Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 30.11.2013, 11:22   #1
Sunshine_71
 
Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus? - Standard

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus?



Hallo,

ich habe mir vor ein paar Tagen einen Virus eingefangen. Eine Seite erschien vom Bundesamt für Sicherheit, ich hätte illegale Inhalte geladen.
Jetzt meldet sich regelmäßig mein Virenscanner mit neuen Sicherheitshinweisen. Im Moment heisst das unerwünschte Programm 'TR/Reveton.A.2410'

Ich würde mich sehr freuen, wenn mir jemand weiterhelfen könnte.

Vielen Dank schon im Voraus
Claudia

Alt 30.11.2013, 11:34   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus? - Standard

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus?



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 30.11.2013, 11:51   #3
Sunshine_71
 
Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus? - Standard

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus?



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-11-2013
Ran by Claudia (administrator) on CLAUDIA-PC on 30-11-2013 12:43:18
Running from C:\Users\Claudia\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4468736 2007-05-10] (Realtek Semiconductor)
HKLM\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM\...\Run: [OSD] - C:\Program Files\C&E\OSD\osd.exe [561152 2007-09-20] (C&E)
HKLM\...\Run: [Norman ZANDA] - "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
HKLM\...\Run: [NPCTray] - C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [520192 2006-12-14] ()
HKLM\...\Run: [NBAgent] - C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-04-03] (Nero AG)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [Regedit32] - C:\Windows\system32\regedit.exe
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKCU\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [958352 2011-07-26] (Samsung)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3507088 2011-07-26] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [20880 2011-07-26] ()
HKCU\...\Run: [UpgradeChecker] - C:\Users\Claudia\AppData\Roaming\Media Player Classic\{B4C47102-44E0-4CFC-88CF-D82CA0636F10}\UpgradeChecker.exe
HKCU\...\Run: [Efpiih] - C:\Users\Claudia\AppData\Roaming\Ubfa\uluha.exe
HKCU\...\Run: [5JYZ1C4F5BYX5VXFRWDBDBQSSQZ] - C:\gb45g2q434g\22E75E012C7.exe /q
HKCU\...\Run: [Exetender_148] - "C:\Program Files\FreeRide Games\GPlayer.exe" /schedule 300000
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex [247968 2012-02-08] (Adobe Systems, Inc.)
MountPoints2: {d7a891f8-1b35-11e0-8cc3-a2afb53cd7b2} - G:\setup.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dalflfbg.lnk
ShortcutTarget: dalflfbg.lnk -> C:\ProgramData\gbflflad.dss (Корпорация Майкрософт)
Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Claudia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.holasearch.com/?babsrc=HP_ss&mntrId=B82200FF58257DF2&affID=121963&tsp=4950
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
URLSearchHook: HKCU - (No Name) - {3bbd3c14-4c16-4989-8366-95bc9179779d} -  No File
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.holasearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B82200FF58257DF2&affID=121963&tsp=4950
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.holasearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B82200FF58257DF2&affID=121963&tsp=4950
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [SeeSimilar@SeeSimilar.com] - C:\Users\Claudia\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com
FF Extension: SeeSimilar - C:\Users\Claudia\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com
FF HKCU\...\Firefox\Extensions: [SeeSimilar@SeeSimilar.com] - C:\Users\Claudia\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com
FF Extension: SeeSimilar - C:\Users\Claudia\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com

Chrome: 
=======
CHR Extension: (Torntv) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf\1.0
CHR HKLM\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files\TornTV.com\torn11.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3780064 2013-11-18] ()
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [490280 2010-03-25] (Nero AG)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [14848 2011-04-26] ()
S2 OsdService; C:\Program Files\C&E\OSD\OsdService\OsdService.exe [53248 2007-09-03] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-20] ()
R2 TestHandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [307200 2008-02-29] (Fujitsu Siemens Computers)
S3 Tomcat7; C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\tomcat7.exe [70656 2010-08-04] (Apache Software Foundation)
S2 Winmgmt; C:\ProgramData\gbflflad.dss [205312 2013-11-24] (Корпорация Майкрософт)
S2 Norman ZANDA; "C:\Program Files\Norman\Npm\Bin\Zanda.exe" [x]
S2 PEVSystemStart; "C:\ComboFix\pev.3XE" EXEC /i "C:\ComboFix\HIDEC.3XE" "C:\ComboFix\SWREG.3XE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q

==================== Drivers (Whitelisted) ====================

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-12-15] (Avira GmbH)
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [28048 2010-02-05] (CSR, plc)
S3 Cam5603D; C:\Windows\System32\Drivers\BisonCam.sys [753456 2007-06-01] ()
R3 CEBFilter; C:\Program Files\C&E\OSD\OsdService\cebuffer.sys [5120 2007-09-04] (Windows (R) Codename Longhorn DDK provider)
R3 CEIO; C:\Program Files\C&E\OSD\OsdService\ceio.sys [4608 2007-08-31] (Windows (R) Codename Longhorn DDK provider)
R3 cKBFilter; C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys [7168 2007-08-31] (Windows (R) Codename Longhorn DDK provider)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [46592 2007-04-04] (Windows (R) Codename Longhorn DDK provider)
R0 JRAID; C:\Windows\System32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-11-30] (Malwarebytes Corporation)
R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210224 2007-01-30] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [10368 2004-11-01] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [5504 2006-10-18] (Silicon Image, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-04-26] (The OpenVPN Project)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-30 12:43 - 2013-11-30 12:44 - 00013109 _____ C:\Users\Claudia\Desktop\FRST.txt
2013-11-30 12:43 - 2013-11-30 12:43 - 00000000 ____D C:\FRST
2013-11-30 12:38 - 2013-11-30 12:41 - 01092065 _____ (Farbar) C:\Users\Claudia\Desktop\FRST.exe
2013-11-30 11:40 - 2013-11-30 11:44 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-11-24 17:13 - 2013-11-24 17:13 - 01595904 ____T C:\ProgramData\dalflfbg.fdd
2013-11-24 17:13 - 2013-11-24 17:13 - 00000285 _____ C:\ProgramData\dalflfbg.reg
2013-11-24 17:12 - 2013-11-24 17:13 - 95025368 ____T C:\ProgramData\dalflfbg.bxx
2013-11-24 17:12 - 2013-11-24 17:12 - 00205312 ____N (Корпорация Майкрософт) C:\ProgramData\gbflflad.dss
2013-11-24 17:12 - 2013-11-24 17:12 - 00000000 _____ C:\ProgramData\dalflfbg.fvv
2013-11-23 09:03 - 2013-11-23 09:03 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard

