved successfully.
File C:\Users\horst\AppData\Roaming\userj.exe not found.
C:\Users\horst\AppData\Roaming\Txuftven folder moved successfully.
C:\Users\horst\AppData\Roaming\ECE760EC folder moved successfully.
C:\Users\horst\AejXgDsajegOytnJGlDT moved successfully.
C:\Users\horst\OrEflnjsofgLdtEfg moved successfully.
C:\Users\horst\rLNDvgfxxNAtEyQDjT moved successfully.
C:\Users\horst\gAagVVUdvjLyQAp moved successfully.
C:\Users\horst\ONAVLtUDAuOadoAuOtlE moved successfully.
C:\Users\horst\qjGEussApEltnvGgDTNA moved successfully.
C:\Users\horst\jyXUjogeXpjAgfupNJa moved successfully.
C:\Users\horst\oVJrsjLXofGUxn moved successfully.
C:\Users\horst\oLTfoAvsaToEJdTa moved successfully.
C:\Users\horst\DjvyXgTxXrEOLlEeJ moved successfully.
C:\Users\horst\vjJsgspXtvsEqQNdsa moved successfully.
C:\Users\horst\aXUjtEqQdlaOyGUDTouG moved successfully.
C:\Users\horst\nyfuonxreNGnJLvsvrsr moved successfully.
C:\Users\horst\ypyUoAuLgqdNaDnve moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\horst\*.tmp not found.
File\Folder C:\Users\horst\AppData\*.dll not found.
File\Folder C:\Users\horst\AppData\*.exe not found.
C:\Users\horst\AppData\Local\Temp\firefoxjre_exe-1.exe moved successfully.
C:\Users\horst\AppData\Local\Temp\firefoxjre_exe.exe moved successfully.
C:\Users\horst\AppData\Local\Temp\IPx64_1031.exe moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\horst\Desktop\cmd.bat deleted successfully.
C:\Users\horst\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: horst
->Temp folder emptied: 84303998 bytes
->Temporary Internet Files folder emptied: 550066584 bytes
->FireFox cache emptied: 89152992 bytes
->Google Chrome cache emptied: 6754976 bytes
->Flash cache emptied: 1706 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 522472929 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 6814846 bytes
 
Total Files Cleaned = 1.201,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07092013_212057

Files\Folders moved on Reboot...
C:\Users\horst\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Log MalwareBytes

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.09.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
horst :: HORST-PC [administrator]

09.07.2013 21:45:37
mbar-log-2013-07-09 (21-45-37).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 254167
Time elapsed: 22 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Junkware Removal Tool

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.2 (07.09.2013:1)
OS: Windows 7 Home Premium x64
Ran by horst on 09.07.2013 at 22:11:19,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] 24x7helpsvc 
Successfully deleted: [Service] 24x7helpsvc 



