Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Guv und E-Mail Delivery Problem

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.05.2013, 22:45   #1
Meister G.
 
Guv und E-Mail Delivery Problem - Standard

Guv und E-Mail Delivery Problem



Hallo hatte vor einiger Zeit den BKA Trojaner auf meinem Pc hab es soweit geschafft das er bis jetzt nicht mehr aufgetaucht ist. Seit gestern wird mein E-Mail Postfach mit hunderten Mails die ihren Absender nicht erreichen können zugemüllt. Habe einige Funde mit Eset und Malwarebyts. Hätte gerne Hilfe bei der Überprüfung und Bereinigung.
Danke

Code:
ATTFilter
OTL logfile created on: 26.05.2013 23:02:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,38 Gb Available Physical Memory | 79,94% Memory free
15,96 Gb Paging File | 14,12 Gb Available in Paging File | 88,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 690,75 Gb Free Space | 74,16% Space Free | Partition Type: NTFS
Drive D: | 6,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.26 23:01:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.07 17:42:40 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.23 07:25:12 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.23 07:24:03 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.07 22:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2012.11.26 16:09:20 | 000,573,024 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.02.22 13:20:22 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 13:20:18 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.17 07:05:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.17 07:04:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.03.07 22:32:40 | 021,014,960 | ---- | M] () -- C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013.03.07 22:32:38 | 000,292,272 | ---- | M] () -- C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013.03.07 22:32:38 | 000,179,632 | ---- | M] () -- C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2013.01.10 09:35:48 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 09:35:37 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 09:35:34 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 09:35:31 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.16 07:11:00 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.23 07:25:12 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.23 07:24:03 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.26 07:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.22 13:20:22 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 13:20:18 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [Auto | Running] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.04 03:37:13 | 000,032,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2013.04.23 07:25:57 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.23 07:25:57 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.23 07:25:57 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.04.06 23:43:38 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.04.06 23:43:38 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.10 14:52:00 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 14:52:00 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.07.29 04:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 37 51 61 D2 97 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_deDE456
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.10.09 18:04:27 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28E644A4-B088-4A69-8BBC-E031A6DFF6B8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.09.11 00:46:44 | 000,564,218 | R--- | M] () - D:\Autorun.dbd -- [ UDF ]
O32 - AutoRun File - [2007.08.31 20:16:25 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007.09.06 08:18:49 | 000,004,039 | R--- | M] () - D:\Autorun.txt -- [ UDF ]
O33 - MountPoints2\{e2877e80-03c0-11e1-92d7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e2877e80-03c0-11e1-92d7-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Launch.exe -- [2007.09.14 07:34:33 | 000,132,416 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.26 23:01:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2013.05.26 22:51:16 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{44F915F1-BE97-403D-95A9-FAA2BE8DAF7E}
[2013.05.25 23:20:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{02CF1C4B-55AC-4FE2-944A-035500DF9D72}
[2013.05.25 00:10:42 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{22717D86-FCB1-4D72-8CDA-FF6BDB65AB17}
[2013.05.24 08:19:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{7188C3E8-5ADF-462E-A9F0-DA340544B362}
[2013.05.23 22:07:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{CE429DE4-6BF6-4CBE-9EA7-085DA973E6DC}
[2013.05.22 21:03:02 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{B966BF51-FCAB-4AC6-85AE-928D82ECE6CE}
[2013.05.21 19:21:49 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{60257324-7915-42A4-959F-7261D8B4849A}
[2013.05.21 17:14:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{6DFEC746-BD6B-4116-8700-61D32860B826}
[2013.05.21 04:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.20 21:32:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{5987C990-A22B-47BD-9724-08D255AD2296}
[2013.05.20 18:13:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{5C747B03-84B9-4516-A7F4-A0739DD923DE}
[2013.05.20 04:15:08 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{FC276344-0302-4744-AF02-009F3FAE1937}
[2013.05.19 16:49:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{BFFE6FD9-FEA6-45A4-90AE-270E09580AD9}
[2013.05.17 21:05:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F6CB7BB1-69FA-4340-8CAF-983C8A989F52}
[2013.05.17 07:06:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{422930D0-B636-46CA-9F88-333297AEC370}
[2013.05.16 07:07:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F3AF719B-C85F-4C1B-B746-1B21BA0A2ED6}
[2013.05.14 08:08:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{5C818CAB-B0C0-4B6A-A7C8-95B22838E9DE}
[2013.05.13 07:13:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{7B9AACB9-BE60-4B86-9A98-1F5A39646E21}
[2013.05.12 18:16:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{81B73316-4FD5-41F2-BBE1-B6F607253A89}
[2013.05.12 18:07:10 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{6D9ABE48-BBC1-4B8F-B26B-0A15ECF43B85}
[2013.05.11 22:19:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{45D4BFA1-148D-49FF-9D81-4C9D2D9C5697}
[2013.05.11 22:18:05 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2013.05.10 22:46:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{EE8D926D-EA9C-4ED5-AD88-C33C0945909A}
[2013.05.10 20:27:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F47B6CB7-89F1-4437-8441-3F5A8DBEDF8C}
[2013.05.08 21:01:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F80D56F2-BF46-42C0-9743-AFD02CBB2BB3}
[2013.05.07 17:43:35 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.07 17:41:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{578C940A-0C27-4290-88FE-61434C0D9F34}
[2013.05.06 20:53:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{DA7ABC83-A740-4B13-B781-4F26CF971AD1}
[2013.05.05 14:09:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{05F8722C-D1BE-4822-85EC-74B0F5BEC24F}
[2013.05.04 13:25:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.05.04 03:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.05.03 17:28:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{12BE1E96-2F0A-407F-AEA6-934E91B72746}
[2013.05.03 02:25:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\BugReport1
[2013.05.02 21:26:54 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{B6F57F5A-C6BC-4A86-8A98-2B316FB080F7}
[2013.05.01 22:32:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{B655216E-7FED-441F-83EE-E074F7589B80}
[2013.05.01 03:36:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{E64DA07A-EA51-48B6-9E91-3584310479E1}
[2013.04.30 00:16:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{D0C41B48-31B3-4AC0-96AD-2A8A18A0A5F9}
[2013.04.28 17:16:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{0A6B2A2E-94F2-4FD6-97AE-25F05289699D}
[2013.04.28 01:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2013.04.27 18:03:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{FEF1AC6F-13CE-4A7C-BF84-E44E344276DA}
[2013.04.27 17:48:20 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{310F2E09-EE1B-49D1-A3BB-F1019F29C619}
[2013.04.27 14:00:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{76D60E98-7EC0-451C-8A0D-EB27CA991BD0}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.26 23:01:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2013.05.26 23:00:26 | 000,000,000 | ---- | M] () -- C:\Users\Michael\defogger_reenable
[2013.05.26 22:34:12 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.26 22:34:12 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.26 22:31:51 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.26 22:31:51 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.26 22:31:51 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.26 22:31:51 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.26 22:31:51 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.26 22:28:09 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.26 22:25:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.26 22:25:36 | 2132,733,951 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.26 10:13:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3315472771-574270051-2816021824-1000UA.job
[2013.05.26 10:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.26 10:07:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.21 19:13:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3315472771-574270051-2816021824-1000Core.job
[2013.05.21 04:02:39 | 000,000,748 | ---- | M] () -- C:\Users\Michael\Desktop\Internet Security 2013.lnk
[2013.05.17 07:02:51 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.07 17:43:26 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.05 14:32:00 | 095,023,320 | ---- | M] () -- C:\ProgramData\of0dzj.pad
[2013.05.04 03:37:13 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013.05.04 03:36:02 | 000,000,660 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013.05.04 02:34:16 | 095,023,320 | ---- | M] () -- C:\ProgramData\otolfot.pad
[2013.05.04 01:14:59 | 000,000,153 | ---- | M] () -- C:\ProgramData\otolfot.reg
[2013.04.27 08:45:05 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.26 23:00:26 | 000,000,000 | ---- | C] () -- C:\Users\Michael\defogger_reenable
[2013.05.21 04:02:39 | 000,000,748 | ---- | C] () -- C:\Users\Michael\Desktop\Internet Security 2013.lnk
[2013.05.05 14:31:59 | 095,023,320 | ---- | C] () -- C:\ProgramData\of0dzj.pad
[2013.05.04 03:37:13 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013.05.04 03:36:02 | 000,000,660 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013.05.04 01:14:59 | 000,000,153 | ---- | C] () -- C:\ProgramData\otolfot.reg
[2013.05.04 01:14:55 | 095,023,320 | ---- | C] () -- C:\ProgramData\otolfot.pad
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.03.05 09:55:21 | 1799,350,784 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-1.bin
[2012.03.05 09:55:13 | 1257,667,440 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-2.bin
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.11.11 18:13:46 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011.10.31 16:20:59 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.31 15:20:55 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe
[2011.10.31 15:20:54 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll
[2011.10.31 15:20:54 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD64.DLL
[2011.10.28 12:08:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.09 07:29:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
[2013.02.09 07:01:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.29 23:11:49 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Might & Magic Heroes VI
[2012.10.09 18:04:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OpenCandy
[2013.03.19 04:20:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SoftGrid Client
[2011.10.31 16:22:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TP
[2012.01.17 01:02:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
         