==================== One Month Modified Files and Folders =======

2013-11-30 12:44 - 2013-11-30 12:43 - 00013109 _____ C:\Users\Claudia\Desktop\FRST.txt
2013-11-30 12:43 - 2013-11-30 12:43 - 00000000 ____D C:\FRST
2013-11-30 12:41 - 2013-11-30 12:38 - 01092065 _____ (Farbar) C:\Users\Claudia\Desktop\FRST.exe
2013-11-30 12:13 - 2011-07-02 21:38 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-30 12:11 - 1979-12-31 23:00 - 01281791 _____ C:\Windows\WindowsUpdate.log
2013-11-30 11:44 - 2013-11-30 11:40 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-11-30 11:41 - 2009-05-14 19:23 - 00026112 _____ C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-30 11:32 - 2012-09-13 16:05 - 00000000 ___RD C:\Users\Claudia\Dropbox
2013-11-30 11:32 - 2012-09-13 15:41 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Dropbox
2013-11-30 11:29 - 2011-07-02 21:38 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-30 11:28 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-30 11:28 - 2006-11-02 13:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-30 11:28 - 2006-11-02 13:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-26 19:49 - 2008-12-15 10:09 - 00002140 _____ C:\Windows\bthservsdp.dat
2013-11-26 19:49 - 2006-11-02 14:01 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-26 19:41 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-24 17:13 - 2013-11-24 17:13 - 01595904 ____T C:\ProgramData\dalflfbg.fdd
2013-11-24 17:13 - 2013-11-24 17:13 - 00000285 _____ C:\ProgramData\dalflfbg.reg
2013-11-24 17:13 - 2013-11-24 17:12 - 95025368 ____T C:\ProgramData\dalflfbg.bxx
2013-11-24 17:13 - 2010-04-28 19:06 - 00000680 _____ C:\Users\Claudia\AppData\Local\d3d9caps.dat
2013-11-24 17:12 - 2013-11-24 17:12 - 00205312 ____N (Корпорация Майкрософт) C:\ProgramData\gbflflad.dss
2013-11-24 17:12 - 2013-11-24 17:12 - 00000000 _____ C:\ProgramData\dalflfbg.fvv
2013-11-23 20:58 - 2013-09-15 16:18 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-23 20:58 - 2013-08-03 10:33 - 00033470 _____ C:\Windows\PFRO.log
2013-11-23 09:03 - 2013-11-23 09:03 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-11-14 19:42 - 2013-08-16 17:59 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 19:39 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-13 20:08 - 2009-04-26 18:39 - 00002575 _____ C:\Users\Claudia\Desktop\Microsoft Word.lnk
2013-11-11 05:50 - 2009-10-03 10:13 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-09 13:58 - 2008-01-21 08:16 - 01475854 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-06 11:15 - 2010-04-29 16:05 - 00000474 _____ C:\Windows\Tasks\Ad-Aware Update (Weekly).job

Files to move or delete:
====================
C:\ProgramData\dalflfbg.bxx
C:\ProgramData\dalflfbg.fdd
C:\ProgramData\dalflfbg.fvv
C:\ProgramData\dalflfbg.reg
C:\ProgramData\gbflflad.dss


Some content of TEMP:
====================
C:\Users\Claudia\AppData\Local\Temp\drm_dyndata_7380009.dll
C:\Users\Claudia\AppData\Local\Temp\setup_fsu_cid.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-30 11:37

==================== End Of Log ============================
         
--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-11-2013
Ran by Claudia at 2013-11-30 12:44:39
Running from C:\Users\Claudia\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