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{183643c8-ee67-4574-9a38-927852e34163}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{54eca872-db2a-4c6b-bbb2-f3777c6786cc}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{8736c681-37a0-40c6-a0f0-4c083409151c}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{01c78433-6fdf-4e5a-a82d-b535c32e03df}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{41349826-5c7f-4bf0-8279-5daf1de6e9ae}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{604ea016-1ede-41e6-a23e-76cf8f2a4808}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{b3ba5582-79a9-464d-a7fa-711c5888c6e9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{e9bbd270-4b87-4ee2-912f-6635674986c0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{506f578a-91e1-46ce-830f-e2f4268e9966}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\24x7help
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\24x7help
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\appgraffiti
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\appgraffiti
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ctoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\ctoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appgraffiti.appgraffitijs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cshared.tb4client
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cshared.tb4script
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cshared.tb4server
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cshared.tb4server2
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\rebinfo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\rebatei.rebate informer bho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\rebatei.rebateinformimagegen
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\rebateinf.rebateinfobj
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\pcpowerspeed"
Successfully deleted: [Folder] "C:\Users\horst\AppData\Roaming\pcpowerspeed"
Successfully deleted: [Folder] "C:\Users\horst\appdata\locallow\appgraffiti"
Successfully deleted: [Folder] "C:\Users\horst\appdata\locallow\rebateinformer"
Successfully deleted: [Folder] "C:\Users\horst\appdata\locallow\siteranker"
Successfully deleted: [Folder] "C:\Program Files (x86)\24x7help"
Successfully deleted: [Folder] "C:\Program Files (x86)\appgraffiti"
Successfully deleted: [Folder] "C:\Program Files (x86)\inbox.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\pcpowerspeed"
Successfully deleted: [Folder] "C:\Program Files (x86)\rebateinformer"
Successfully deleted: [Folder] "C:\Program Files (x86)\siteranker"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 help"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\appgraffiti"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rebateinformer"
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{015B856F-9E8A-48E4-8A9F-6B9B93DC517A}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{026666E9-CECA-4DC1-97AE-32208D550B51}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{033C8F07-3CFF-482B-B891-D628A6016B7C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{035E6B90-17E5-4160-90F0-8E7F1D54DBEC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{038C57A5-8F0E-48F0-A5FF-CD1D474357D6}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{03ECC1F0-8438-40A0-9B82-174020E8975B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{04D229E5-7A92-4C08-83CD-8E079CB48225}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{05620130-13C4-4BAF-BD4D-CC44E867A6EB}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{05631235-BD58-4D24-83AF-D384A8235A12}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{05A9C0EE-0B0A-4A1D-9B19-9B06F390686E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{06C60EC4-D550-4EE9-AFE1-A63DA50B73DC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{07AD8E7D-6EA9-464F-BDB8-7D03D8FD40B9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{0A23DDE9-0082-42AD-B699-F6A1D85AF326}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{0A4E5687-1E81-4543-936C-DBAF96508755}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{0AAFDB9F-430A-46D0-92A1-3F481B8C4E3B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{0AFE9750-89D3-40D8-98F7-4F702612471B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{0BDBF03B-010F-4939-B78D-2F01A2F62582}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{0E17B90B-C6DE-4C37-8718-FA625FBE2BC9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{0F2A696B-9D6F-4590-8CE9-75A385456932}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{0F4ABD11-B53A-40B4-A351-827386B59BDC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{111B6D19-0FB0-4FF8-A122-CB608E55BF1C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1130323D-651D-432C-B0C6-9FF94118F97D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{113CAC35-89D0-400F-A1CD-166B5F93A45F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{118B8F26-4880-493A-AE9A-4BBCFA33FB9E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{12AA6C21-7831-4F3C-B0A5-F639CAF30B74}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{13046CEF-D2FF-4A2A-9AF3-696260355CCE}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{134E69D8-79EC-4883-BBD3-F2047040E350}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{13950962-4BD8-439F-93A7-CCB2FB30A154}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{13CFBB87-6910-4964-91F4-A56498401BFD}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{13E2E4FE-240F-4C45-9502-6F2B9D17EA79}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{143C6C18-03E7-42F0-B7F4-44B03B562249}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{144BCC3A-7413-440E-8DE8-12C5D41E010E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{147D4B2C-288C-4263-8BC0-96923FBF2F3C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{158F27FA-8CE2-4345-859F-8018EF4B9435}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{163BBEF4-CFAB-4E35-BA24-5B60303C90CB}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1752550F-CAA3-4B96-9798-70D3055C9B57}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{182C8129-A651-4B00-A113-E3E647385D0F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{18509F25-2F4B-4899-9DC2-2E262D75D834}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{189AD2C4-C045-456F-91C8-27219031A751}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1B33064E-5B08-4B77-80A0-D436DCB82BA9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1B5E5B28-6F6B-4E37-ACB5-11BCC7F7E0F8}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1BB5C278-B307-4E51-99C8-02912C4CB73D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1BEF7862-78AF-42EB-9AF5-2951EFA97EB9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1C4C78C7-77B5-48AD-8A76-E3A5C1F197E9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1CD9A2BE-21E4-4F87-93C4-F6B915363979}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1D15780C-FCFC-4A13-B4A9-3DACBDFF2965}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1D1A826B-4E57-4C9E-8AED-44372A8F6BB5}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1D9E5DCA-22D0-473C-B57D-FA2483941306}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1E400B65-C071-4F7E-90B4-F71D87C106CA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1E719568-0341-4AA2-AB5A-285E7BCA5572}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1EB99E13-F3C8-4A52-B128-0B304B5C5DAC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1F576606-FD49-4D9B-BC30-6ACA1685AD48}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{222B3FB1-B53E-469A-837A-938929EF8236}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{22503C2A-D205-4C84-B41A-31269575D496}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{23128B74-19E7-47FB-A39F-