Code:
ATTFilter
OTL Extras logfile created on: 26.05.2013 23:02:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,38 Gb Available Physical Memory | 79,94% Memory free
15,96 Gb Paging File | 14,12 Gb Available in Paging File | 88,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 690,75 Gb Free Space | 74,16% Space Free | Partition Type: NTFS
Drive D: | 6,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BCA3834-A8CE-4356-91D4-FD165D55D3A5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1634136F-61C7-42F5-8CA8-3829FAAA15F1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{18E71BE3-0257-45F8-99FC-576F4594CFE9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2AC7F5F2-2179-4754-A80B-9ACDBE8E5414}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{36001E02-9511-4148-A1CB-5BFBDEC106D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4093E066-F5BA-4265-97B9-E71852A0CD7F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4B92CC98-33BE-4676-B464-4C637956F827}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A12E3E2D-C14B-4101-BD9D-25A1F4F979C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A802133D-F076-48F8-9E71-A1787244B02E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AB8C58D3-00D3-46E2-86F3-9D515B52EC19}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B000326E-D0A3-4089-99E6-C4AA7C5E7C74}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C407048E-1A02-469F-81DE-7C3750FEC3B8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{ECE6714D-8CD4-4C5E-8424-9DF3E7223BED}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F5C48E3C-01FF-4899-8C9A-DFE3AAC76F98}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F31979-F3CE-4CF1-9AED-A03527B0F630}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{08254108-BE65-4E94-9E72-43595BB7513D}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | 
"{0A4357EF-F1FA-471E-A460-BD6A5724CBAC}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{0DB513B7-B296-478C-9E6A-575C0C79729E}" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe | 
"{1A124D59-C4E0-472C-8C61-F37AE5D8D911}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{237B0849-502D-457A-9B2A-2BD428BE7571}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{23F2B678-9E02-4CB0-A92A-A19F01399D72}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{2FB65FF3-1DA6-4381-946C-B77CAB1201BC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{300B4EA3-0E19-4C0B-95F9-295394A4278F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{396A0929-5972-479A-A738-30F8B45C51A5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 
"{424D14F0-2AD6-4448-B0B6-47C12F1F1A84}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{43E61A1D-A9E3-49E3-A5D0-E3E524BA65EF}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"{46A7495F-15B2-4FFB-A6BB-377ED1F79845}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{48A6A251-401E-40C2-BB1A-4CC73F334C73}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe | 
"{4A8BAA03-696F-4A92-8DC7-0273EA5C14D8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{50B21174-A1D1-4F29-ADFF-1207BE8013B2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{52A768A5-8DFC-4B3C-BA70-7AEF2D0D8D78}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe | 
"{5ECDD369-C613-4378-8EAF-E27F71C2D939}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"{69A56E0F-04A6-44B0-B5BF-25FEF3127BB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{77E14D4E-403D-45C3-9B92-93F9CF2BF1A1}" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe | 
"{80D64F81-49EB-4841-A8C0-11451EC85E09}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"{86CB2C5D-CE1C-4662-ADEB-324CD1398A37}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\dead rising 2\deadrising2.exe | 
"{89BFDADA-B784-44A6-913A-3219791E6515}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe | 
"{90616361-8883-4F98-A042-F10F71ED71B4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | 
"{9C56BA08-EFCD-442B-8BFB-E143BF062644}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{A0D2D4B2-0561-4127-ABE4-2ED2D598596B}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{A5BCDA97-0D7F-4641-AAC2-6971017BE14F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{A74C229C-6205-404B-93F7-45EB47BD859C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A80A50C9-FBCE-4EEF-BF7E-B95FC9227D70}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"{BCF98A06-365E-4769-887D-2FFA9C0BEB84}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{BD0ADC10-6247-418E-AE23-BCBAA0479FB5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{CB2112DE-B2ED-4182-9BDC-3D442FF41D80}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe | 
"{CE176AF2-57F0-4BD5-A9D2-9B5C611637AE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CEB0A350-DAE0-44D6-AB4B-7E5E7B7C82A4}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\dead rising 2\deadrising2.exe | 
"{D4587E3C-D791-4178-95B5-972734FF04A7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 
"{D6C35CCD-83C8-4E9E-90B2-D449587365BF}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | 
"{DBBC4C3C-A053-4473-890F-E23E6D166AB6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EA8321CF-DC9A-43A7-BC48-68A536433B7F}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{ED4760AE-90E4-4494-A764-CD9B9FADDC6F}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{F3513547-D4F9-4FEF-8EB9-335337B35CDF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{F74A392B-6122-4C62-B02B-89A7A65265DD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | 
"TCP Query User{821A4437-9E3C-4679-8E22-4450EA2B2510}C:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe | 
"UDP Query User{8F03911D-35F5-4F5D-9AA3-84CE636361B7}C:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}" = WinZip 17.0
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40F95BFE-36CF-481F-B7D9-8D8F2F3369F9}" = TSDoctor
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DC0FCEDB-11AE-4D88-8633-537292C3E705}" = Commandos 3 - Destination Berlin
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"BH - RT" = BH - RT
"Company of Heroes" = Company of Heroes
"ContentMod_2.6" = ContentMod2.6
"D-Fend Reloaded" = D-Fend Reloaded 1.3.2 (deinstallieren)
"Diablo II" = Diablo II
"ESET Online Scanner" = ESET Online Scanner v3
"FarmingSimulator2013DE_is1" = Landwirtschafts Simulator 2013
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.1.2
"G3QP231012008_is1" = Questpaket 4 Update 2 Deinstallation
"Green Devils" = Green Devils
"HaaliMkx" = Haali Media Splitter
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PokerStars" = PokerStars
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"Steam App 40390" = Risen 2 - Dark Waters
"WinLiveSuite" = Windows Live Essentials
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.10.2012 16:11:51 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DslMgrSvc.exe, Version: 6.91.8434.1,
 Zeitstempel: 0x4900aa18  Name des fehlerhaften Moduls: DslMgrSvc.exe, Version: 6.91.8434.1,
 Zeitstempel: 0x4900aa18  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000c41a  ID des fehlerhaften
 Prozesses: 0xe00  Startzeit der fehlerhaften Anwendung: 0x01cda17efdeaeb5e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe  Pfad des
 fehlerhaften Moduls: C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe  Berichtskennung:
 91583613-0d96-11e2-ba70-5404a67f4cb8
 
Error - 03.10.2012 18:35:11 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
 Zeitstempel: 0x4eb1a54c  Name des fehlerhaften Moduls: DAOrigins.exe, Version: 1.5.13263.0,
 Zeitstempel: 0x4eb1a54c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0046cede  ID des fehlerhaften
 Prozesses: 0x13f8  Startzeit der fehlerhaften Anwendung: 0x01cda187f78028c4  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Berichtskennung:
 97471daa-0daa-11e2-ba70-5404a67f4cb8
 
Error - 03.10.2012 21:12:55 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
 Zeitstempel: 0x4eb1a54c  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000030  ID des fehlerhaften
 Prozesses: 0x9dc  Startzeit der fehlerhaften Anwendung: 0x01cda1b785596f8c  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: a042cebc-0dc0-11e2-ba70-5404a67f4cb8
 
Error - 03.10.2012 21:34:43 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
 Zeitstempel: 0x4eb1a54c  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xcb0  Startzeit der fehlerhaften Anwendung: 0x01cda1cd90850aa4  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: abe3a05a-0dc3-11e2-ba70-5404a67f4cb8
 
Error - 05.10.2012 06:07:24 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
 Zeitstempel: 0x4eb1a54c  Name des fehlerhaften Moduls: DAOrigins.exe, Version: 1.5.13263.0,
 Zeitstempel: 0x4eb1a54c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000d7bb4  ID des fehlerhaften
 Prozesses: 0x2c8  Startzeit der fehlerhaften Anwendung: 0x01cda2aa509d3828  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Berichtskennung:
 74d16d43-0ed4-11e2-8ae0-5404a67f4cb8
 
Error - 05.10.2012 16:26:02 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
 Zeitstempel: 0x4eb1a54c  Name des fehlerhaften Moduls: DAOrigins.exe, Version: 1.5.13263.0,
 Zeitstempel: 0x4eb1a54c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00199b9e  ID des fehlerhaften
 Prozesses: 0x118c  Startzeit der fehlerhaften Anwendung: 0x01cda315a0c9b95f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Berichtskennung:
 e103dfaf-0f2a-11e2-9598-5404a67f4cb8
 
Error - 05.10.2012 16:30:44 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
 Zeitstempel: 0x4eb1a54c  Name des fehlerhaften Moduls: DAOrigins.exe, Version: 1.5.13263.0,
 Zeitstempel: 0x4eb1a54c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000d7bb4  ID des fehlerhaften
 Prozesses: 0xb84  Startzeit der fehlerhaften Anwendung: 0x01cda337be006c43  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Berichtskennung:
 890f02c7-0f2b-11e2-9598-5404a67f4cb8
 
Error - 07.10.2012 13:43:44 | Computer Name = Michael-PC | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört!  Fehlercode: 0x9
 
Error - 07.10.2012 14:26:40 | Computer Name = Michael-PC | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört!  Fehlercode: 0x9
 
Error - 07.10.2012 14:45:16 | Computer Name = Michael-PC | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört!  Fehlercode: 0x9
 
[ System Events ]
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Multimediaklassenplaner" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benutzerprofildienst" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 
Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 26.05.2013 16:28:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, 
ist fehlgeschlagen. Fehler:   %%1056
 
Error - 26.05.2013 16:29:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Multimediaklassenplaner" Korrekturmaßnahmen (Neustart des Diensts)
 durchzuführen, ist fehlgeschlagen. Fehler:   %%1056
 
Error - 26.05.2013 16:29:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart 
des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:   %%1056
 
 
< End of report >
         

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-26 23:27:18
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SM rev.1AJ10206 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Michael\AppData\Local\Temp\uwliifow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000074f01465 2 bytes [F0, 74]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                         0000000074f014bb 2 bytes [F0, 74]
.text  ...                                                                                                                                                    * 2
.text  C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000074f01465 2 bytes [F0, 74]
.text  C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      0000000074f014bb 2 bytes [F0, 74]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                              0000000074f01465 2 bytes [F0, 74]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                             0000000074f014bb 2 bytes [F0, 74]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000074f01465 2 bytes [F0, 74]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000074f014bb 2 bytes [F0, 74]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                               0000000074f01465 2 bytes [F0, 74]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                              0000000074f014bb 2 bytes [F0, 74]
.text  ...                                                                                                                                                    * 2

---- EOF - GMER 2.1 ----
         
Hab jetzt noch mal in der Quarantäne von Malewarebyts nachgeschaut dort sind folgende Funde gelistet, wurden noch nicht gelöscht:

Exploit Drop GS
Trojan Agent.gen
Rundll32.exe
Trojan Fake.Ms


Trojan Agent.gen
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run/ctfmon.exe

Logfile von Eset ist leider nicht mehr vorhanden

Danke für die Hilfe
Muss ich die Funde aus der Quarantäne löschen?