Adobe AIR (Version: 3.6.0.5970)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Reader X (10.1.4) - Deutsch (Version: 10.1.4)
Amazon MP3-Downloader 1.0.9
Apache Tomcat 7.0 (remove only)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.652.0)
Audacity 2.0.3 (Version: 2.0.3)
Avira Free Antivirus (Version: 12.1.9.2500)
BitGuard
Canon Easy-WebPrint EX
Canon IJ Scan Utility
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (Version: 4.0.0)
Canon MG3200 series Benutzerregistrierung
Canon MG3200 series MP Drivers (Version: 1.01)
Canon MG3200 series On-screen Manual (Version: 7.5.0)
Canon My Image Garden (Version: 1.0.0)
Canon My Image Garden Design Files (Version: 1.0.0)
Canon My Printer (Version: 3.0.0)
Canon Quick Menu (Version: 2.0.0)
Catalyst Control Center Core Implementation (Version: 2007.1205.1451.26462)
Catalyst Control Center Graphics Full Existing (Version: 2007.1205.1451.26462)
Catalyst Control Center Graphics Full New (Version: 2007.1205.1451.26462)
Catalyst Control Center Graphics Light (Version: 2007.1205.1451.26462)
Catalyst Control Center Graphics Previews Vista (Version: 2007.1205.1451.26462)
Catalyst Control Center Localization Chinese Standard (Version: 2007.1205.1451.26462)
Catalyst Control Center Localization Chinese Traditional (Version: 2007.1205.1451.26462)
Catalyst Control Center Localization Dutch (Version: 2007.1205.1451.26462)
Catalyst Control Center Localization French (Version: 2007.1205.1451.26462)
Catalyst Control Center Localization German (Version: 2007.1205.1451.26462)
Catalyst Control Center Localization Italian (Version: 2007.1205.1451.26462)
Catalyst Control Center Localization Japanese (Version: 2007.1205.1451.26462)
Catalyst Control Center Localization Korean (Version: 2007.1205.1451.26462)
Catalyst Control Center Localization Portuguese (Version: 2007.1205.1451.26462)
Catalyst Control Center Localization Spanish (Version: 2007.1205.1451.26462)
Catalyst Control Center Localization Swedish (Version: 2007.1205.1451.26462)
CCC Help Chinese Standard (Version: 2007.1205.1450.26462)
CCC Help Chinese Traditional (Version: 2007.1205.1450.26462)
CCC Help Dutch (Version: 2007.1205.1450.26462)
CCC Help English (Version: 2007.1205.1450.26462)
CCC Help French (Version: 2007.1205.1450.26462)
CCC Help German (Version: 2007.1205.1450.26462)
CCC Help Italian (Version: 2007.1205.1450.26462)
CCC Help Japanese (Version: 2007.1205.1450.26462)
CCC Help Korean (Version: 2007.1205.1450.26462)
CCC Help Portuguese (Version: 2007.1205.1450.26462)
CCC Help Spanish (Version: 2007.1205.1450.26462)
CCC Help Swedish (Version: 2007.1205.1450.26462)
ccc-core-static (Version: 2007.1205.1451.26462)
ccc-utility (Version: 2007.1205.1451.26462)
CCleaner (Version: 3.22)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
CuteFTP 6 Professional (Version: 6.00.0000)
CuteFTP 7 Professional (Version: 7.00.0000)
CutePDF Writer 2.7
Die Sims™ 2 Super Deluxe
Die Sims™ 2 Villen- und Garten-Accessoires
DivX-Setup (Version: 2.6.1.41)
Dropbox (HKCU Version: 2.0.22)
ElsterFormular (Version: 13.3.0.9066)
ElsterFormular 2007/2008 (Version: 9.1.0.0)
ElsterFormular 2008/2009 (Version: 10.3.2.0)
FormatFactory 3.1.1 (Version: 3.1.1)
Google Update Helper (Version: 1.3.21.165)
GoToMeeting 5.4.0.1082 (HKCU Version: 5.4.0.1082)
High-Definition Video Playback 10 (Version: 7.0.11400.29.0)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.6.1)
Java(TM) 6 Update 30 (Version: 6.0.300)
JMB36X Raid Configurer (Version: 1.00.0000)
LameACM
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
mediscript Hammerexamen (Version: 5.0.0)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office XP Professional mit FrontPage (Version: 10.0.2701.0)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XML Parser (Version: 8.70.1104.04)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 10 Menu TemplatePack Basic (Version: 10.0.10600.6.0)
Nero 10 Movie ThemePack Basic (Version: 10.0.10600.6.0)
Nero 8 Essentials (Version: 8.10.368)
Nero BackItUp 10 (Version: 5.4.11800.21.100)
Nero BackItUp 10 Help (CHM) (Version: 1.0.10700)
Nero Burning ROM 10 (Version: 10.0.11100.10.100)
Nero BurningROM 10 Help (CHM) (Version: 1.0.10700)
Nero BurnRights 10 (Version: 4.0.11000.12.100)
Nero BurnRights 10 Help (CHM) (Version: 1.0.10600)
Nero Control Center 10 (Version: 10.0.12000.1.4)
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700)
Nero Core Components 10 (Version: 2.0.13700.0.1)
Nero CoverDesigner 10 (Version: 5.0.10900.11.100)
Nero CoverDesigner 10 Help (CHM) (Version: 1.0.10600)
Nero DiscCopy Gadget 10 (Version: 3.0.10700.9.100)
Nero DiscCopyGadget 10 Help (CHM) (Version: 1.0.10600)
Nero DiscSpeed 10 (Version: 6.0.10800.7.100)
Nero DiscSpeed 10 Help (CHM) (Version: 1.0.10600)
Nero Dolby Files 10 (Version: 2.0.11000.0.10)
Nero Express 10 (Version: 10.0.11000.10.100)
Nero Express 10 Help (CHM) (Version: 1.0.10700)
Nero InfoTool 10 (Version: 7.0.10800.8.100)
Nero InfoTool 10 Help (CHM) (Version: 1.0.10600)
Nero MediaHub 10 (Version: 1.0.13400.11.100)
Nero MediaHub 10 Help (CHM) (Version: 1.0.10700)
Nero Multimedia Suite 10 (Version: 10.0.13200)
Nero Recode 10 (Version: 4.6.10900.4.100)
Nero Recode 10 Help (CHM) (Version: 1.0.10600)
Nero RescueAgent 10 (Version: 3.0.10900.9.100)
Nero RescueAgent 10 Help (CHM) (Version: 1.0.10700)
Nero SoundTrax 10 (Version: 4.6.10600.2.100)
Nero SoundTrax 10 Help (CHM) (Version: 1.0.10600)
Nero StartSmart 10 (Version: 10.0.11200.12.100)
Nero StartSmart 10 Help (CHM) (Version: 1.0.10700)
Nero Update (Version: 1.0.0017)
Nero Vision 10 (Version: 7.0.11100.8.100)
Nero Vision 10 Help (CHM) (Version: 1.0.10600)
Nero WaveEditor 10 (Version: 5.6.10600.2.100)
Nero WaveEditor 10 Help (CHM) (Version: 1.0.10600)
neroxml (Version: 1.0.0)
OpenVPN 2.2.0 (Version: 2.2.0)
Origin (Version: 9.1.10.2728)
OSDInstall (Version: 1.0.0)
PowerDV (Version: 2.0.2120)
Realtek High Definition Audio Driver
Samsung Kies (Version: 2.0.2.11071_128)
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 (Version: 3.0.0.80601)
Samsung PC Studio 3 (Version: 3.2.2.80601)
Samsung SCX-4200 Series
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.2.2)
Skins (Version: 2007.1205.1451.26462)
SmarThru 4
SWiSH Max3 (Version: 09.06.02.000)
SystemDiagnostics (Version: 2.00.0002)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VCRedistSetup (Version: 1.0.0)
WebCam
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
WinRAR
WinZip 15.0 (Version: 15.0.9411)

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {29DB3855-A6E7-4EF9-AC69-061E72013709} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-02] (Google Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {5469DD6E-6736-4D45-B703-422CB8EE4921} - System32\Tasks\BitGuard => Sc.exe start BitGuard
Task: {633E12CE-0FA7-4961-8301-19F42670BA7F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {7F59023F-549E-4749-A972-1BD8030B62CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-02] (Google Inc.)
Task: {8DC8A3F7-4FF2-45EB-83E7-C8C630DBF5D5} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\System32\pla.dll [2008-01-21] (Microsoft Corporation)
Task: {DB94156E-39A4-42FE-B407-07D47F2A67C2} - System32\Tasks\Microsoft\Windows\RestartManager\{73217216-65AF-4f73-B81B-30CC39F56C89} => C:\Windows\System32\RmClient.exe [2006-11-02] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0ACF1AF5
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:39EDBD33
AlternateDataStreams: C:\ProgramData\TEMP:60C897F3
AlternateDataStreams: C:\ProgramData\TEMP:7EC01D6D
AlternateDataStreams: C:\ProgramData\TEMP:DCA79AB3
AlternateDataStreams: C:\ProgramData\TEMP:FF9C44FE

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Could not list Devices. Check WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2013 11:31:31 AM) (Source: BackItUp5) (User: )
Description: IDS_LINUX_INST_ERROR

Error: (11/27/2013 07:55:02 PM) (Source: BackItUp5) (User: )
Description: IDS_LINUX_INST_ERROR

Error: (11/26/2013 07:15:06 PM) (Source: BackItUp5) (User: )
Description: IDS_LINUX_INST_ERROR

Error: (11/25/2013 06:37:53 PM) (Source: BackItUp5) (User: )
Description: IDS_LINUX_INST_ERROR

Error: (11/24/2013 05:32:09 PM) (Source: BackItUp5) (User: )
Description: IDS_LINUX_INST_ERROR

Error: (11/24/2013 11:19:19 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy126,0xc0000000,0x00000003,...)". hr = 0x80070005.