A3E4EB16C939}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{23ECAAEB-D5C8-43B3-8958-8CA76391C722}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{24285B98-C2C1-45E5-A148-AFA14DF16F18}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{2452AD2D-F19C-4BF3-B195-C45BB35B9C33}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{24D7E314-1187-4A4E-9E30-ADAB16EB508C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{24E6585E-2C43-4A03-AD71-9668C766D446}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{256B1202-5D30-4D4A-9C99-13B50113A85C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{27251145-DD3C-4D95-8897-D5BB7A66FED1}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{27B3AF9A-B0B5-4805-A19A-26B0EE98E35D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{286EBD7F-75AA-466C-9075-0E9EC3BD374B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{28FF55B4-3B0C-4CA7-AEA5-F0E6F2274B8D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{2A0EA9DD-1793-4AA4-BE88-04A7C2B124AF}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{2A74984A-3A6C-4AC1-8EE3-9FDE5704D264}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{2B175D90-A3FE-4F8B-95B2-30B5EB29D19E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{2B758855-162B-4803-A5D0-ABA0C5E8E2BD}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{2C713A37-CBDC-475C-BE62-80C19A71E509}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{2E9BC374-459A-4E06-AF58-55D9F7149E1B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{2F430392-5719-4A7B-B131-BDC611C907AC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{302E1237-BCAB-4A5B-A454-9E8AFBD4A7DC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{30D6D4D8-E147-4137-9C93-3B6C57E591F2}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{314C246F-FB1F-4587-92CF-00ABDC4F5371}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{31740597-CDAD-49B3-99D9-A2EEF0FCA83B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{31C1EDFA-D516-4DD9-AAFE-0ADE8BA4249E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{323EF71B-988E-4E71-8FC0-F815636C0965}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3398A7D3-B818-4978-B2EA-3AD1274E81A0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{34427107-C7EE-4C32-BF24-E9F214269982}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3594C72A-0F44-48E7-ADD5-D991B0DD14FA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{35BE4D0C-60DF-445F-B7A3-E39E452A3FFD}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{36ED0552-2908-4082-9F4B-C8091183E832}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3740342F-9F6F-4C8D-AE01-8FA9E9FE5044}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{374F9FF1-D606-4676-AFFB-B9DF5AB78540}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{387E0D20-B9DC-4C1E-899D-8C1648AA8EB3}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{393B9EDC-4859-452B-87B9-DBE784F95CF8}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{39673B52-910F-4C44-B3D2-8561C61C0C39}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{39BC630C-A9F7-450F-B29D-621F5B41C96D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3A28E4BE-342F-465C-A933-31754A5B5F4D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3ACD6657-1D16-4FF1-85D8-D8B85495F798}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3B078B4B-E9EB-427D-8B08-373149349A51}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3B3FE2B8-BE6D-49A1-98AC-A50D3CEA3726}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3B6AA5FF-10E9-4431-8863-856348E902D4}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3B9D939B-5A39-4106-906A-8D3EEB84E669}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3BC4103E-F050-493F-B205-C42026C0A38A}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3C71CE10-6C98-494A-ABDE-8AD1E70F9C60}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3CAE5119-9A6A-4744-B35C-78306D805219}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3DADFA23-F822-4227-A6F0-87A527BA0D04}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3E181963-8E12-43C7-859F-888EFC7D81C1}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3E66AD16-40ED-4E22-9523-1B90A1EF39C5}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3E790BC8-CB84-4DFC-AC7E-373BDF3BDBB0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3F0AF1A7-142C-4360-846C-F75AF018F5F5}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3F8766EE-4703-4C7B-873A-876C4B3F816F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3FD25C04-9A94-4395-8FC0-4936BFFA2EDE}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3FE18420-D140-4A99-98C7-B4D83F05B836}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4039E53C-F4B2-4F8C-9AA8-717E11A5B01E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{407CA7E0-168F-4022-98D0-46AE0E9F9FBB}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{409ED659-0A65-4629-8E84-EBF16D1B6B85}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{419640B4-A606-4ADB-AA90-AFDF49F48BE6}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{41D804EA-159C-4D44-B15B-7292278937A0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{42201B9F-1C6E-4BDA-AA17-9CBEDF482819}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{428839CE-47F6-4158-828B-B31348BCDDB7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{434A0E10-DFD5-4D10-A060-3078E4FA3176}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{442E2AC7-64E0-4C6F-9E57-B321C8141F1C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{44B417C2-FEB5-4149-9F51-55E8BBFED042}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4553EBD8-4324-496C-9D2D-A85A49CD8E66}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{45A99501-ECAA-47E7-BB0E-BF375236D5EC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{46371903-6968-4A8C-A6DB-815C368214CC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4690B344-7497-4DD9-9048-6F7F49F88D0D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{46E838EF-060A-41B3-9060-2755B0B64F83}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{47C35201-6234-456F-A8CB-1A0D3DB51BB0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{47C770A5-D63E-4F2C-A8C2-BB5D551CCBD1}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{47F037F1-64FF-49E2-AADF-018361F19A24}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{48C943AC-537E-4E82-A225-493AC3BD7720}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{492F4CAC-E03D-4322-8C2A-AE6D815A8FBC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4AAEB51C-B7E7-43B7-B032-50D1CEA501A4}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4AE3E847-EC3B-4697-99D8-FDD7388ACDEC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4C9A9D14-3298-4550-9B55-87D952AA98AD}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4CB46395-2B83-46FB-A5B2-2180B23DD125}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4D9512C7-DB86-4B4B-B3F0-CC2667F3ACFC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4DBC45C6-DA07-4C5F-A5D0-FEA6C92F8289}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4E029681-DF76-46C0-AC6F-BF3D0C7B47E7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4E1BA1E5-013F-4265-B4A2-1745260B0F71}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4E62612D-1689-43CD-9971-EC6761E7657B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4E64A219-6AE0-44B5-9C0A-32EC148F0F64}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4EA75905-8731-461B-98A3-560DB64DDEFC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{5051E83D-1845-4B2E-A1F6-B9832E76CCFD}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{5060C84E-E8EF-4BEB-A006-ECD9E439F648}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{50F56F41-E99F-422D-9A08-072D63CB389C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{518FC5BF-5AF0-4523-95C6-BC80BFA0382C