MFG Meister G

Geändert von Meister G. (26.05.2013 um 22:52 Uhr)

Alt 27.05.2013, 09:03   #2
t'john
/// Helfer-Team
 
Guv und E-Mail Delivery Problem - Standard

Guv und E-Mail Delivery Problem





Zitat:
Hab jetzt noch mal in der Quarantäne von Malewarebyts nachgeschaut dort sind folgende Funde gelistet, wurden noch nicht gelöscht:

Exploit Drop GS
Trojan Agent.gen
Rundll32.exe
Trojan Fake.Ms
Bitte das Malwarebytes-Logfile posten, das du schon gemacht hast!
(Reiter Logdateien)



Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

[2013.05.05 14:32:00 | 095,023,320 | ---- | M] () -- C:\ProgramData\of0dzj.pad 
[2013.05.04 02:34:16 | 095,023,320 | ---- | M] () -- C:\ProgramData\otolfot.pad 
[2013.05.04 01:14:59 | 000,000,153 | ---- | M] () -- C:\ProgramData\otolfot.reg 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Michael\*.tmp
C:\Users\Michael\AppData\*.dll
C:\Users\Michael\AppData\*.exe
C:\Users\Michael\AppData\Local\Temp\*.exe
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________

__________________

Alt 27.05.2013, 12:55   #3
Meister G.
 
Guv und E-Mail Delivery Problem - Standard

Guv und E-Mail Delivery Problem



Hallo hier erstmal die Logs von Avira und Antimalware. Hab gestern, nach Treaderstellung einige Games und nicht mehr benötigte Programme gelöscht, muss ich jetzt otl und GMER nochmal ausführen und die Logs posten, oder kann ich wie beschrieben fortfahren?

Code:
ATTFilter
Exportierte Ereignisse:

25.05.2013 23:24 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Michael\AppData\Local\Temp\BDF8.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Fake.Rean.2121' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ec1af47.qua' 
      verschoben!

25.05.2013 23:24 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Michael\AppData\Local\Temp\C77B.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Fake.Rean.2121' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '566980fd.qua' 
      verschoben!

25.05.2013 23:23 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Michael\AppData\Local\Temp\BDF8.tmp'
      wurde ein Virus oder unerwünschtes Programm 'TR/Fake.Rean.2121' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

25.05.2013 23:23 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Michael\AppData\Local\Temp\C77B.tmp'
      wurde ein Virus oder unerwünschtes Programm 'TR/Fake.Rean.2121' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

21.05.2013 04:03 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Michael\AppData\Roaming\amsecure.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5a047876.qua' 
      verschoben!

21.05.2013 04:03 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Michael\AppData\Local\Temp\23642372.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Kazy.176162.2' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '414e5797.qua' 
      verschoben!

21.05.2013 04:02 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Michael\AppData\Roaming\amsecure.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] 
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

21.05.2013 04:02 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Michael\AppData\Local\Temp\23642372.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.176162.2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

21.05.2013 04:02 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Michael\AppData\Local\Temp\23642372.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.176162.2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

21.05.2013 04:02 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Michael\AppData\Roaming\amsecure.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

07.05.2013 17:44 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Michael\4475414.dll'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Reveton.R.279' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '59a0b51f.qua' 
      verschoben!

07.05.2013 17:43 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Michael\4475414.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Reveton.R.279' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

07.05.2013 17:43 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Michael\4475414.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Reveton.R.279' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

04.05.2013 02:53 [System-Scanner] Malware gefunden
      Die Datei 'C:\ProgramData\otolfot.js'
      enthielt einen Virus oder unerwünschtes Programm 'JS/Agent.480412' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '59c5f3a5.qua' 
      verschoben!

04.05.2013 02:52 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\ProgramData\otolfot.js'
      wurde ein Virus oder unerwünschtes Programm 'JS/Agent.480412' [virus] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

04.05.2013 01:15 [System-Scanner] Malware gefunden
      Die Datei 'C:\ProgramData\otolfot.js'
      enthielt einen Virus oder unerwünschtes Programm 'JS/Agent.480412' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '560ad7d2.qua' 
      verschoben!

04.05.2013 01:15 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\ProgramData\otolfot.js'
      wurde ein Virus oder unerwünschtes Programm 'JS/Agent.480412' [virus] gefunden.
      Ausgeführte Aktion: Übergeben an Scanner
         

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.25.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Michael :: MICHAEL-PC [Administrator]

25.05.2013 23:23:13
mbam-log-2013-05-25 (23-23-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217264
Laufzeit: 3 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\jzd0fo.dat (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\rundll32.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
__________________

Alt 27.05.2013, 14:51   #4
t'john
/// Helfer-Team
 
Guv und E-Mail Delivery Problem - Standard

Guv und E-Mail Delivery Problem



Bitte die Schritte abarbeiten: http://www.trojaner-board.de/135599-...ml#post1070983
__________________
Mfg, t'john
Das TB unterstützen

Alt 27.05.2013, 16:39   #5
Meister G.
 
Guv und E-Mail Delivery Problem - Standard

Guv und E-Mail Delivery Problem



otl
Code:
ATTFilter
All processes killed
========== OTL ==========
C:\ProgramData\of0dzj.pad moved successfully.
C:\ProgramData\otolfot.pad moved successfully.
C:\ProgramData\otolfot.reg moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Michael\*.tmp not found.
File\Folder C:\Users\Michael\AppData\*.dll not found.
File\Folder C:\Users\Michael\AppData\*.exe not found.
C:\Users\Michael\AppData\Local\Temp\aoe3x-106-german.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\AutoRun.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\eauninstall.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\jinstaller142_19.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\standalonepatcherX.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\The Godfather The Game_uninst.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\tmp1CE2.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\tmp230A.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\tmp30C0.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\tmp3F9E.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\tmp41EF.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\tmp5FDA.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\tmp8046.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\tmp981A.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\tmpA285.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\tmpAA33.exe moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Michael\Desktop\cmd.bat deleted successfully.
C:\Users\Michael\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Michael
->Temp folder emptied: 328592526 bytes
->Temporary Internet Files folder emptied: 6341585741 bytes
->Flash cache emptied: 108152 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 475912285 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95672 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 2133 bytes
 
Total Files Cleaned = 6.815,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05272013_164759

Files\Folders moved on Reboot...
C:\Users\Michael\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Anti Root Kid Keine Funde

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16576

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.292000 GHz
Memory total: 8570269696, free: 6570565632

Downloaded database version: v2013.05.27.05
Downloaded database version: v2013.05.22.01
Initializing...
------------ Kernel report ------------
     05/27/2013 17:19:38
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\psi_mf.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\gdi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\urlmon.dll
\Windows\System32\Wldap32.dll
\Windows\System32\wininet.dll
\Windows\System32\msvcrt.dll
\Windows\System32\advapi32.dll
\Windows\System32\nsi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shell32.dll
\Windows\System32\normaliz.dll
\Windows\System32\kernel32.dll
\Windows\System32\iertutil.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800929a060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xfffffa800929ab60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007d93060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8007ad9060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007d93060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007d93b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007d93060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007ad7520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007ad9060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 535D54EB

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1953314816

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800929a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007c12b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800929a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800929ab60, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D2270544

Partition information:

    Partition 0 type is Other (0xc)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 31262490
    Partition file system is FAT32
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 16008609792 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_1_0_63_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished
         
Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 27/05/2013 um 17:31:01 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Michael - MICHAEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Michael\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

*************************

AdwCleaner[S1].txt - [2913 octets] - [27/05/2013 17:31:01]

########## EOF - C:\AdwCleaner[S1].txt - [2973 octets] ##########
         


Alt 27.05.2013, 17:33   #6
t'john
/// Helfer-Team
 
Guv und E-Mail Delivery Problem - Standard

Guv und E-Mail Delivery Problem



Bitte das richtige MBAR Log posten (siehe Anleitung)

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

__________________
--> Guv und E-Mail Delivery Problem

Alt 27.05.2013, 20:22   #7
Meister G.
 
Guv und E-Mail Delivery Problem - Standard

Guv und E-Mail Delivery Problem



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.05.27.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Michael :: MICHAEL-PC [administrator]

27.05.2013 17:19:40
mbar-log-2013-05-27 (17-19-40).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 232388
Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         



Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by Michael on 27.05.2013 at 21:18:15,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0151EA77-6F7C-4F2D-BDC4-EFE8E5A329BA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{017ECDCE-2CC8-499B-93CB-652492EB57CF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{021B0CEB-04C5-40EA-BD6B-630B0B80F72C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{023D7E98-F054-49EF-84FC-A808B5AEB06E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{026ADA08-6FA7-4F8B-9C8D-6FF94BD82F87}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{027BE3B6-7D11-4A49-95E7-66A4AC30A6AB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{028D8F8D-A8F4-4986-8E8B-16971B69A704}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{029FDAF1-2007-42E8-9827-0BFF3CF5A4AD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{02B149B1-AC3C-4485-B84A-FA5A6FDF0B24}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{02CF1C4B-55AC-4FE2-944A-035500DF9D72}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{02EA636A-D1A4-4711-8E88-8066E48F5BFB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{031D0614-959A-4C7C-BC51-F7418A162A01}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{03477F02-4EF4-4110-800C-759DC0F94FAC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{03EC691F-77F1-42EC-913D-A78B851DD6A7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{049C0F21-AF0A-46D1-8661-3114EF687E23}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{04D3BADF-DA25-49B4-A461-912662877591}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{04D4B7A8-A06E-473B-B192-D547D543B4D8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0566A59A-819F-4393-862A-0C55278A228C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{05AB608F-7F53-43D7-BF15-CFBBB15ABEB6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{05F8722C-D1BE-4822-85EC-74B0F5BEC24F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{063B4A8A-C54E-4750-9D05-EE0F16B0F111}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{065FBF7B-EFAD-41F4-875F-CE596EA9E599}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0674F5E1-F519-410D-A540-6ABA3FDD6979}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{068C38F4-0C0F-43DD-99E1-351AC389765E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{07CFA64F-2916-4079-82CF-73EA513912DD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{082F8BF1-81D3-4495-9B02-72F437CA7FBF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0898AC32-F46C-4FF2-B9DE-2895CAA8B94F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{089B594B-A1A6-47DB-8BBD-B7085E3258FD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{089B786B-2C71-40BE-B854-A8BC3526791B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0924014C-DBF4-485B-9185-43A53851C882}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{09AF5D22-9603-428E-8956-0901D27BDD69}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{09C10C89-FFDE-4B12-9A87-CEF9EFED9DB5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0A511864-F16F-4531-8766-03C1B837EFB6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0A6B2A2E-94F2-4FD6-97AE-25F05289699D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0A878EA7-E022-4D14-9946-89FD4D43A8DE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0AA869B2-093F-4244-9C69-35AF10027475}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0AF71F4D-629E-409E-B194-A951F9624049}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0BCA9FD7-A338-4AE7-A29E-9091CD1A19A2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0C55A0A0-A4B8-4843-949F-33F9F16B5B4D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0CC1CD70-C81F-4FB4-AE55-E164CDE2137D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0CC25522-7A35-4B4A-9A71-7D7EEBA0BCD9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0D3ABD07-D6C3-4815-BF83-3ED02A55DC5B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0DF46A3F-181D-4F74-AF3B-2FD78E1F6B65}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0E762CD7-6020-49DE-8760-8D39CD0669D5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0E950A94-14C2-44C1-83EE-A28A8688C07D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0EE6E5AB-F091-469A-BAA5-BAFB23B10A9B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0F047245-62E1-4FD3-B66D-DCFE4E968972}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0FB286D4-9716-43E6-81F0-21E46DC3B5EC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1017A19F-8368-4647-8B68-7817C971F04A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{10E4FD72-2F6E-4CD8-99C3-F2E48D5B0BBF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1101F50D-916F-4A74-8825-D26FAC4F7A07}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{115297E5-AEEE-4C00-A903-959ADED8D911}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{11890572-476A-45D3-906D-3344D26090D5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{11A79D5A-4F5C-4ED1-8F6B-6E80AECE29B1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{12BE1E96-2F0A-407F-AEA6-934E91B72746}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{12D49E0A-6DF4-4A63-8B4E-814FA82205F6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{12DBD530-8F83-47B4-94C4-58D6A7DB9499}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{14147918-C859-4E3A-B35A-7B12E5822BA5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{157DD684-1B23-4F7B-AE3B-2FE3E9F202F3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{158E7ABB-2590-406B-A4EA-814C063D247B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{163E0034-FD8F-425A-92D9-5226A52B5187}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{167D97BF-56CC-48A0-B08D-1C4B0E14A5C9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{16862D31-CC4E-46B8-B9FB-7FD4ED3C0EDC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{17745DC0-E7CC-4EB4-9E7B-750E05C5103F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{177EA65D-9AF5-49F9-8E99-F1832F30F075}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{18F30739-8EE0-428F-AD52-FE08402482D0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1903DB33-6E24-4439-8C56-5C5958CBBC8D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{196D363A-8992-4C4C-A897-94BCA6A4B957}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{19CD2A14-E3B0-46D7-B340-F91728C092AC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{19F902AA-640B-4B64-B5DA-FCBAFE6D876E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{19FC2F12-70B2-47B0-8458-2B2E05482A43}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1A15A6AD-1AA8-45E1-AAA9-146FA1B9576B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1BB295C4-8F97-4C80-9FFE-8CAD002CCC98}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1CF141F0-0AF0-4704-A2DF-96CEE2F49E49}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1D2E351F-0E02-4860-8999-146F79CAE7EA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1D4DB878-6FDA-4617-AB47-7CABE023D2D5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1DA23F04-A7E5-47D7-A998-2607CB3750BD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1E7B278F-7A95-4F1C-82E6-9F95133D94F7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1E8775D9-8A0B-4081-BF38-DBEE9617A93F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1EB4AFEA-C21B-4294-B0C2-2BC2290E158B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1EB641BD-45D0-49A2-AD86-22AFCE1F4609}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1ECF5F73-CA91-4339-80DB-15B1AB68C411}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{202368EE-F79D-48E0-B830-7D6101F25ABD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{203CE659-2E49-4FF3-B441-52175426DC14}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{209EDE89-5E35-40EE-BAB6-117C0AD67408}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{20D3C560-61B4-4FF1-B4C1-CBF78B9E1A47}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{217B4C65-008E-4C36-8E5E-8FA69C4DFB0E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{21C2B1FA-EE32-4787-AD00-783CD15FF0D6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{21E70524-FE04-4214-95F9-5E4B2C92E59D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{222B1A35-2EC6-4ECC-816C-CA052760D54B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{223A490F-B928-4A35-8DD9-2C44C4AF1F4F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{22717D86-FCB1-4D72-8CDA-FF6BDB65AB17}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{22F0EF8D-B834-4778-9288-B89218BC4B48}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{23BB15D9-C4B7-4064-ADB4-CB5EEAB9C33B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{23E54B20-E54C-4A42-9A27-008457256550}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2462C64A-04BF-40E8-92FC-D82579AF45DF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{259C25AB-A5A4-4115-A284-C3F5B8905BC8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{259FCE16-0276-4DD7-9996-B7787166BD0E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{260EBCE0-1287-4F00-85A5-D1E9ED51A03F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{27ED0F9E-C399-4F09-815D-9A20A4D76EDC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{283C11FF-727C-4A27-A1BE-081C88D7D5CE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{288E3A47-3B15-4EBD-B13A-988163AE616E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{293F251F-0438-4F97-A863-54A34C5FEB34}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2A24D401-B83B-4B71-9B78-5672D30EB73A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2A4F4D91-67AB-4032-9FED-670B2A6711DA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2ABEDD95-2D9E-4C32-9D9B-2D1B3C895C27}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2B394169-187D-4A8E-A4C4-61BC2AC75D9F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2B6B2BC0-87CC-4669-98EE-5BD65CC6F3FF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2B6D6734-3F29-4FCE-A3A1-E321054E7064}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2D9321A4-F2E1-4541-A783-6400D2E6BC92}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2E6C2BDE-8339-4C61-B166-F9689A5D9DC1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2F56B26B-8681-47EF-B5E4-D1E5946FDA94}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2FB1E478-33AA-474A-B86F-EAEB093033F9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2FC2B418-F30B-4F56-98CA-94BD73960E4F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{302AAE70-9715-49AE-A307-41C1AD381016}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{310F2E09-EE1B-49D1-A3BB-F1019F29C619}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{311BF7E5-93F7-424E-B37A-B913424C3853}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{32298098-4CE6-419D-BECF-E7C887B7E2E7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{32BC40A9-D516-4A0F-AAF6-A75FF9CFAB63}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{32E47A1D-CCEF-4196-8F79-CE374B66C376}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{32FFF58B-9C36-40E2-A330-48DF5BD7FDC6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{33BA1EE0-DC51-4844-8443-6AB0012B01F3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{34DD7D1A-3AD9-4090-AB5E-4F71467DA858}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{355A958E-2516-4D82-B8C4-AE6E94E82ACC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{357762C4-A6CD-4E6B-8463-099EA562AC4A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{35B7EE77-842F-4EF9-ADA1-F4DDBC307BF2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{35FFA324-64AE-4060-BBBB-C3649772C993}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3612A26F-39C5-47A7-97CF-11DB0584F8AA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{364CEB3B-8CEB-427B-AC95-1BED914A4C2D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{366E9036-14B8-40DB-8285-B14873E9954F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{36A5A988-E6D8-4992-B7B4-4D0041C1E10D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3711FF60-57B7-424F-B82E-0165BE8E9296}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{38504683-9D66-4B61-B2B4-2CF57E3BA5F5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3A6350D8-BEB0-462E-9956-FBFDC556240A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3AB03452-BB4A-49A1-ADA1-4CEAF3C4F480}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3BDB45C6-D760-48D4-9B73-1B2E6C1557C9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3C44917D-9C74-4963-8DC7-7B8097A6A9B3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3CC34964-510C-4716-9EC2-DAE8A81961E3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3CC5B09D-F4FB-430F-BB0F-E794E7D655F2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3D53ECDA-925E-40DF-86D2-4B805466D121}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3E371329-5505-494B-957A-672CD499830A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3EC5266D-28BC-4F7D-A25A-070E4D136D67}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3FE58DA2-7706-4985-93A6-E77E8D97748F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{40763355-B49D-4610-9B0C-1D48D01AF8E7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{40AD864F-0CCA-408A-B6BB-84D0CD63BC24}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{40BAA6AB-4827-4188-A24C-4B9B26ACF66B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4107C86B-449B-48C6-8356-91A360DD9351}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{41278F5F-1235-4A8A-A6BF-08B01DB4EE21}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{414487D3-7AE4-4133-9DA2-FE9924742610}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{41DDA1B9-45A0-40B7-834F-2AA4A714D917}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