Vorgang:
   EndPrepareSnapshots wird verarbeitet

Kontext:
   Ausführungskontext: System Provider

Error: (11/23/2013 10:22:09 PM) (Source: BackItUp5) (User: )
Description: IDS_LINUX_INST_ERROR

Error: (11/23/2013 10:20:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/23/2013 09:28:21 PM) (Source: BackItUp5) (User: )
Description: IDS_LINUX_INST_ERROR

Error: (11/23/2013 09:10:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/23/2009 09:32:49 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 23.10.2009 um 18:35:28 unerwartet heruntergefahren.

Error: (10/23/2009 04:38:26 PM) (Source: Service Control Manager) (User: )
Description: 1Neustart des DienstsWindows-Verwaltungsinstrumentation%%1056

Error: (10/23/2009 04:34:42 PM) (Source: Service Control Manager) (User: )
Description: OsdService1

Error: (10/23/2009 04:34:42 PM) (Source: Service Control Manager) (User: )
Description: DgiVecp%%20

Error: (10/23/2009 04:34:42 PM) (Source: Service Control Manager) (User: )
Description: Norman ZANDA%%3

Error: (10/23/2009 04:33:05 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (10/23/2009 04:32:55 PM) (Source: NETw4v32) (User: )
Description: Intel(R) Wireless WiFi Link 4965AGN : Interner Fehler aufgetreten.

Error: (10/23/2009 00:24:44 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (10/23/2009 07:57:59 AM) (Source: Service Control Manager) (User: )
Description: 30000Netman

Error: (10/23/2009 07:31:26 AM) (Source: Service Control Manager) (User: )
Description: OsdService1


Microsoft Office Sessions:
=========================
Error: (11/30/2013 11:31:31 AM) (Source: BackItUp5)(User: )
Description: IDS_LINUX_INST_ERROR

Error: (11/27/2013 07:55:02 PM) (Source: BackItUp5)(User: )
Description: IDS_LINUX_INST_ERROR

Error: (11/26/2013 07:15:06 PM) (Source: BackItUp5)(User: )
Description: IDS_LINUX_INST_ERROR

Error: (11/25/2013 06:37:53 PM) (Source: BackItUp5)(User: )
Description: IDS_LINUX_INST_ERROR

Error: (11/24/2013 05:32:09 PM) (Source: BackItUp5)(User: )
Description: IDS_LINUX_INST_ERROR

Error: (11/24/2013 11:19:19 AM) (Source: VSS)(User: )
Description: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy126,0xc0000000,0x00000003,...)0x80070005

Vorgang:
   EndPrepareSnapshots wird verarbeitet

Kontext:
   Ausführungskontext: System Provider

Error: (11/23/2013 10:22:09 PM) (Source: BackItUp5)(User: )
Description: IDS_LINUX_INST_ERROR

Error: (11/23/2013 10:20:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/23/2013 09:28:21 PM) (Source: BackItUp5)(User: )
Description: IDS_LINUX_INST_ERROR

Error: (11/23/2013 09:10:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 3069.7 MB
Available physical RAM: 1477.32 MB
Total Pagefile: 6342.38 MB
Available Pagefile: 4477.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.19 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:76 GB) (Free:16.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (000000) (Fixed) (Total:232.88 GB) (Free:198.82 GB) NTFS
Drive e: (DATA) (Fixed) (Total:148.09 GB) (Free:97.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: C831F29D)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=76 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=148 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: F1D277C4)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 01.12.2013, 09:06   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus? - Standard

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus?



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.12.2013, 12:03   #5
Sunshine_71
 
Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus? - Standard

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus?



Danke für die Antwort.
Habe Combofix heruntergeladen und gestartet! Aber es wird keine .txt datei gespeichtert! und mein computer stürzt zwischendurch ab! Würde mich freuen, wenn du mir da noch mal weiterhelfen könntest!
lg
c


Alt 02.12.2013, 09:23   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus? - Standard

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus?



Mach mal folgendes:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus?

Alt 02.12.2013, 13:39   #7
Sunshine_71
 
Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus? - Standard

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus?



Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.02.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Claudia :: CLAUDIA-PC [Administrator]

02.12.2013 11:08:49
mbam-log-2013-12-02 (11-08-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 399877
Laufzeit: 2 Stunde(n), 13 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://www.holasearch.com/?babsrc=HP_ss&mntrId=B82200FF58257DF2&affID=121963&tsp=4950 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {BED4ED0A-3827-11E2-8975-FC6D9795A147} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {BED4ED0A-3827-11E2-8975-FC6D9795A147} -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudia\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudia\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 13
C:\Users\Claudia\AppData\Local\Temp\C521.tmp (PUP.Optional.PerformerSoft.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudia\AppData\Local\Temp\C6B.tmp (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudia\AppData\Local\Temp\C977.tmp (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudia\AppData\Local\Temp\setup_fsu_cid.exe (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudia\AppData\Local\Temp\A779.tmp (PUP.Optional.PerformerSoft.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudia\AppData\Local\Temp\gbflflad.dss (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudia\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\gbflflad.dss (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\CuteFTP\CuteFTP.Profesional.6.0.0.4.-.SND.Patch.ShareConnector.rar (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudia\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences (PUP.Optional.BProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudia\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         


Code:
ATTFilter
# AdwCleaner v3.014 - Bericht erstellt am 02/12/2013 um 14:11:26
# Updated 01/12/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Claudia - CLAUDIA-PC
# Gestartet von : C:\Users\Claudia\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : BitGuard

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\iWin
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Users\Claudia\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Claudia\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Claudia\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Claudia\AppData\Roaming\iWin
Ordner Gelöscht : C:\Users\Claudia\AppData\Roaming\SeeSimilar
Ordner Gelöscht : C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gelöscht : C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
Ordner Gelöscht : C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Ordner Gelöscht : C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files\Mozilla Firefox\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\BitGuard

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [SeeSimilar@SeeSimilar.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [SeeSimilar@SeeSimilar.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{922AFBA1-6CA0-446F-8923-5D1DA4E7FFB9}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{922AFBA1-6CA0-446F-8923-5D1DA4E7FFB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\9edcdbb53dbd45
Schlüssel Gelöscht : HKLM\SOFTWARE\9edcdbb53dbd45
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3201318
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C510DFFB-0AFE-484C-BA40-CED5B74C4EEF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFF9B2DA-EF99-4B26-83CB-7058299999D8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\PrivitizeVPNInstallDates
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16502