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{51DE09E3-5810-411E-BB98-40741253CE3F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{51E7ADC7-A402-4D12-8215-09B5D82C50E1}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{51F9D794-4F5E-4904-87C8-A9CBFE5928EA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{5227B765-E785-4A23-8FB8-02992EE23327}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{52A84EA0-E4A7-49A9-85FD-BC00AF31D49E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{52C2AFBA-937D-45F5-98A8-61057116C95F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{52F8F336-E14E-4F0B-BA99-92A53E921F81}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{53E37334-9CE2-4D35-A06E-0D97DA745B79}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{546B0C57-DBAB-4993-B202-46C3380E3C43}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{551FB06F-9173-46E3-9A74-CEE40209650E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{55AE8E11-F517-44BE-83FC-EBA5BB6F6F4B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{572055F7-71CC-41F7-887C-F657ADE5A9B8}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{57EA49D7-5545-4C22-ADCF-C9D2418B04FA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{58E62D4C-E983-4191-8C09-5F3D1D7F2577}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{5A79019A-2EE6-4CE3-8F79-6AA4CF9C47E6}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{5AACE012-E400-4726-8EAB-F18C3C75C542}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{5B3117DC-0D5B-46BA-BAEB-63F3F0F06DE5}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{5B85641C-63E5-4F9F-B868-5BE629FA5178}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{5CC4E11A-7B92-4425-AD53-BB3B1294B0A9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{5DA7F854-6FE7-4117-9A61-8FB96B224552}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{60BF9367-9CC2-4AC5-BCF4-FBC84CAFB612}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{61B644A6-F3C6-43F2-A98A-5449DD2DC5E1}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{61C4A34A-EFE4-4F77-A986-F3A57468FE19}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{6236F636-2CC6-479B-B1DC-DD9707445147}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{62ACCD1E-9CAC-4BC3-A023-F44431E19FF1}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{6365C269-7610-44AB-89A5-6151142C8799}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{6386C427-35AE-4530-9507-08AFC04EA125}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{63CD8F91-8998-4F30-8368-6F4ED542452A}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{6480F0A8-814F-4B5E-BA01-B7F0342D720E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{652E0AB8-242A-4C6E-BA45-91EEF05530E7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{653436F5-5F5F-4EDE-8FB7-6D65F0884357}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{65B8F7DB-10DC-48F1-BD14-CE57C644DAE6}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{66E915F9-BCA3-47F6-A72E-24733DD51856}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{674C5F6B-747E-4A90-AE20-59351CEA3D13}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{67530ABF-6B98-49BB-937F-4AA81AA7498B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{6793D44F-7048-419E-9C05-565FE77E97E7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{699CFEE1-5B07-47AA-B622-0D8CB948C146}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{6B36D0E1-8E53-412F-8044-CDBD2C08519D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{6BDFC61D-BE5B-4DA0-B154-9D0C2503EAF0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{6C623950-BCBC-4A54-9046-4526327702CD}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7063290F-200F-47EF-8FA0-72E769239CB0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7234D681-8D0E-489B-A33A-0824E1CD9D9F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7263DAC1-56DE-4E4C-A05A-140C6D22FC13}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{72AD29F1-2FD9-4D07-B044-BD3C25D0B551}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{73976354-628F-4AB2-B229-450920FC2004}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{74363069-F036-455B-9ABB-94B6F4ED260C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{74BBB46C-DF05-49C5-BE15-636E16212235}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{75100ACC-760C-42CB-A980-7DFB9095D390}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{75130C58-C5F7-4C91-8FE2-846CB560BCDE}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{751B64A6-5879-4B30-87C2-589EEA69F9E5}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{755454E2-4967-416B-AB87-58B7EC4E794D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{76056613-070E-4F42-94D4-E5E04093722C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{78A4E79E-39E8-409D-8CBC-510EC3FDF8F9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{78D720A9-C906-42E2-8B65-93FF3E80910F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7AEC25BB-F701-4304-8138-A69D6943AF77}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7B1358F4-776C-4284-8152-E7EAAF2DBA38}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7B4373D5-6530-41A3-9C6C-8D85C3EE1A66}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7B48104E-52F1-42B6-AB25-0AA00E4FE5FA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7BCBF346-6C8D-427A-8AE8-C07D587A7148}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7CED4AB2-A9AE-4AF2-801A-10A31A4AC3D0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7EB9A4F0-B906-4B30-ABFB-265B9B8EA65D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7ED96272-DEF1-4A1F-BC00-CC84D32FB9F6}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7F3D0400-0753-4B45-8BC3-7C523E612CA9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{8098D992-0CAD-45C2-8424-0888E84C48AC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{80BEF188-369F-4A02-A1A8-296F1B8104CB}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{82BD269D-9607-4D3C-82FC-B017E6D43A16}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{82E842DE-7A3B-4374-89C7-D9CCE3AD52CC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{83949EBE-2AB9-42FF-8E69-C307E96F0631}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{83B60AE1-9032-4374-B408-1C3FC821BD81}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{841DF695-9536-453A-9157-39E32BD60F40}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{842BFB5D-FB07-485B-92C5-CC546E9ED638}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{84AB3399-E4FC-464C-9C79-1F1DDC96526C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{84DB9C37-2B9E-4EC8-99E9-A01E7FAFD0A6}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{852CAFE6-8D1A-435D-B186-3FC2789EF875}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{85741D59-EE3B-4260-877B-A083ECCAB041}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{85915343-23F2-421C-8433-4FC1160A3BC4}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{85A65000-2CE2-4D9E-8B30-82EB5C5D17D4}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{869C5145-4888-40DD-A7CE-A3E7D6BE327F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{86F80C53-3225-4BFD-A74E-968512FBE4F9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{88AA8C5B-2032-4029-9E0E-3B6775E42A66}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{88C29723-2972-4C18-850E-3BE7B47113BB}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{8AD7B7D3-7C7F-42E3-8507-B65C5280B271}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{8B5AC7B8-1A24-41FF-A0D2-5E263CC3AD8F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{8D39D436-74A6-4BFE-A5AF-759551F716D7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{8E05C82C-42B0-42E5-9362-6611BEB024F8}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{8E8B1C78-D1A0-45A2-BE31-146BCC2FBE2C