{422930D0-B636-46CA-9F88-333297AEC370}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4229FE43-5028-40CA-948A-5204BE2CD4F2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4254C308-CD12-41D3-ADDD-8C3C02728F37}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{42737AC8-4482-4AAD-BD9E-B682A27E2229}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{427DE144-693C-49D4-9BA1-51E2024567A7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{436C8FAD-E2A9-498E-AEC4-26A471CA8701}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{443B1613-554A-4290-9345-ACA769DEFCEB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4474B99C-68A7-47CE-B013-92DDEDB9E50A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{44D3F327-3164-40BE-86F9-6ADE736CB4FB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{44F915F1-BE97-403D-95A9-FAA2BE8DAF7E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{45160FC6-C1F3-4CBE-B711-AD86B34E43BE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{452B4057-E3DD-424B-B14B-F01002E9F97B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{45BE01E3-5F92-4F1E-9F3B-FFB0ABDDFE77}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{45D4BFA1-148D-49FF-9D81-4C9D2D9C5697}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4630561F-FA22-441A-9A24-0D0B0B223264}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{46919480-4F4D-4CEB-A516-8B3CA862C9B8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{46C4EB01-EC8A-4AFD-896B-51006FA96E16}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{47866A0F-F5F0-4DD8-9EC0-9C7A08156407}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{47FCC2CC-127E-47D1-9521-58E66870CBE9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4920EFD1-F380-4E57-9BC4-F2D29315AF68}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{493739D8-E2C7-4875-80B0-4826F9491688}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{49DDA66B-CC8A-45AD-A3C3-03071DB5F65A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4A941321-1D30-484B-8DC0-4CFAD74881A1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4ABB55A1-F4AA-4CA7-8240-D5914D09FC1B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4ADC4660-9E07-43D0-BF8A-94227E1B3B97}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4B1AD4C2-4862-4F2E-B70D-DD9C167A00CD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4B243832-E761-49F0-B6D5-7BEF8FE326A4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4B614A43-9534-4C4E-B25E-BC738426A8DA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4B628F37-FB90-4379-98A0-A37C05059572}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4B9A2572-4366-4FD3-810D-F5B1834359A9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4DBFECFD-0BEB-4EB5-A161-D6C80593287E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4DC12DC9-89C0-4E27-B490-08FE85959D76}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4E185679-6398-4D2E-83C2-39B6816BF453}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4E288B39-25EF-4003-AE76-04DE0D669140}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4EF1FF0D-D4B2-4499-9477-AA86EE886A51}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4F1AB97D-C916-41C5-AA12-4D41A69197EB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4FED927F-4CBB-4AB1-9C49-573CA2D14058}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4FF14E7E-9B2A-49DE-A070-84F698F105E5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5073FF30-C797-49D6-93EE-685972F54E34}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{513596C8-1353-4A6B-A6B0-F45BD74AF297}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{51AAED73-6C61-445B-90FB-A5FDE928390A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{522525E3-CE2D-4E76-A584-40D04A65FC32}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{524FEDA9-DB98-496C-9553-F66C6BE66196}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{527B0909-11F2-4F84-9C40-0B545BE5A5EF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{52F95D61-DF1A-4FFF-8F67-B824345D4FA8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{54773482-714D-47F4-8F21-0EAC76DB5CAF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{547C8B41-017E-4397-B6B2-F998056B3CDD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{54BCAD0D-8B66-46C2-862A-17B68C7979F6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{55A21DFE-62E5-43AE-BE6D-6A78DC656972}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{55B6CA0D-F2C9-4362-A282-E9F106A87181}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{55D151A9-F965-4459-AA9B-057A81F9A617}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{567296A8-0F2A-4FA1-86EE-3246CBF738C2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{572A631C-4C75-4DEB-93CD-7E0F956CD702}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{578C940A-0C27-4290-88FE-61434C0D9F34}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{57DA5D80-D602-4256-B207-956C8792B915}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5808F704-50C9-4BEB-A067-73D8EF379D32}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5850A077-9BF3-4AA6-AFF2-B9CBB461113B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5956CEF1-91A6-46A4-9988-76FBBE0B0F9A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5987C990-A22B-47BD-9724-08D255AD2296}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{59AD6134-C1CE-4C6F-BF62-544849651BAC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5A38BCF8-ACD1-4A0A-9C7B-E2992CC22C69}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5A83D408-22F6-47B0-8E3B-E5F0BEE0CB08}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5A8421EF-5474-4B77-B093-B810B7B80EE6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5B9D02CE-C30B-4EED-BE74-EEEF910A4CF3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5BFE0D0F-0EFF-4A55-83C6-F4D05E0F394F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5C5215FA-4478-4806-AA6E-8749D1CF23E0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5C60680C-37C4-49FF-8D29-6BB9F74D8077}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5C747B03-84B9-4516-A7F4-A0739DD923DE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5C818CAB-B0C0-4B6A-A7C8-95B22838E9DE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5C8EEC66-FEC3-4B01-BCCE-4151D4A0A240}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5CE76592-2756-4809-A732-66D89D5F31E9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5CF90E1A-9B19-4C35-B994-1EB65AD4CB8B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5D800B7B-5C55-45AA-B514-62E70815F72F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5E145FED-501F-48D4-947F-D9A10BE4A247}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5ED17147-9453-421E-A18E-E6CBD32AE431}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5F16682A-C214-4AFC-8DF3-11226DF5D7D7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5FE2E6A0-FE9E-4F89-9C88-1B1646161001}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5FE3F838-596C-45D8-8819-96E633B04907}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{60167E1C-2B45-4A73-A786-631DF17DCD8F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{60257324-7915-42A4-959F-7261D8B4849A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{60DC485B-538C-4C99-96A3-17C8A6FE0AD0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{616CAD4C-014C-4973-B097-7772D6FC88B0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6179E697-5412-42C9-8F04-6268B602565A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{61E01267-1B81-46C3-A27B-398AC0A1C51B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{61E4F9A9-0ABA-47AD-8D59-194E7D92853C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{62796B2A-E597-4213-BC14-8BCC66C818C5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{62ADDFDE-E7DC-40B5-9C9B-BD91E36413AC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6310D716-FA9D-4A35-A340-8CFDB9F7DEF5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6347B8AB-870D-4EFF-A58B-2F50CBB543BC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6366112C-EAED-42AC-895E-853EA7B7F925}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{64378A06-C759-44C4-A3D7-E6CBFE3DFB12}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{646B29F9-A99C-4672-91E7-DDE8AEDFF025}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{64858CAF-7F44-4853-8E83-F8D55C21B850}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6532D181-6AC1-424E-9678-C50E9F44C573}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6637C8E2-A130-47AA-A06C-75CC576D7068}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{664491AA-C554-41EF-9DC5-4EBE1BD26D3A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{66C0EFC6-66EB-4573-9D44-63A3F3279114}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{66E7FC2D-8595-45AA-B7C8-1D4A7FB2A422}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{671B282F-F859-4EFA-8351-058BE055571C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6823D4F5-B409-4AEF-A507-3E4F286C7A57}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{68F201F9-13BA-4222-BBE3-5201ACDCADCA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6A60D407-DA91-4CC3-8ECA-1BE85211BE62}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6AAF08E0-B7AF-4E11-B7F7-B1F0A77720CA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6B6CD567-48CC-4E85-8454-6C19F0D81CDE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6B920803-33AC-40D0-9287-9E50004A9344}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6BB362F8-286E-4E31-8380-9B18868976E0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6BD400B2-8230-48CA-A6DC-898C42756ABC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6BFF29D0-C5A7-4409-8E07-E04CBEF8907C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6C7169DE-1FE9-4470-80CC-0114A3CAE1E1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6D9ABE48-BBC1-4B8F-B26B-0A15ECF43B85}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6DFEC746-BD6B-4116-8700-61D32860B826}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6E284F38-0C70-4BC1-9AF5-F523DA885E14}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6EFCD997-ACF1-4579-8F57-70AE697E5610}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6F07962D-430A-43F6-95DA-8E23CFFE3357}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6F920687-CC76-4456-8E5C-C6826F7BC6C2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6F99017C-85E7-49BD-849F-80E0E40EF7BE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6FA8BF44-8AD1-4005-8626-35B6EB8F989B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6FB5735E-01C0-4D1B-93BC-F0726E60A271}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{71137BA1-E19F-4AB5-9E34-698B938862C9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7188C3E8-5ADF-462E-A9F0-DA340544B362}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{72A447EF-2988-488B-98FE-575045AF2581}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{738AAE06-02DF-479C-979C-B572984F96EB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7579BF0E-F845-4F8A-81C5-1B1993CD3868}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{75EEE8E6-3D30-4D1D-BA2C-444DD930912A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7665EBC1-92D2-4032-ADF5-38D04A0842D7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{766DBC22-EF3B-489D-A050-C78C4E56BC5A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7680063D-9B6A-4ABD-ADF3-88CF6941588F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{76D3A304-6D0B-4EED-8E38-9AC65ECF347A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{76D60E98-7EC0-451C-8A0D-EB27CA991BD0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{76F582CC-F105-41BC-B626-AB3596CC02CE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{77457CB2-22D2-4512-95CD-8F94ACC6638A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7967033F-F2A1-41C5-9564-EFA63ABBD2E6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{79C2131C-C5DE-4F85-BF96-ACE2C26C37FC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7A33C1B3-730F-47A9-A95C-B44F595FC5A9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7A562509-F641-4E67-955A-43493E2D733A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7B7AF32C-086E-4818-8AEF-9E51A5644099}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7B9AACB9-BE60-4B86-9A98-1F5A39646E21}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7B9AF0D3-4877-4850-8EAB-958704FDA830}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7BED0AA0-AB0F-4803-94B0-2CB370030297}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7C52C97C-49A6-4FDB-860A-3073CFF31AB5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7C80078B-2D24-4C9C-A6EB-87FEF71724FF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7C86FBFA-9963-480C-9753-6E22D9BBF90C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7D95C0D2-8620-4782-AB0A-21AE9E60C716}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7DA61E13-F09D-45AF-89D3-5E7EC6175973}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7DD89948-AAE8-405F-82F1-8006067CA698}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7E4DFFBB-7207-43C7-97CF-979CB7B6915A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7E976CC0-2195-4F5F-B874-AF8808EC938B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7EB1244A-99F7-4B63-B236-80C3502D32C2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7F636BEA-4723-4056-86DD-5E30078FA414}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{804F9126-450B-47E4-960D-23DDF72BAB18}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{80A9ED80-5C70-45BB-913E-D99F094AB8DE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{80BB9A59-64B0-43