-\\ Mozilla Firefox v

[ Datei : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6479 octets] - [02/12/2013 14:09:40]
AdwCleaner[S0].txt - [6464 octets] - [02/12/2013 14:11:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6524 octets] ##########
         


Code:
ATTFilter
# AdwCleaner v3.014 - Bericht erstellt am 02/12/2013 um 14:09:40
# Updated 01/12/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Claudia - CLAUDIA-PC
# Gestartet von : C:\Users\Claudia\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : BitGuard

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\Program Files\Mozilla Firefox\user.js
Datei Gefunden : C:\Windows\System32\Tasks\BitGuard
Ordner Gefunden : C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Ordner Gefunden C:\Program Files\Conduit
Ordner Gefunden C:\ProgramData\BitGuard
Ordner Gefunden C:\ProgramData\iWin
Ordner Gefunden C:\ProgramData\Premium
Ordner Gefunden C:\ProgramData\Tarma Installer
Ordner Gefunden C:\Users\Claudia\AppData\Local\Conduit
Ordner Gefunden C:\Users\Claudia\AppData\LocalLow\Conduit
Ordner Gefunden C:\Users\Claudia\AppData\LocalLow\PriceGong
Ordner Gefunden C:\Users\Claudia\AppData\Roaming\iWin
Ordner Gefunden C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gefunden C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
Ordner Gefunden C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Ordner Gefunden C:\Users\Claudia\AppData\Roaming\SeeSimilar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\9edcdbb53dbd45
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\BabSolution
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C510DFFB-0AFE-484C-BA40-CED5B74C4EEF}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFF9B2DA-EF99-4B26-83CB-7058299999D8}
Schlüssel Gefunden : HKCU\Software\PrivitizeVPNInstallDates
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\StartSearch
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\9edcdbb53dbd45
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3201318
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\BitGuard
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{922AFBA1-6CA0-446F-8923-5D1DA4E7FFB9}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gefunden : HKLM\Software\Tarma Installer
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [SeeSimilar@SeeSimilar.com]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [SeeSimilar@SeeSimilar.com]

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16502


-\\ Mozilla Firefox v

[ Datei : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6339 octets] - [02/12/2013 14:09:40]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6399 octets] ##########
         