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{8EC7B27A-BE57-4A5B-A5CC-E86EDD4FAEA2}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{8F508478-D580-4ADE-BC19-02406547768C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{90101D78-86E3-484C-975B-4A7EE6EA5226}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9039E3E5-5B3E-439D-8147-39AC6D49FE6B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{91085567-0E49-4FCD-9306-2DFCD854EBB2}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{935FF7C7-D18C-41D6-8BC7-B0B8FF7F38DA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{93605185-666A-4BE1-8F39-1D3F3575C93D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{93C22D5E-AEA1-4643-9F9A-F04D92118D8A}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{94A62C66-2B4D-4C4F-90AA-94CF1AF80A78}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{97877D81-0325-4DBF-8B21-24BFA9DDF3E7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{984D9D2A-EDF6-431E-9910-23E437C87800}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{999B4AC9-5C75-4F0D-857B-2C85CF84B58A}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9A7C8195-4287-4CFE-BCB1-BD5D1C2AA922}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9ABFFEC2-A2CB-4709-BC0D-D258E882C8FE}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9B5683CA-BF66-4F6E-B396-9AA845511A02}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9C3E2832-7EA5-4385-87FC-88BAC59C0320}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9CEE6264-570E-4B26-8BD0-1CC354AAB276}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9D34130F-23A5-4633-83DA-1CDDE65CAFF8}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9E14EEE0-1228-4977-A842-3893ACD909FB}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9F091765-CEF9-4551-87C1-7011696B8A61}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9F1458A4-9831-48DF-A61F-8DE380F4EBBF}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9F9F2885-4A93-44AF-B4EE-3D754E3F057B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9FCFD40E-5450-4E13-AB64-9A93A84C9601}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9FE469C8-D577-4F31-BA56-0C820CB9E0F5}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9FE579CA-40A6-45BD-B8A4-E039CD544C67}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A0DF0EF2-E1DF-4089-9AAC-6A672514813B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A0F40164-0E9F-4356-AE90-461935E49520}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A171A6A7-610C-406E-B179-3DA7718228BC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A1D2FBC1-E786-4245-B62A-E9DE305D6AE8}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A1F8A0EC-9D8C-459A-B4EE-5E9F2C13C703}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A2186CD5-6684-4D4B-9592-ACE0A7D4E5A8}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A2944FDE-1162-4859-BE09-FB3275519A73}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A2AA98B8-A147-403C-B8B8-5DC3BA527998}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A2DA642E-6CC0-4DFC-8495-25F9D1873A45}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A439570F-538E-419C-A15C-F0F157D36152}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A481F8B1-A7F9-4145-BC52-E3BAF41C402C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A53FB92B-DCA1-4CBC-9A0A-D74C5C85671C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A56021B0-0391-4AD6-AAB0-712953E3E3BA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A5F53AF9-C555-4C14-B11F-C5F0AD34FC88}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A6562A74-8406-4B4C-9005-2776E3C1CD15}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A65AE561-563C-4410-98FE-5A5E3EA745A0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A67E9F9F-F5EB-45EA-B01B-04D9DB9B7779}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A6A49A38-8544-4560-962E-ADB8EFFEBC26}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A71B0058-5C6E-4EE7-AAB9-B639119943EF}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A836B2E1-F894-4C80-92B7-3EAE235D0445}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A984DEAF-17C6-4295-BB62-CBC6B4A02D8B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A9C856D1-E156-40EA-A68C-8AD3C1F6F3D3}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{AAC033B1-7832-4F5B-8260-843082B26573}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{AC43CDDF-734A-413F-A3BC-AEF4950E0FD0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{AC46F151-5DF9-4761-B52B-DB79E1ED886D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{AC90016F-A4FB-478F-AB6D-B3F8E637EC6C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{AC9369D4-363E-40CB-BB65-FDD0744B39AA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{ACB289B5-D35F-458E-837E-4D15BCBD4D3F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{AE1A4499-5EC3-41EB-BCCC-19C4F90DE13B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{AE31EAE2-688A-44B8-86C6-3429F6C5DB37}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{AEEA4A97-EC0A-4FCE-9B4D-4D877BB979D2}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{AF7A793F-A84D-4E4A-8637-37CA8A994C93}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B00FADE1-6021-4FDC-946D-5A741FCC9213}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B030DA6F-B1A8-481D-86E9-2D943BEDD37F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B0540704-256C-46E2-94A3-D5CC00EE8219}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B1BEF1B0-D985-4EB9-8D8D-2C080909B2AA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B1E93F98-F452-49DB-BA0C-871499A9032D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B1EAB351-DA93-4957-9EA9-A0152CD9BC39}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B240FB65-16C5-4FE3-A580-7696EF0FA300}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B26BBB6D-30A0-4238-AD56-4CFB94DA2FCF}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B3D164ED-E528-4F90-8A2D-63113FB38916}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B4524BDD-716C-485D-BCA8-4EC2263BE830}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B4BDD813-4539-4405-BE2D-1DB2FCE1EBDA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B4E44542-1DB6-40E3-A845-45BAD556F9BC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B5281BCA-8A32-4271-A307-DEB4C420316E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B5F3AD13-B3E8-4382-BC86-77B38616C4AE}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B7430050-B29B-4B44-8405-ED5456E57274}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B82DB15B-1B47-4A1F-BB7D-898F4DD863DE}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B83259AA-C238-44F9-8C24-F57CDA7F90CD}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B8791E6E-083F-495F-A408-ECDB1DD95F0D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B8973AEE-543C-42CC-9FCA-386510598912}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B966201D-2122-4A71-9F09-6B68F5D1605F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B9F7CBCC-7A89-460A-AD7C-06E5E77032D9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BA6144E2-E3E9-48A0-8FFA-A54204D174F6}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BA941A2B-CA87-42B9-AEE2-2018FF4CD15D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BAB53742-0E5F-459A-84D3-FF853D663649}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BAD664E6-BA86-48EF-BC4B-30FCA3D80743}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BB00A3A0-4F2D-4E98-9340-C633EE6F14AE}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BB2139D7-96F9-4E8E-AEB3-50AE51BC372F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BB65C46D-D19A-416A-83F3-E8774B8900B7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BCC4486E-0E3E-4040-89DA-9A1A5089CF68}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