D9-B592-E1C2C022AB7B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{80FA897E-FB6E-42A6-A01D-F8E3F01A51B8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{819716B4-A5FC-4831-AA28-2C22D6C14940}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{81B73316-4FD5-41F2-BBE1-B6F607253A89}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{81E96F8B-0F95-48CB-A922-79CCA58CA927}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{81F17EF2-84E1-4B34-AE18-9303A568D45B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8224151F-2D0A-4D36-A40F-D66C6870D6D7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{82434138-26E1-46ED-BC5F-01A5C892DA16}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8290A67A-24AE-4F4D-AE36-D408E51AEB3B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{82FF4CA5-E847-42BA-9E20-5A9B85D8F1C0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{83957060-6084-4FA4-BCF0-01A9073648C6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{84610457-3AC9-4BB2-A9AC-B2BF805B8B47}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{84EF0336-1F8A-4D07-AF54-B2F42DFB8DB4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{85ACF43F-DEC3-4DA5-9163-0A121E2D64EB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{86267651-D957-407B-83E9-85701363BE9C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{86A70B9E-0045-4CAD-990D-228F42B05B28}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8726968A-839F-41C0-87E0-B5F103DDDCC0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{87584A78-85AF-42F5-A058-26B6BDD50DFB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8781CE53-2C16-4F8F-BA19-3E82E9815907}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{88C63AC2-4D2C-4D60-9B02-143B4E77D71A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{892E1321-46AD-42CD-B91A-A2D3294D95EB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{89B3CE5B-4315-4466-B3B3-D40E7B05004D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8A2BB8A1-5552-444D-90A5-066BAE31F88C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8A3A2490-B951-46A4-B166-110BD2088532}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8A3DE1A5-DF67-41B1-BB4E-1CFD78AF4E5D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8B9F3618-DBD9-45AC-88BD-C52615A3812A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8BFAFC03-A936-4648-B94F-D22FCDC62B6C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8C1DFDAC-8EC3-4FEA-8163-900F1D80CD2E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8C834E28-0109-4C42-8594-3EB180857947}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8CDC07DB-77DE-4DF3-A1C5-F63354A474E0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8D6E10E7-0070-49E8-8405-29D770C60731}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8DD93B4F-121A-4F33-A112-4E78C2ACE761}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8DFAEED5-4BDE-4F6C-9F9B-9D1589960E52}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8DFC7592-A141-4148-89E8-E151F95B5EEB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9010A00F-938A-4C87-8603-EFD130EF3D03}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{90D8CCE6-04DA-40D1-9071-800D9FE2A51C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{91247578-A9EC-4F98-A761-FCFB42D4BC3E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{913BEDDE-3043-4B31-AABE-9E5DB1C0A4D3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{919259F6-88D9-49AA-8771-54720D99A546}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{92338130-FC92-46D5-86D1-4F2886395239}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{924A9274-3C07-4279-BA5E-8737F32EB253}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{924FFCE9-CBD1-4FD7-AB63-47B539065872}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9278D1C1-C37D-445C-8D28-50671E309DCE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{93280AC3-1FCF-4CFE-8913-9A0536E1AEDD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9549B13B-2EFB-4110-83CD-AD8832D0B6AD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9549DEC8-00FA-4952-A2EA-E26CEA9BADB3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{96A03970-0C76-4E8F-8825-66C3AAB0D21E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{974E768F-39E2-49B1-8352-06852363764A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9787415B-4E23-43D4-B942-F2B8F60C0609}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{982F6D93-7BEE-4F89-BAA0-CA533303BA42}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9848823B-F6E4-456F-A9AF-E6CC4794A31F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{98A28421-1CAA-4674-99E9-EC9A0ACB418B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{98C9CF5A-F475-4212-885A-BD700B44F69E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{995257A3-C73D-4229-8B46-63BF60E5EF1C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{999198BA-50A4-41C0-A532-E0FD13ED37AE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{99EDFFDA-5523-448F-84B8-0A715AA2448E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9B5D294D-FAFA-436A-9EDD-079D64886281}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9B5F6B93-1F3B-4B0D-80CC-9FA8D7E704DC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9BC26A7F-DC70-4A80-899E-EEBE498FCDE5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9BC6FD37-2E28-475A-8A7E-56C1BCC329C2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9BF9B106-007F-4370-8237-9A637ABA2984}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9C17D669-6064-451D-BB43-9B8E150A0971}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9CA0EA8C-C6D2-4AB9-B1AE-5B8D6A3422C1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9E330F50-7CCF-4A03-A203-2997D9F52A51}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9EA2FE79-E69E-4524-BE49-64D62DD69FE5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9F05903C-231D-4E03-A6F0-4E5CA1AEB740}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A057E80B-4DF4-461F-A1B1-699B458EBAE7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A097A3D6-C40E-4D9F-86D2-11D3A3EA6C18}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A0B0CA96-482E-4F06-9B73-83FA80416B43}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A128CFB9-287A-4BCF-9AA5-DDC61260E205}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A185A7E9-4088-4AF7-9C79-6E818A587A25}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A2940CF0-128E-4335-9304-7C5D687466E9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A2C908D8-4276-41EB-A742-2ADDE1999AAC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A31C9B86-5FBC-49A9-99D1-9350C1DDDA74}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A32AC6FE-6B48-4CE6-B6A7-3A536EF71ED6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A34DFD25-BF4B-4198-BBB7-70DC630C2A3E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A3579799-D93F-4A75-843B-CBC08A7EAEF9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A395B680-F58D-48BE-8340-EE3725EAA1B0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A3E7C053-54AA-430C-AB31-74A9DBF3C2A5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A47A0CF7-86FC-41F9-9BB4-29E16A41C3FB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A49A5E73-5A10-4BE5-AA46-D173B6316A31}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A4C6FD8E-A908-440A-B831-47AD1F5C67EF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A54F5174-7639-4C3B-AB0D-FE5F3DEAED07}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A5648568-F12E-4819-928E-E3DA33DED889}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A5AACA59-F19A-4ED3-8939-9D49C5FC00C5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A6F96CDB-1FFD-4D0B-9C73-0EFCC80959E7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A722698A-B528-41E6-A18F-2C28A81DC24F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A734D32D-FDAF-41AD-A110-DFDF595455C6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A76B8317-6A01-42B9-8F85-292717A1C672}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A771454C-AD66-453B-8FE0-00101499F9DA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A794543F-D70C-4D7A-BC78-2891AB2F4DA2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A7B68EB7-ADEC-4594-AA35-E083FF78AB1E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A7D65EBE-5FD7-48AC-A9AD-ED081F85AC29}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A8334759-FED0-413B-9F82-49A0DFB4C4FE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A84A2D85-8866-4D06-B6AC-251F7FE1EBDC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A877426E-3232-454F-AF2B-847650E6E5EE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A8E2158E-EB85-4F05-B128-C5C5DC5B24B1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A91FC547-1757-4C7D-8B1F-5DBCCA8CA9DA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A9C909E9-A6FD-48FE-A78D-3D6D09B608B2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A9E86264-8470-4487-93CD-FF3DC06B0D98}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AA07145E-5C02-427A-A429-A5C257758901}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AA295E88-9579-4DE1-86A2-8365AEC12FB8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AA60D055-C1D9-4450-9109-1DA18659AFB7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AA666BAD-0760-4260-A506-D74A3ADF7A9A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AA7D9EA4-F31C-4F8F-943D-46455BFF3C9F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AAEE7806-F36D-45F8-82E6-184B2B4355E5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AB1AD207-432D-4410-8871-2723BB83D916}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AB4C8AA9-DA25-45B9-BEC0-8382BC6DAA84}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AB69414C-4980-4D2F-A03F-3667C06EF60B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AB723D4C-CEA9-4BF3-8C01-06C540E0AAAD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AB8241B3-B75A-4CDF-8756-3AB2CCCEAC46}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AB82476A-23CC-467B-A501-E39E4848B505}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AD0BA3ED-61CB-44E9-8761-C9881F46AB58}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AD778594-ADEC-4003-97B1-8BBB9CB629AB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{ADDD2999-C015-4CEE-AFA5-A73E37FF967B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{ADF5DDCC-0D31-4B7F-AAD3-C30D6E3D2B75}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{ADFF3ED5-F1C8-477B-9AAB-F8D3EC121CD5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AE0934D8-D64C-43DE-9D36-5BA0B92D0F53}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AE324FD0-2874-47F4-96A3-3C159F1101DB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AE54F246-8A8B-4E81-B19E-86DB1FD3C827}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AEAA85F1-B9A0-40B2-B6E9-E09BF0C74008}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AEF56708-E84C-4E52-B1C5-5C4FE6E6C434}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AF0521CE-A500-4A52-9FD6-9B6DCFAD013E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AF7D37F5-B6CC-4962-BFAF-CEF199C36B2B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B048F978-CD33-4E02-865E-1EC860A05C8B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B088ADB8-B335-4677-849E-CFB47CC7CDCB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B0B525F1-ED79-4BA2-B631-25DFC6977594}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B1833842-9A3F-4636-86E0-B75179073E48}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B21084A3-146C-457F-B58E-C36B5229A01E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B3A25673-4731-45AB-B5F4-1EEA5731D986}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B3C8BB0D-92CA-4A8D-B2EB-41D23CB7A6FD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B3FB8A01-E501-407B-8092-723F0D7D17A8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B415E5B2-2B64-4B99-B7B2-DDBC75FBE17A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B42209D7-0994-423E-A2DC-7292E54C57AC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B45B1A78-E4A5-4563-ACA0-93CC2E441979}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B55CC2C4-7533-4AA2-9F36-3C8032B5E020}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B5653050-C7BF-45D0-9CE5-8807EC6F4DD0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B583FF9F-9A59-4B8A-A88A-516E19D80713}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B655216E-7FED-441F-83EE-E074F7589B80}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B6F57F5A-C6BC-4A86-8A98-2B316FB080F7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B6F9DB04-DB25-4628-97D2-954109D40421}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B7647BE4-29C9-4D92-AE28-65998D566D26}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B8133E5E-E71B-478E-89E3-15DB0EED81C3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B966BF51-FCAB-4AC6-85AE-928D82ECE6CE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B9B0DFFF-FF9F-41CA-AC80-959779FB9EB9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B9BE2034-EBC8-4FEF-8155-6CFA8D916DCE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BAECAC96-3E64-4761-AE15-0360813C6A66}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BAFAA14A-5490-4C11-9476-9608249AB147}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BBB385CB-FCFA-4891-AAE1-F4B7FCB91607}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BBC2BDA3-F6DD-4EFE-9513-5CB0D70733DA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BBC993BC-DDE7-4792-9EF0-4FA5B16E9EEF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BD2914A3-0CF9-4996-A9DB-874C6B7F10E1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BD47F