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Claudia on 02.12.2013 at 14:20:59,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2285768390-3041205336-1231078401-1000\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{00986AD2-EDBB-4294-A3F5-4093D07FE827}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{00D72980-137A-4746-957A-D7EBFDE43C44}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{01275C78-9262-43B0-973F-89929B3346BC}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{01BD4D10-E7C2-42D8-9E0A-61C382AEDE80}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{024FFF9F-D40A-48D5-840D-6FA5BA3DC3D9}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{02C8F154-CE29-4E3B-A3AD-2321C23E1155}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{0347AA53-2D1D-4D16-A876-7FC4E8876820}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{0406F681-2CE0-45B5-8131-A4E7C8C8D5FC}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{050EEC62-9792-4355-986F-685DC569BDD6}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{05CC165E-3213-476A-9AF3-A35DEFB6CEF4}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{05F4825E-8860-4B07-91A6-9BF9B2F9D8A8}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{06093EB4-2E1C-4654-85A8-13E219A00C8E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{0630832A-6CD1-42F7-9EA0-7E4EC1E492F1}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{06536EAD-66F6-40E8-A0DA-C7267093782E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{0660A17C-C1D9-4BCB-A6E2-63CCBD36BCF1}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{067EDBEC-D40A-4C32-A998-2818FC47B7FE}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{06B9D960-E348-4483-8410-E2A5C50EEA58}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{06BD7C41-5336-49F9-8B76-B08CDF98FD5F}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{07097909-1AE3-4358-AC44-DA0202FFF0AA}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{07B4F3C1-010A-4FAE-BFE8-BF15296705FD}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{08C5163F-0EB6-4CE4-B25D-A88C5567904C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{08C95060-0FEA-46B4-AA60-63BA1F18469C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{0971D423-45FF-43C6-90D4-C67AC8C06D12}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{0A2139F9-2CEA-4974-B176-416348A6D016}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{0A4B8236-2694-4EE0-B33C-D56F3B44C87E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{0A4E5AA9-031D-4B86-842D-046EA8CF94C2}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{0A4EE6D8-FF2B-4B0C-9758-CDA34F0345BF}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{0A7DC452-C9F6-418E-9BED-D936896593EB}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{0BF8F438-8324-4696-95D3-A55F6820BB36}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{0C6F76F8-2583-4773-BCC5-9B6DD8111415}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{0CE3F451-43D9-43D1-A5BB-186C59EE73C3}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{0DE86DBF-3AA3-4983-AFE7-83E0AF512441}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{0E0F7459-CA3D-4DC3-A78E-A2AD22D8C39C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{0E9EB2F8-3EEE-43B3-8289-A35318D495BD}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{0FAC0EBC-F140-4745-9751-81903A3D8CE0}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{0FBB5987-CACA-4F0F-8B6B-4A9DB6BF0C77}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{10A4FD46-6169-4450-A31D-80CF545C5F79}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{10A6DC8B-6A38-4215-90B8-DB514E7C8080}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{10F2EEEA-B342-47CD-AB4D-E444629DABF2}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{10F32CA2-F94D-4265-920F-810E982357FA}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{11AA45BC-2E63-4172-99BB-5E764099FE17}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{12606C20-664F-414D-85D2-392981B94D46}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{1267DA37-1FD4-4797-B5DC-D061C23E756B}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{12703E5F-3760-4CAF-BA52-A6181E54FC2A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{127E030A-7CD4-4029-BC84-F4CD5877EA12}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{1285FD8C-A8F2-45AB-91C0-D5D753BB85B7}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{13BD9E74-CC51-4113-B067-6D678D529F78}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{14737D06-A0AC-46D5-895F-8BDBFBA61C66}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{15CCE7D6-BB25-40A3-ABDC-EB47ED48E44C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{15D38539-CE3D-47D8-A6EF-DE9A56E69EAD}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{16985FE2-CE32-47CF-83D6-D6EE41ED4E9B}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{1711E263-38C4-4458-B6C6-C41F4EB590A7}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{17590A8C-A8EF-4844-82B2-FFB0C8EB4907}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{1817D8C0-CDB5-4BDC-86FA-FC0D6013CA55}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{182718FC-D13F-4B34-A180-BE42C91CF7B9}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{1919B3C1-92EC-496C-9BEC-8ECB8FCD1510}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{1980BF37-4150-4212-8B91-841323A4AE32}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{19EFDB1A-432D-4689-8B19-426C6AB806CA}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{19FBFE66-63BC-4EEE-BF30-B11FEC382D03}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{1A72E66C-767D-4EF0-80CE-4A774BDD33DE}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{1A812AC0-889D-4B0F-9DFD-2CC7836197C3}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{1A815815-3DDD-4B8E-8452-C5F09D351C2E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{1B63853F-CC3E-431E-9CD2-D777998E39EA}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{1C08AC7A-699F-48CB-A1E7-129A3EA9BB6E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{1C7A77E0-0E70-4C53-B9D0-882FD6BE2BE1}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{1D49EAF8-CE54-4BAC-8379-D3B38A20AC26}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{1D9D5FFB-E044-4A65-A0AE-B1F06D88E434}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{1E0AB2AF-5663-465B-B473-8E55AB307901}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{1E46D9A5-1927-4B8F-A3C3-EBE959257F07}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{1E9D3355-0437-4443-91EF-BC774141C195}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{1ED9A6C7-8FCD-4821-83D3-94AF230F6159}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{1F3C71FE-0261-4693-A4A8-B5BE561174C2}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{1F7C4566-5AD2-4DDF-83E2-ECD6259BD90E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{1F8826A3-0920-488C-B18F-645CEB2B17E0}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{20401809-9872-4BF9-8C0B-253215EC281A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{207A5992-07CF-4FD7-861C-D7AC2C463CFE}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{20EC002F-B57B-4CF0-BFA4-286E5AFF363F}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{211D49CC-195E-46A2-93FB-FECEC3DCF309}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{217FCB8A-C193-4737-B362-3BC382C00CA2}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{21D2F3F1-F5C6-414B-8D08-C85EEE88DC1D}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{2282F554-6BC2-472F-A74F-97BA994E80D0}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{23C9C625-C6B4-499D-82D9-4FE2D998BD59}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{244FB66C-9358-414B-951A-E3C4D4C78DD0}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{2464538E-B225-4138-B5A9-26B401D8F822}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{2499312A-8368-46A5-99A9-A0B16353A232}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{24D7A065-8704-476F-9259-56CA0E638292}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{24E312DE-837E-420E-8ED5-C182A879D30C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{25416442-2347-411B-A1E3-A41B2F078CC1}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{2594E0F6-A616-4B27-A765-D813F3B92BAC}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{25ED4004-F98F-46E9-81A5-B37E9BE85B7F}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{264975DB-662C-47BD-A150-D4FB89A70A6F}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{26B2EF52-E16C-4FD4-84BC-2661684BFD13}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{26D67A99-48E2-4DC0-A1EC-12329C4632D4}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{271651D2-2FF3-4797-A20A-757C24F5B115}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{274FDA2E-DA96-4213-A1BC-D0CF312027EE}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{280DE2BB-FA7C-4BD4-87EB-66CB1F9F3326}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{28974A19-AA69-4D25-904F-9E060FB48E4E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{28C426C2-CA17-40DC-AAF3-98A29B3CEB52}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{28DDABE2-9E6B-48E8-BFA8-07FC9CF5A10D}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{293830DC-1D36-4168-ACB5-CE5D69081BBA}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{29992FDF-F129-4D77-B20E-42EF9D279F07}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{29BB14F3-6632-40A1-B7EE-C65B7B6A1CB4}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{29DBE8BA-5B02-443F-8A96-4FE54BDCF082}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{2A2B00E4-715E-4748-8935-35483914A209}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{2A63213E-AE46-40D8-99CF-05EABE6272D7}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{2AE5DB0C-7866-4B3D-9985-1C4F0306C193}