BD153D0E-7E99-4655-9E8F-07AEA55F3BFE}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BD3F9A3C-956E-4753-93D5-E6C6B9C9820C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BD45E561-3E31-4952-A8B6-7F1897174E8B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BD860D1F-5903-4490-8FC6-70D5E4D4EF14}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BDB1EDF3-4F07-4B8E-9110-66317AF25B8D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BECD95AA-7489-4BB4-88E2-4DD224DB51F5}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BFB952EE-19A9-43CB-A365-BEF80164F7C0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C0616D97-8DC0-4015-9F50-8420F51EB480}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C11A653A-F938-4BA2-AFE4-952EDCB22349}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C1B62BCB-25EA-4D22-A200-1AEAD3069BFC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C29C133E-1D39-48BB-BC38-E50D8FC27139}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C2A9A891-C3AA-4102-B5CB-650A518FA248}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C376E0FB-33CE-4AB6-8811-A6C842EBF046}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C3B641DD-9659-475F-8371-CBA9E9B19D6C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C48D1A08-4A08-47F9-8AFE-E360B72F4427}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C4CBB172-44E2-4A47-B5B3-5175820AA764}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C4D8DD8F-BA44-4552-B2A6-4B5103B3064F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C4E5C0C2-CC2A-42AC-BB08-4D5A611D20D6}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C507F532-5D34-4004-ACB8-22F9BDE4A00D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C5753F16-1BAC-4875-A893-319056BEDD09}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C74820BF-D6B6-489C-B3D9-47B266F03C65}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C75D574A-653A-4804-980D-F8506FE75547}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C840FF71-746A-4F70-8F4B-AC0276C88B2C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C97991A0-653A-4BC5-9F85-CBBB53AFA1F7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C9FDDC4B-1CE6-48C8-B129-A28EA8BDDFCD}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{CB5572B8-356C-4640-9443-569C2439AE06}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{CB57E9B6-76EE-4AAC-B7D1-A16AF669BBAA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{CC10F449-E07D-4484-9979-0086AD3EEC16}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{CCEE3E38-3DBE-471A-A7AD-4F2ECF70D935}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{CDE790B5-A741-4107-818D-94D361F39667}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{CE47A1FC-6EB2-47A7-8C06-2039DF88C1C3}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{CECC6588-607B-4E00-A8A1-A6BB8F874CAA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{CF734D8E-5C3B-48F9-8DD3-E334D4E9C49D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D0675921-5CB6-4EE2-9D40-D6D7EE83E544}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D1837D0B-DB7B-41C6-B1AB-1ADBDFCEE7B8}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D1A169A4-8D14-4EA0-9313-233154D0A495}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D2818443-9CB5-4A0B-AC59-CF2F9CEA56B6}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D4BC713D-4D36-453A-B255-8B64C0C3B1CC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D5155E5F-3FC7-4957-997E-963ED75EAA08}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D5257B1F-05A6-4F18-8B6E-3E08E52AD109}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D5932939-F2C5-4804-9C8F-C6E62DB842B5}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D6C6DF2F-52EF-40F5-80C9-40D786049420}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D6FC8460-D41C-4C00-B566-2EBABE2835CC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D70DA121-5199-4A50-B30A-AB59AF791F39}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D92EA4F9-32A1-4E0C-9DC0-C394B3B5A976}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D9A8D8C2-7653-4377-8D89-6CA3B90129BF}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D9EBE4F6-10EE-4170-A603-B0CF6068A560}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DA1188CC-6C96-488B-A48F-1FBCB8465E2A}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DA567C99-97FE-46A1-BF63-E469FF3610B7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DA86739F-F3EA-43F5-A710-954111E3AA5F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DAC6E282-0450-48BF-A87B-A5971DF3C3C3}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DAE760B4-9A9D-49D3-954C-43B245FCBB9C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DBC15C5D-455C-463D-B31B-BA9899376988}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DD4E0032-B01A-40ED-A9E2-38E9D63AAE68}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DD9028C5-49F2-4B73-83AD-A340555F253D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DD9762B4-37C3-4237-99D0-A9A85747C609}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DDA9F38C-6D34-4901-9E06-E66DD5D616AF}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DEDAC9D2-8046-462D-9ABA-A5BBB927BF65}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DF03D06C-A3FA-471F-92AB-495C0A0A54CA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DF73949B-7234-4E85-9329-0F1169343D94}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DF99FFDD-EBA7-44F3-92DA-70F989B4AF74}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DFA5B2D3-1337-45F2-AEDF-B90698E3F941}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E2838B2D-9FC3-4161-8200-AEB01ABA5481}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E3C69BEC-824B-4763-AD29-3DB326D3F19A}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E5DB6A41-4418-4986-8DA4-81815E839F96}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E5ED1D70-D420-4B50-9A15-35B2804D10B7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E6294DF9-1482-4464-8A1A-AB074F9E10FC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E6BF8B8D-1CA7-4EF4-8237-D45D00794273}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E746DA4B-4114-4C12-BB91-5A439F1A113C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E75DE664-2F04-420F-B23F-BCF79F01979B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E7DBE4FF-A333-41E9-B1E6-82BAABCB3B01}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E85AE1ED-A62D-4487-8833-1F5096A35BC3}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E86AEE8F-5E30-4ED4-8F2C-D104AC04123B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E8FFB9FD-DE3F-45C1-BAD4-0B48851535E5}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E9B7DDFD-2C8A-40A3-9628-F5702879E940}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E9EC2749-EB8D-42C9-A2F1-FA29721BC776}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{EA3F551A-ADC6-4C1D-AD7D-24FAD67DD5CB}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{EA5AB803-3B00-40F5-8A99-B458338F7049}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{EA686A0C-3409-419B-89A2-85BC7F9D3F54}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{EBAE1865-0967-4C27-B3A5-2C3F0B9C7DC4}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{EBC981EE-5F6E-4CE1-A585-2DAF244B4959}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{EC3E3737-E3B5-4C0B-AB70-16EEA9AA11E9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{ED87E034-D190-4CF4-AD65-0EBFFD8C8A11}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{EDB4685F-CA54-4838-8494-7D763618AAEF}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{EDCE4B2B-069F-433D-9B5E-38E2ED7D6BB2}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{EF8A453B-87CF-46BA-AF45-36B35484490B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F158389C-96FA-4069-B37C-3F80590115B1}