8B9-DD9B-4822-B841-51414D1F8BE4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BD58D8CA-B86D-4105-B299-92593596E84A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BE6F0E4C-B16A-4DBF-8E63-34FDB1EF98BE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BE804F3E-0580-4BCB-96E7-C50D1AA4F086}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BEE6DB5E-30DC-45BC-A52E-6909555AED60}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BF2F9E0E-2228-46CC-A8A0-554F68EC3336}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BF3233E2-3ECA-4EA2-837A-E097DD36DA57}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BF76FB5D-C597-4A0A-B7C6-9FCD86348286}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BF7CA1C9-EE3B-4059-9C65-A28CAA83B7F9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BFE04C3A-5BC8-4F2F-A845-DBCB9ADF55C3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BFE5774D-9C2B-4A34-81CD-A0689BE6BAD8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BFFE6FD9-FEA6-45A4-90AE-270E09580AD9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C1EEACA2-5DC6-48D9-B4B7-F31FA2DA34B7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C230DEA8-D3E9-44E4-9D3D-C7289194BCE7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C2A4A18B-EE46-41B7-BF33-0A9AF595468F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C38BC1F6-5C45-4573-8233-4028829D2408}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C3C39BA7-BB16-4CC0-8A0B-283B616E03F8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C42966F6-7C71-4919-8C92-AD5E7BC0D435}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C4698A80-8487-4FDB-A438-FAADC357455B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C48C3486-47E2-4989-BD1B-47592B320947}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C540D179-68ED-48DE-ABB9-8D92687E7FEE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C5A817AB-DD30-403A-9B98-43B417556A64}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C60E7F21-4B20-4AF4-805A-7B2B0C4654DA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C63D4944-1652-412B-937F-82F4582889BB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C6532ECC-4DD7-4D3A-A962-2AF0A73B4A1D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C65EA7B5-6742-4D5F-92C1-B392653D795E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C66C62A7-DD1A-4D55-9D7D-2A8CE0D72D0D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C6BF343F-BD7F-4109-961E-E94F6C5AB7B6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C7304288-E80D-43B6-8F74-B20A738421C1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C7ADFBF5-423F-45F7-AA8A-DF848218AE68}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C83B21F2-D7BA-4AE1-8B12-B704B2551BA7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C8FBFBCD-DF00-48AD-85B9-F7D6777FF85E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C99F98BC-A125-48BA-BFC4-70AC91B0963E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CA5E53F3-ADAB-4927-A928-6EDFA99545D7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CA6DF742-D15A-43ED-B150-9A482951D09E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CA8745E3-EBB9-4AA5-B58C-5D70839E5855}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CBA95518-9CA9-42FF-859D-5A5C4565FC1F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CBBB69C7-AF56-4EDF-A8CD-0706C5692EDE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CBCE66D9-8EF1-4098-A5BF-CA29EEF729BD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CC25B46C-8E16-46AC-A529-9A4A8CA3C65A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CC34B056-D9EA-41A8-ABF5-F323AA9BF583}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CDF9E505-CC3E-4819-A6AF-A97913C4C489}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CE429DE4-6BF6-4CBE-9EA7-085DA973E6DC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CE65BC7F-6B2C-4F72-ACDF-F8C42B36BFD2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CE6DD9E2-9DFB-4DC3-ADE6-43086C6E49D1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CEBB0969-BAA9-455B-AD78-FBDB427B536A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CEE88089-2368-4822-882E-B91E5511FC8E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CF2752D6-7DFE-40D7-A36E-6012BD59371F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CF3FB48A-E5B1-4FE8-9C61-3C8B1810A81F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D04644E8-4036-4867-87FE-03D482F92571}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D04CB051-92D2-4641-BB12-3491A05C58BD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D0ABCEDA-9ED7-4C8D-A71C-9997A87D7F22}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D0C41B48-31B3-4AC0-96AD-2A8A18A0A5F9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D0F91C33-77AC-4704-9BE1-2CD38937B3F9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D18F5B24-C579-49E6-BE90-392D6C81927D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D1BD6D12-5905-400C-B070-A791774B74CC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D2F2ADF6-68CC-4D5E-AA16-896EA53D3A66}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D30C486B-E424-4740-B6E1-640941E74256}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D327EA1D-EE7A-4BE5-A854-3FE44A0C8B42}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D3D469AA-5500-4799-B9E3-9D3431460795}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D3F809A4-2E85-4BB8-A71C-457BFC1E7A5A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D43F09B0-1828-4824-90D7-BC7F492875A4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D599AB46-BAB0-40C8-8811-F6AFD35386A4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D5B28B1C-A454-4EA4-93AB-7850F507B033}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D613E821-D160-4696-8ABA-C61D3E601787}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D6854A64-E3B8-4DA3-9DFF-66E4F1558D56}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D717C318-54B8-483B-BEAB-587062536FC6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D7A71454-1D77-44C4-AA82-5C03C40D99A1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D7B310F0-2659-4F21-9F75-A3C81243D703}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D7F19832-4BBD-4123-B0C0-A169827B7298}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D82641D0-50F9-4071-A44C-9E796A978E1F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D82DCDF7-7EB6-470E-8CE1-45D737198AC8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D8340EB4-8672-4A93-9480-CDD33E0ABE81}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D85DE62E-FBDE-48B5-84F2-D1375171683A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D8CAE65A-0151-4849-8A3D-804BD89D65A0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D8DBE644-BB36-42C8-9EA3-C95514E1E13E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D9ED5E04-D807-4446-AA0F-CA37E27BEB26}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DA7ABC83-A740-4B13-B781-4F26CF971AD1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DA9D7AE1-FEA3-4A10-A329-92408DB0F13A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DAE6ACC9-3F2E-4B35-AB9E-6069934546DE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DAF35BE4-0C75-4CFB-BD33-044E808E00E2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DBA961CB-55E9-4785-97BB-4BB8AF1C96BE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DC968B44-D1E6-421D-B0D9-BB9A3C1A185F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DD51D586-080F-4F02-A9AC-A9158AA9F4FC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DE8BBC62-D452-476E-BF82-94B2B58C0934}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DF65032B-B091-420E-ADDD-6335311AD183}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DFF633E5-1623-41E1-B144-E9E68174DEDC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E050F07B-5033-49FF-9B44-D8C48DE2A223}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E08F212F-6953-461E-9BBB-95F5578706BA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E1CD2CA4-D0DB-4020-8956-16E713713B5F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E2283E66-CF40-4F13-B26C-380EE0810754}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E2C3A162-2FB0-4CC0-8E2B-6AD2B4E97853}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E2E6F89F-CDCC-46C7-91BF-B755E5E2CBB6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E2F33A69-98A2-41B5-9DF7-427325F16C49}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E3AC0BAE-0B2D-432A-8078-942DF6D92EF6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E4BA81BE-220D-4F50-8814-EEE19F146B48}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E510BF98-3529-4801-B308-EC5423295D56}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E5C01CBD-206D-4411-B437-F3067574B1DA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E64DA07A-EA51-48B6-9E91-3584310479E1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E69DC3B4-9038-4E1A-BFA2-98DCBE7652C0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E73B0565-9440-4571-87CE-5184462858E2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E7636476-A60C-4324-AB37-1ACD41100C08}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E78B1930-3DD5-46D4-82ED-C03EC36DFE6E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E879E41D-8481-46BF-99B6-8E222FE41C4E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E8F83646-9102-4B20-854E-0FA141920CDE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E96CC9B5-142A-4030-B173-FF7C5706E7C5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EA6741B5-C0C0-496F-B4FC-A561EDD0D925}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EA7A5E30-6EAF-43C8-B178-D1754DE8A05E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EAF6C1BC-B30B-4D97-A8E9-80DDC05A07A4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EC34628F-057C-4F86-B295-AD08D7CFD6C0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EC901754-2AF6-4337-ABC4-7E76F2806844}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{ED8F4021-81A8-47C0-A6CB-3338AFDE0FE1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{ED9A397C-988A-4309-ADBC-3EACA5474C21}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EDC9C6C9-4BED-45C9-B6DB-1022B7DE59EA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EE8365A4-27AC-44C4-8BA3-456C6497D115}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EE8D926D-EA9C-4ED5-AD88-C33C0945909A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EF3C30FE-FBAE-4EF7-9731-3B3FA0C18A03}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F08B8787-90E3-45E3-806A-22185D04EF89}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F0965195-68D5-452B-8E13-2B5EB5507C97}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F10B3C84-D76F-4ED5-BBC0-0D42D621BF1A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F127F9F0-07A6-4BFC-997C-FA8D77EB4565}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F2AF32A1-6337-4F7A-B778-915D46B3E74B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F3631CC9-298C-467E-8177-5626A4DA5E63}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F3A7D56F-0817-4941-A24D-E4FDBE56B318}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F3AF719B-C85F-4C1B-B746-1B21BA0A2ED6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F47B6CB7-89F1-4437-8441-3F5A8DBEDF8C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F5517C9F-D72E-43E8-B2C1-626D4302D078}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F5D83348-389D-449E-9EE0-59B887025908}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F62F8986-9275-46EA-99D3-8B9F0BCE7FF9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F677056E-5B50-4C28-A489-33A00DED87E1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F6BC3CF9-8124-4AFC-869A-9D7DC0DEB6E8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F6CB7BB1-69FA-4340-8CAF-983C8A989F52}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F7216B63-337F-4ECE-9ECF-E8CA81B0DEF4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F77756E4-4564-4868-8EF2-1E198B05D956}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F7B81FCA-27AA-43DB-B704-4CEB328BE8C2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F80D56F2-BF46-42C0-9743-AFD02CBB2BB3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F88B3665-A7D9-4F4D-82EB-20E9C2B923E6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F8AAEF30-1C9A-4A55-9630-4163D191AE5F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F9202B3D-BF65-4E45-BA1F-4565197FED99}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F9627DE6-6EAD-4B32-8A4C-83E67447EE6D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F9735BE6-67DE-4CCC-9E63-1DEB70C232FA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FA646D56-8EF5-466C-BE4A-E3C25FD4E52C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FB16C49B-C58D-4462-B950-61E44D3F19D8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FB4BD19E-3D0F-4F12-A664-2E3888008472}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FBA7F116-27E1-43B3-8654-A824676C6C3D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FC1E28E3-45B6-4732-AC2A-25BA916ECEE6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FC276344-0302-4744-AF02-009F3FAE1937}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FC87D0EC-2281-43C9-BA55-FB26F89E0EF7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FEB6BDC8-DE69-440D-AD51-C8AEB195E4B7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FEBBAC2D-5E3F-43F2-B385-461D88AD10FF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FEF1AC6F-13CE-4A7C-BF84-E44E344276DA}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.05.2013 at 21:20:06,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 28.05.2013, 10:08   #8
t'john
/// Helfer-Team
 