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{2AF002D1-DDDF-4629-828A-EE4615DA336F}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{2B241597-402E-4718-9EC5-6892DF77D5CC}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{2B3F29CD-5FF8-4859-84A0-944082A4C4CA}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{2B764E40-F6E2-41B7-B364-E1ADAAE2FEFF}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{2C203FF7-293C-490D-A11A-BC2CCFD5BDFB}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{2CA17F12-F072-413D-8801-320829F7B758}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{2CC3EE37-B6B8-4D74-8752-560E7F33E4EB}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{2CF8279F-F8D6-4C7B-907A-697948A2971F}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{2D29FD01-221D-4A87-9231-D4A34D33F558}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{2D394646-3B47-48AB-8E5E-2AA413909A6E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{2EA01737-F367-4100-85D1-67BB0D2FF998}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{2F42D1A0-C75A-418A-ACCC-BAD59934DA48}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{30327103-207D-44B1-98EE-394F98671F7C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3069673C-11A1-4DB0-84B2-BDA80D8AEE23}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{30D9EE5F-E279-47D9-84A2-7D0256A11F7A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{31A0E589-3418-4EBA-8A89-1BD23DFFE2A3}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{31DDE9D7-AF6B-4FEC-883C-7255098671DC}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3215F310-8DAC-4763-BB59-D621A89AC18C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3364E495-2F60-48A0-BABD-688B6FFF774B}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{33A5DB6C-6727-4C4C-8617-357DFAEB8EF9}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{33C6C0F0-657A-42DB-8201-CEBCF22C8813}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{345EE2C1-C5D0-4861-A094-5F4D1C1E8340}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{347803C2-7FC8-44D9-B2B5-9CB5622FF44A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{34ABB0F7-A075-4609-A0D6-D1E59037FD76}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{34D4A088-9058-4D3D-AD49-C46132640A43}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3544996F-F662-4CDF-927A-353BD3098B2B}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{354E2DEF-4048-46D6-948F-E7C7ABB1B336}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{369A0EA7-E85E-4602-A661-1BB73B789EB4}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3733DE48-A2D4-427A-9D66-918B8D05E0AB}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{37B04A35-BEEF-481B-AE18-A3108EC4EA88}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{385FF025-0E5E-4F3A-99E0-1B496BFF99CB}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{38C256DE-6435-4859-9F30-5D82F028D3F3}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{38F6FBC4-0FD5-4A52-A98C-39740B2BC1C9}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3918B4B3-6B7C-47F9-B366-C90E2EFB67FF}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{391ACCD6-4A73-43A7-A41D-312FC1A6AB7F}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3A220780-57DB-4EE0-96E5-9AEEBF6FCED5}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3A41CB0A-A64D-4AF2-829A-D0D7BF7C62C9}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3B361F20-232B-4AD5-8D6C-29B1A87B5E50}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3B5CBC9C-8E85-48A6-ADD2-817D611B5FAA}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3BA02A46-0091-4F87-90A7-B00917C76A5D}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3BC6FC8D-C988-4B8C-B7D1-5CA610F45B90}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3C156A9E-3CF1-4E92-8809-4CFF97291417}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3C487909-271F-4B13-952E-F347056B38EF}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3C647C05-A0CC-4373-8300-ABE9DF36709E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3CCABFBF-B51A-4911-9214-C367982DDD21}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3CFE476B-6302-4E27-822B-82923B1DC849}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3D4DF9E2-F680-4341-B317-7BF4C83A37A7}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3DED700F-55A3-4215-8927-F7C4B67DFD9F}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3EAB19B6-CC62-4650-8214-99C65C4A46CD}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3F57FFAF-4AEA-4C25-9678-A34C5F89DC83}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{3FAFBC35-AB82-4287-B4D2-609B44D3B7D5}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{40D39D09-9C16-4F7B-99AE-4A5547CB7CDD}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{414ACBF6-FCFE-4CF9-ABAF-206C575CC6D4}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{417A83A0-D5F1-48FF-9D3E-D30E0769D1CA}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{41B22F3C-A61D-46A6-BE1D-907D007D9C53}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{41F63158-83E1-4ACA-B9EB-9C2AD665D1DE}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{42885C83-5471-42B8-9A71-2BBC32E54BA7}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{42EC8E2E-48CA-4330-8098-0EA6F6D85FEA}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{4364A864-329A-4634-BBA4-6809DC3C6F51}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{43729C0B-02BC-4C5C-AC31-225B3680B649}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{43D57906-CBA7-4D1A-BDB1-341D25490D62}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{4403C5C8-EEEE-4EFE-A7F7-E143B26F421C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{44147DD7-E762-460D-89BD-7A81D99283ED}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{44D5DF2B-3266-40E5-9F5A-F98E02B34797}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{44D92F14-CD74-4D0F-8952-80F842A42A7A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{45F0448F-EE3F-4E5E-87B1-6298C622B112}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{45FBD6AB-9264-4540-B8AA-044ACD6D8543}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{46B939B9-4B3E-431C-BAE0-17FBF99A60B0}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{46BEF839-BA83-486C-B4B2-DBD4BDD353BA}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{46C57DB4-6906-4EB0-9BBD-A243C59A2675}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{46D7E35A-E721-42F7-AE8A-F01DEDF3409B}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{46E085AD-4F6F-47D0-8AC8-6E1C441A282B}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{46F495F7-5FC1-4D35-8FC2-2B4732D1F65F}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{4777E83E-E6F2-492F-8A03-B3FFA2ADA077}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{49701232-F33D-48B9-A978-C515F069FDBE}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{4A1AC36D-22BC-4FD4-8341-EDFED2975061}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{4A425CC9-CE2C-4B14-999F-C2FB8DBE9B7B}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{4A68F4DE-80A3-48BA-8870-A063CD58F844}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{4B0C8598-8023-4023-BBA7-A29B3289C364}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{4C3C2025-95FF-4FB5-A4A0-093F27EB1AEA}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{4CA67520-8ECD-4E5F-B687-A2DF297222AA}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{4CF5A901-2540-4E91-BAA5-540D815324FD}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{4D14FA5A-E57F-4EF2-BF79-6BE4D32BC5FE}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{4D67EE53-42F0-41CE-97C7-19BE212ADBAB}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{4DAA0094-140E-4434-8F43-3F76B1921B08}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{4DC5BA1D-0377-4ED3-B52E-10B6CBF60F18}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{4E064052-0D2F-473C-BD9D-0D0A7FAFEC8A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{4EAB141B-2DCC-403E-8BD4-FC9AA123A706}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{4F5955C3-1C92-4FDE-8C3F-3DA7454E562E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{4F7C29F9-4600-4E97-B441-0E9CF3B5DA15}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{4F7E535D-5F2B-4B8C-B741-63DED44CF66A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{4F849286-7CDA-4C6D-88C4-E75DB211C7AB}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{502535DA-CBAD-4C26-B5EC-19A71EC207CF}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{50D3F3C6-44D3-4ABF-90B9-B288D1EE9ECF}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{51B85B56-1EA5-4298-B728-DCC0FF578F63}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{51BA21C8-A7D6-4FE2-99E7-F238D7DEC3AD}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{51DBDDDF-52D5-4B16-9CA6-C9909B673B83}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{52A6C7C8-642F-46F0-898A-08D8A69A549E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{532D8903-FFB8-4F87-8505-1A8429F17882}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{537DD536-031F-4E9D-9005-0DDECA427D82}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{53F21B30-CD2A-4343-93AE-3079FB768013}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{5493F587-5A8C-4EB9-B247-34A35FF3B28F}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{567DDBFB-75A7-4821-A88F-B5738CA1871D}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{5692C440-9A42-4AF0-B251-DA0A0231B37A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{5733A1D5-F5F1-4D6F-B5AF-6E1B6E3E19FE}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{57FFAB19-0442-41B9-97FD-01AD58443E94}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{58481015-4B4C-4B6F-991C-60F7F1793A45}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{58A1427F-AAE4-4DF7-A4FD-7E9D559BB738}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