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F1D62AC5-9AF6-415E-A384-49AD7AFB7910}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F2355858-DD49-4E7D-BC4E-0C643912FB55}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F2B9ECAD-6920-4850-B28A-D8227373DBEB}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F3099D76-A7F6-468E-ADAB-D0942DE15D0B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F3234477-52F0-45EF-9866-2FD03E488C5F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F34B4AD7-0B89-4716-B8F4-9BEC2D69861B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F3807E2B-BD4D-4E8F-A8F7-AF4FC78C35C2}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F4256103-7666-491F-B295-86791701D8B0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F47B0726-635F-4B62-83B6-A3A57EC93A8E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F54B3449-DD18-4409-B358-B47AF29EE8A7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F5CC14B9-126D-4DDA-B31F-9FAA72EDCFCA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F5CD7442-EFFB-4332-83B5-6B8ABF114598}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F5ECE9A1-4E91-47BD-9AFF-69EFC138E818}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F664FA4F-A781-44D9-9E97-884FC6ED5DB1}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F74F0087-5346-4D33-A0C5-2C766B7E2F85}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F7DA0EB3-BB5D-4796-8EBE-A8E9736893CE}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F8A20F0A-F147-4E5F-B004-A25D2F089B30}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{FB93F39D-6B95-4F8A-B10B-3190AED3EEB3}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{FBB5481E-6F39-422E-B062-6E9AAB79ADC6}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{FC8543CC-227B-4E64-A3B4-F03B425209C1}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{FD16BDBF-9307-4130-BB75-B40E17611786}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{FD4BAEDA-E437-4CD8-8849-CD1851829C11}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{FD97DD6D-E6DF-4748-8283-C010F992C649}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{FE73CCE7-32F9-4D0D-9349-012AA3912BED}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{FF454EB7-5ED2-4E47-9D45-38ECF0688A03}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{FFECE7DB-3186-4E30-AD9C-2417E7761D34}



~~~ FireFox

Successfully deleted: [File] C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\user.js
Successfully deleted: [Folder] C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\extensions\appgraffiti@appgraffiti.com
Successfully deleted: [Folder] C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\extensions\staged
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\siteranker@siteranker.com
Emptied folder: C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\minidumps [16 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.07.2013 at 22:15:46,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 10.07.2013, 18:25   #8
t'john
/// Helfer-Team
 
Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? - Standard

Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?



ok!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Mfg, t'john
Das TB unterstützen

Alt 10.07.2013, 19:22   #9
Hilfe343
 
Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? - Standard

Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?



Super vielen Dank!

Hier das ASW Log

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-10 20:14:00
-----------------------------
20:14:00.707    OS Version: Windows x64 6.1.7600 
20:14:00.707    Number of processors: 8 586 0x2A07
20:14:00.707    ComputerName: HORST-PC  UserName: horst
20:14:02.829    Initialize success
20:14:30.223    AVAST engine defs: 13071001
20:15:01.438    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:15:01.454    Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 3
20:15:01.563    Disk 0 MBR read successfully
20:15:01.579    Disk 0 MBR scan
20:15:01.579    Disk 0 Windows 7 default MBR code
20:15:01.594    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    25600 MB offset 2048
20:15:01.610    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       244189 MB offset 52430848
20:15:01.626    Disk 0 Partition - 00     0F Extended LBA            340688 MB offset 552531968
20:15:01.657    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       340687 MB offset 552534016
20:15:01.797    Disk 0 scanning C:\Windows\system32\drivers
20:15:13.014    Service scanning
20:15:45.727    Modules scanning
20:15:45.727    Disk 0 trace - called modules:
20:15:45.774    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys 
20:15:45.774    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005142060]
20:15:45.774    3 CLASSPNP.SYS[fffff880013b943f] -> nt!IofCallDriver -> [0xfffffa8004b1e910]
20:15:45.789    5 ACPI.sys[fffff88000f93781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b22050]
20:15:47.162    AVAST engine scan C:\Windows
20:15:51.093    AVAST engine scan C:\Windows\system32
20:18:43.789    AVAST engine scan C:\Windows\system32\drivers
20:18:55.579    AVAST engine scan C:\Users\horst
20:20:16.884    AVAST engine scan C:\ProgramData
20:21:07.210    Scan finished successfully
20:21:54.572    Disk 0 MBR has been saved successfully to "C:\Users\horst\Desktop\MBR.dat"
20:21:54.572    The log file has been saved successfully to "C:\Users\horst\Desktop\aswMBR.txt"
         
Eset Log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=126085e05a7e9f489e169c3e91428410
# engine=13257
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-28 08:25:44
# local_time=2013-02-28 09:25:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=5893 16776574 66 85 40520270 113669794 0 0
# scanned=36228
# found=0
# cleaned=0
# scan_time=4699
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=126085e05a7e9f489e169c3e91428410
# engine=13259
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-28 11:55:47
# local_time=2013-02-28 12:55:47 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=5893 16776574 66 85 40532873 113682397 0 0
# scanned=413279
# found=1
# cleaned=0
# scan_time=10431
sh=FE5AA6537A7AF2AD5A7268973DB825F5CF07DE0D ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\HORST-PC\Backup Set 2013-02-18 131410\Backup Files 2013-02-18 131410\Backup files 1.zip"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=126085e05a7e9f489e169c3e91428410
# engine=14346
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-10 08:23:30
# local_time=2013-07-10 10:23:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=5893 16776574 66 85 51971736 125117660 0 0
# scanned=403013
# found=2
# cleaned=0
# scan_time=7139
sh=91995D94CB0B57F540C98CF0F34FC599C7376C68 ft=1 fh=ba222c6d0688f8dd vn="a variant of Win32/Kryptik.AVXQ trojan" ac=I fn="C:\_OTL\MovedFiles\07092013_212057\C_Users\horst\AppData\Roaming\userj.exe"
sh=FE5AA6537A7AF2AD5A7268973DB825F5CF07DE0D ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\HORST-PC\Backup Set 2013-02-18 131410\Backup Files 2013-02-18 131410\Backup files 1.zip"
         
Security Check

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.68  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!! 
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Trend Micro Titanium Internet Security   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.70.0.1100  
 Out of date Malwarebytes Anti-Malware installed! 
 Java(TM) 6 Update 21  
 Java(TM) 7 Update 5  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox 11.0 Firefox out of Date!  
 Google Chrome 25.0.1364.97  
 Google Chrome 28.0.1500.71  
````````Process Check: objlist.exe by Laurent````````  
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 11.07.2013, 19:54   #10
t'john
/// Helfer-Team
 
Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? - Standard

Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?



Alles Windows Updates einspielen, inkl. Service Pack!
http://windowsupdate.microsoft.com


Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die .exe-Datei
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 21 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck



Aktualisiere:

Adobe Reader: Adobe Reader - Download - Filepony (Alternativen: PDF Tools)
__________________
Mfg, t'john
Das TB unterstützen

Alt 13.07.2013, 16:15   #11
Hilfe343
 
Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? - Standard

Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?



Hallo t'john, nochmals vielen Dank für deine Hilfe aber ich will nochmals sicher gehen, dass wir beide das selbe Ziel verfolgen.

Mir gehts eigentlich nur darum, diese verschlüsselten Daten auf irgendeiner Art und Weise zu entschlüsseln. Wir haben das System auf einer neuen Platte komplett neu aufgesetzt und alle Updates usw. eingespielt.

Gruß

Alt 13.07.2013, 17:52   #12
t'john
/// Helfer-Team
 
Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? - Standard

Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?



ah, ok ...

das schon durchgeschaut?

http://www.trojaner-board.de/116851-...strojaner.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 14.07.2013, 11:17   #13
Hilfe343
 
Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? - Standard

Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?



Vielen Dank für deine HIlfe, ich habe nun auf der D: Partition doch ein Backup mit Windows Bordmitteln gefunden.
Wenn ich nun eine verschlüsselte und eine original Datei habe, kann man dann damit etwas erreichen?

VG

Alt 14.07.2013, 11:42   #14
t'john
/// Helfer-Team
 
Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? - Standard

Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?



Du solltest dir nicht allzugrosse Hoffnung machen.

Die meisten Dateien kann man nur durch Schattenkopien und Backup wiederherstellen.
__________________
Mfg, t'john
Das TB unterstützen

Alt 17.07.2013, 22:32   #15
Hilfe343
 
Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? - Standard

Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?



Es hat sich nun erledigt, das Windows Backup hat mir die benötigten Daten geliefert nun ist die Sache erledigt.

Sagmal, wenn ich Die Platte Low Level Formatiere, kann ich die dann weiterverwenden oder könnte noch theoretisch ein Virus drauf sein?

Antwort

Themen zu Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?
bingbar, boot, boot cd, dankbar, dateien, daten verschlüsselt, dokumente, eingefangen, entschlüsseln, gefangen, gemeinde, gen, heise, install.exe, kaspersky, kollege, liebe, microsoft office starter 2010, msn deutschland, netter, ntdll.dll, nvidia update, nvpciflt.sys, plug-in, rechner, schlüsseln, sonntag, troja, verschlüsselt, virus eingefangen, was tun?, wichtig, win32/kryptik.avxq




Ähnliche Themen: Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?


  1. deeprybka: Trojan-Ransom.Win32.Foreign ist weg
    Lob, Kritik und Wünsche - 29.06.2014 (1)
  2. Trojaner: Trojan-Ransom.Win32.Foreign blockiert Rechner
    Plagegeister aller Art und deren Bekämpfung - 26.06.2014 (19)
  3. Trojan.Ransom.Win32.Foreign.kvfa gefunden in C:\Documents and Settings\Carmen\Downloads\2014_05rechnungonline_8290485236sign.zip
    Log-Analyse und Auswertung - 01.06.2014 (21)
  4. lenovo x61 mit Win 7, Trojan-Ransom.Win32.Foreign.doov und weitere
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (5)
  5. Meldung von ZoneAlarm: Trojan-Ransom.Win32.Foreign.fvto erkannt
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (19)
  6. trojan-ransom.win32.foreign.bnpm entdeckt in e-mail anhang!
    Log-Analyse und Auswertung - 19.07.2013 (4)
  7. trojan-ransom.win32.foreign.dfos eventuell versehentlich geöffnet
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (14)
  8. Mahnungsmail mit ZIP Datei - Trojan-Ransom.Win32.Foreign.cjue
    Plagegeister aller Art und deren Bekämpfung - 02.06.2013 (30)
  9. Ransom.Win32.Foreign / Trojan-Downloader.Java / Exploit.Java (Bildschirm weiß)
    Log-Analyse und Auswertung - 19.05.2013 (6)
  10. Trojan-Ransom.Win32.Foreign.abjw
    Log-Analyse und Auswertung - 23.04.2013 (11)
  11. BKA-Trojaner u.a. (Trojan.Bublik, Trojan-Ransom.Foreign, Worm.Cridex, Trojan.Yakes)
    Log-Analyse und Auswertung - 17.03.2013 (4)
  12. Win7 ransomware wgsdgsdgdsgsd.dll, Win32/Reveton!lnk (runctf.lnk), Trojan.Ransom.Win32.Foreign.AMN (A)
    Plagegeister aller Art und deren Bekämpfung - 30.12.2012 (9)
  13. Probleme Daten verschlüsselt Trojan-Dropper.Win32.Injektor.fanf
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  14. Trojaner hat alle Daten verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 27.06.2012 (2)
  15. Verschlüsselungstrojaner, alle Daten und Photos verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 24.05.2012 (1)
  16. Bundestrojaner Trojan-Ransom.win32.Foreign.oja usw.
    Log-Analyse und Auswertung - 14.05.2012 (17)
  17. Schwarzer Bildschirm und alle Daten weg!(Trojan:Win32/Tips.IT)
    Plagegeister aller Art und deren Bekämpfung - 10.04.2012 (34)

Zum Thema Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? - Liebe Forengemeinde, ein sehr netter Kollege von mir hat sich diesen Sonntag einen Virus eingefangen, der alle Dokumente verschlüsselt hat. Laut Kaspersky Boot CD handelt es sich um den "Trojan-Ransom.Win32.Foreign.abjw" - Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?...
Archiv
Du betrachtest: Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.