Guv und E-Mail Delivery Problem - Standard

Guv und E-Mail Delivery Problem



Sehr gut!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Mfg, t'john
Das TB unterstützen

Alt 28.05.2013, 22:33   #9
Meister G.
 
Guv und E-Mail Delivery Problem - Standard

Guv und E-Mail Delivery Problem



Code:
ATTFilter
-----------------------------
18:41:23.816    OS Version: Windows x64 6.1.7601 Service Pack 1
18:41:23.816    Number of processors: 4 586 0x2A07
18:41:23.816    ComputerName: MICHAEL-PC  UserName: Michael
18:41:24.471    Initialize success
18:47:40.581    AVAST engine defs: 13052800
18:49:55.404    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:49:55.404    Disk 0 Vendor: SAMSUNG_HD103SM 1AJ10206 Size: 953869MB BusType: 3
18:49:55.498    Disk 0 MBR read successfully
18:49:55.498    Disk 0 MBR scan
18:49:55.513    Disk 0 Windows 7 default MBR code
18:49:55.513    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:49:55.529    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       953767 MB offset 206848
18:49:55.545    Disk 0 scanning C:\Windows\system32\drivers
18:50:04.515    Service scanning
18:50:21.316    Modules scanning
18:50:21.316    Disk 0 trace - called modules:
18:50:21.332    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
18:50:21.332    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007db0060]
18:50:21.332    3 CLASSPNP.SYS[fffff880019a143f] -> nt!IofCallDriver -> [0xfffffa8006c90d40]
18:50:21.347    5 ACPI.sys[fffff88000f5e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80077b6060]
18:50:22.049    AVAST engine scan C:\Windows
18:50:23.874    AVAST engine scan C:\Windows\system32
18:52:54.433    AVAST engine scan C:\Windows\system32\drivers
18:53:03.840    AVAST engine scan C:\Users\Michael
18:57:27.077    AVAST engine scan C:\ProgramData
18:58:26.965    Scan finished successfully
18:58:47.651    Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
18:58:47.651    The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=54ca165b574b044597784719ee90563e
# engine=13939
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-28 07:32:50
# local_time=2013-05-28 09:32:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 10942 140437275 3733 0
# compatibility_mode=5893 16776574 100 94 2985879 121399420 0 0
# scanned=163927
# found=0
# cleaned=0
# scan_time=3597
         
Code:
ATTFilter
Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (3.0.0.6001)   
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 21  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 29.05.2013, 11:48   #10
t'john
/// Helfer-Team
 
Guv und E-Mail Delivery Problem - Standard

Guv und E-Mail Delivery Problem



Aktualisiere:

Adobe Reader: Adobe Reader - Download - Filepony (Alternativen: PDF Tools)





Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.05.2013, 15:06   #11
Meister G.
 
Guv und E-Mail Delivery Problem - Standard

Guv und E-Mail Delivery Problem



PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.



Browser nicht erkannt

Flash (11,7,700,202) ist aktuell.
Java ist nicht Installiert oder nicht aktiviert.

Adobe Reader 11,0,0,0 ist aktuell.



Zurück


Tools:

StartSeite
PluginCheck
Secunia Online Scan



Weiterführendes:

Java Updaten und Einstellen

Secunia Personal Software Inspector (PSI)


Family:

TR/Agent

Alt 29.05.2013, 17:40   #12
t'john
/// Helfer-Team
 
Guv und E-Mail Delivery Problem - Standard

Guv und E-Mail Delivery Problem



Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.




Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.



Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Alt 30.05.2013, 00:49   #13
Meister G.
 
Guv und E-Mail Delivery Problem - Standard

Guv und E-Mail Delivery Problem



So habe soweit alles abgearbeitet, hatte bis jetzt nur ein Nutzerkonto habe jetzt ein 2. zugelegt.Wie bekomme ich jetzt alle Einstellungen und Programme in das 2.Konto?

Soll ich bei Malwarebyts und Avira Funde in der Quarantäne löschen?



Mfg

Alt 30.05.2013, 10:01   #14
t'john
/// Helfer-Team
 
Guv und E-Mail Delivery Problem - Standard

Guv und E-Mail Delivery Problem



Zitat:
So habe soweit alles abgearbeitet, hatte bis jetzt nur ein Nutzerkonto habe jetzt ein 2. zugelegt.Wie bekomme ich jetzt alle Einstellungen und Programme in das 2.Konto?
Am besten degradierst du dein jetziges und erstellst einen neuen Admin.

Zitat:
Soll ich bei Malwarebyts und Avira Funde in der Quarantäne löschen?
Kannst du, ja.

wuensche eine virenfreie Zeit
__________________
Mfg, t'john
Das TB unterstützen

Alt 30.05.2013, 18:40   #15
Meister G.
 
Guv und E-Mail Delivery Problem - Standard

Guv und E-Mail Delivery Problem



Besten dank für deine Hilfe.

Antwort

Themen zu Guv und E-Mail Delivery Problem
akamai, antivir, avira, benachrichtigungsdienst, dvdvideosoft ltd., e-mail, firefox, flash player, homepage, iexplore.exe, install.exe, js/agent.480412, logfile, microsoft office starter 2010, plug-in, problem, realtek, registry, secunia psi, security, svchost.exe, systemereignisse, tr/crypt.xpack.gen, tr/fake.rean.2121, tr/kazy.176162.2, tr/reveton.r.279, trojan.agent.gen, trojan.fakems, trojaner, windows



Ähnliche Themen: Guv und E-Mail Delivery Problem


  1. Bekomme massen E-Mail "This message was created automatically by mail delivery software."
    Plagegeister aller Art und deren Bekämpfung - 31.08.2015 (2)
  2. Mail Delivery System <mailer-daemon@kundenserver.de> mailrücklauf auf nicht gesendete mail
    Überwachung, Datenschutz und Spam - 26.03.2015 (4)
  3. Mail Delivery Service seit mehr als 1 Monat wie bekomme ich das Problem aus der Welt
    Log-Analyse und Auswertung - 02.06.2014 (9)
  4. E-Mail Programm blockiert - Mail delivery failed..
    Log-Analyse und Auswertung - 20.04.2014 (18)
  5. Mail Delivery System Mails... Mail-Konto gehackt?
    Plagegeister aller Art und deren Bekämpfung - 06.03.2014 (7)
  6. E-Mail-Problem bei WEB.DE (Mail delivery failed: returning message to sender - keineantwortadresse@web.de )
    Plagegeister aller Art und deren Bekämpfung - 12.10.2013 (11)
  7. Mail delivery failed, aber nur in Windows live mail
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (8)
  8. E-Mail Account gehakt? mail delivery-Nachrichten
    Antiviren-, Firewall- und andere Schutzprogramme - 14.06.2013 (17)
  9. Mail delivery failed
    Log-Analyse und Auswertung - 09.06.2013 (7)
  10. Mail delivery failed: returning message to sender, obwohl keine mail versendet
    Plagegeister aller Art und deren Bekämpfung - 15.05.2013 (0)
  11. Mail delivery failed Emails - vermutlich Maleware Problem
    Plagegeister aller Art und deren Bekämpfung - 09.04.2013 (16)
  12. Mail delivery failed-SPAM Mails. E-Mail-Acc kompromittiert?
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (1)
  13. E-Mail "Mail Delivery System" hundertfach im Posteingang
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (13)
  14. Web.de (Mail delivery failed)
    Plagegeister aller Art und deren Bekämpfung - 07.12.2012 (16)
  15. Mail delivery system meldet unzustellbare E-Mail
    Überwachung, Datenschutz und Spam - 27.03.2012 (4)
  16. Heute schon über 30 "Mail Delivery System "Mail Delivery System" Mail bekommen
    Log-Analyse und Auswertung - 26.05.2008 (4)
  17. Mail Delivery Subsystem ???
    Plagegeister aller Art und deren Bekämpfung - 19.09.2003 (14)

Zum Thema Guv und E-Mail Delivery Problem - Hallo hatte vor einiger Zeit den BKA Trojaner auf meinem Pc hab es soweit geschafft das er bis jetzt nicht mehr aufgetaucht ist. Seit gestern wird mein E-Mail Postfach mit - Guv und E-Mail Delivery Problem...
Archiv
Du betrachtest: Guv und E-Mail Delivery Problem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.