{58B5D3C3-7B74-4AB0-8E97-4FC7CF408403}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{58D88BA3-CB1E-4D9E-9FF2-E219ED71DC00}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{5924EB86-D217-4C7E-976B-653AFA906AA1}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{59456BDA-8AB7-4B1D-AF7A-0C53000BB5B1}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{5A47BCCD-7D9D-4F64-A5CB-A5FCB378E010}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{5A54C0CB-FE2B-4E86-AC4C-13A4FF607A63}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{5A750B4E-6240-4518-B997-CD5AE05988F6}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{5A816414-CB82-4FFB-B3B9-15E622BBE4D9}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{5ABAB440-032E-4C6A-B6DD-C7D2529C21E0}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{5AE9D9F9-EEA9-4611-BA43-9F5711FB8DD9}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{5AEA1B27-1C77-412B-B6F5-3A5EEA0DAA0C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{5B64BE56-0ECB-4EF4-AC37-C539960094D9}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{5B897BCB-C6BF-4742-B96E-01CC4C398C1F}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{5C5294AC-897E-4944-B62D-EE1C23A11110}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{5CBA05DF-C479-4294-A306-AF097FF87CB7}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{5F008537-7C68-4FE7-86C7-441DF3C5C706}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{60221CBB-48B0-4E0C-90A6-A0BD30A88068}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{617D76F0-BBBC-4A83-AECA-85A39BB76EF8}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{61D7C3CF-8C7F-4C67-9E14-59C81E948870}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{62090781-1FC1-4664-8515-4A2E9B9943DD}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{623F4DCC-E483-46CD-8490-E8DF747C9736}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{6285786D-DAF8-4FEE-940F-25047B272943}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{62D0E93D-5A1C-4ABF-8690-27F58952DA11}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{63165B7C-27F9-4ED4-A9B3-D09350590CF6}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{632D398E-15A2-44A4-820F-B354E7A3B651}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{637B43E0-9A89-4401-80ED-402DBB103EFB}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{63A4ADF1-D36D-4A15-B03C-C2587281AAE7}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{641A4F23-655B-49E2-836D-02B9A0AF8538}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{646FA3DE-1C8E-485D-A5EE-73CF01961256}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{647BFBD2-508A-4A95-89A0-4E2FC322F997}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{64C4BFFF-8CBA-4F8A-9049-1A1BD4056D2C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{654CD3FF-1193-4612-B80C-D8B9DD6F27A5}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{6561E53F-DE75-4C87-BC30-FAB7C92DBC89}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{65A99BDF-71F5-4820-906A-CFAA45CA9D2E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{65ECA047-31DB-48F3-9AA2-012D5224D7DF}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{663914C1-AE56-4742-8D63-69A424A88660}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{675BFC7B-21FD-454E-B43E-0BAFC3FD83D6}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{67A6761C-D94A-4847-ADB8-8210B745EDB2}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{67D1F8C1-CDEA-431C-B24C-AFA59F36707F}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{67E96C55-7977-423A-8FA8-24B428FFBC07}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{67FBDF75-D982-46F3-A1C6-174CA55B16AE}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{684E2A71-0386-47DE-815C-BED436560608}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{688EE405-5510-420D-8CFD-36AE181649E8}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{68A73A74-D90F-4519-8D17-9BAC261C83B1}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{68FB5107-5DAB-4D22-9BF9-A5C6439FF05C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{695797B1-41E0-4A7B-9A0C-FAA4447233C5}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{698BEE70-6AE0-4513-807B-01DB87B59EC0}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{69CEC61F-D11E-4956-BF20-ED3FDB4E8DD0}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{6AE4BABB-F71A-4E11-9C42-7450A68AA730}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{6AEBC9B0-4755-4FAB-B1F9-0FB9842C8EA4}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{6BA8C2B6-76EA-4171-B083-21F8A7443E32}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{6C527AA5-283A-4614-BC30-E9FA2753174A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{6C88A667-EA50-4DA3-B918-BE9D8AE75EF1}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{6CAF1A1C-9819-4A82-A6F5-94A4EF484E75}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{6CB0EFF3-CAAF-47DB-BE5E-812DB770F43D}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{6CB90B77-1E24-4D38-A76A-FDE986D2CA38}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{6CCA6804-CD2D-4BD4-9C77-EF56399ECA72}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{6E657AF1-6C9A-4A49-B712-A3F660F28830}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{6F8B347D-B3FF-4EC6-AD64-404E3AB2D5FB}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{6F91253E-FDD6-410A-81A9-1EB4B84E3FB2}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{708BDF24-F435-45A6-A674-95D06F093815}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{70AB36EB-08E0-4913-B0CD-67E7305715CB}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{71111BC7-F0AF-4D2C-95D0-AF99B721AB30}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{711E8FE8-1DE9-4C2A-85C9-3AB797FDBCB2}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{71872A23-9ABD-4F11-BABC-97D90997A6FD}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{729F8C89-55C5-4790-852B-2665EE5364C9}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{72D7BB08-7BB3-4A68-9A60-34276F112098}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{72D7CCD6-4952-4CE6-8A23-AEF76D02A6DC}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{72E9C3D1-6773-424B-9A64-CA1EA4EACE68}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{72EDF834-211F-45D5-8499-7ED1F686AB7C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{731D2A90-5D57-4F02-B7AE-1A3A5017497F}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7361587B-E6DA-49C0-BC96-08CD2A86D3C8}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{739ACFDC-7794-4685-8962-0F9060E61A48}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{73EC48F6-812B-4E2E-B8CC-88E561BEE0AC}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{745A56F4-289A-423C-A354-65C8221763E1}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7465A7EF-8817-4D4F-8630-A75496594388}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7503F693-F6F8-49D3-B544-15AFD8E39449}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{751AC313-E9DE-4AF5-848E-9A8BE3209A3F}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{75B69C1C-374E-4AC7-8D64-C165D80B2B03}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7645F957-4D7B-4D1C-A86D-EE858415AF34}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{766102F2-C078-4CD4-876E-75980D8BB3CD}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{76A55CBB-385F-430F-A060-CA8D764523DD}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{76FC7870-879E-4E07-8085-5DAA8FA84C5A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7752B0E7-65DA-44F2-BC86-4FD8F14EE3C7}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7757B011-A88F-4A18-AC2C-DDEEFA0DD6B0}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{77DD6DE5-BE81-4813-B979-1BB44157D4AC}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{77FF26C5-CAD3-4520-951B-74E461E8DEAE}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7896BBA9-01CB-453D-8494-A8F1469AEE40}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{78E0ECE3-C3AC-4DC6-BCB9-7D74C62056A1}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{791A330C-61B2-41EC-A83F-DF5C2A099412}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7921DD2F-84AA-4564-A749-CB6F77D29D6B}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{79281120-59D6-4FFA-A120-AE000E3E591E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{79F579FB-E6E4-439A-97EE-2AB8FF19F2E5}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7B65AC1C-79D7-4D7F-B779-8A1D503F527D}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7B8D480D-9892-41B5-BD1C-2F535999E9AA}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7B8ECD42-C636-4ECA-A252-8B3605561351}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7BAD7F21-7648-4139-AC08-1536E6EAED54}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7BB8B115-10C3-4295-9CB1-1A3D495903F8}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7C9D1147-AD7B-4543-93FE-6B935F614103}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7CE12156-9D6C-4A95-9A65-0D7BA39B8E69}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7D4F881F-FBA3-4994-A44E-1CC8B955ADF5}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7E9D8292-12EC-4363-9DA1-48E70D7FF915}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7EE72333-C220-4385-8D44-2CB2491DC215}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7F3DAA27-6545-4148-9B23-C47DAEB3AE1E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7F6B06AF-C7F4-4ED7-9235-3810E757DB06}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7F780BFE-847E-4606-BD28-2C4237D09C85}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7F7E99D3-EC4C-4E52-AB0C-65749649E7E2}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7F9AAB22-91D4-4BBC-A1B6-BB6FE5B70E2E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{7FB37360-C8EC-46BA-B68A-71F65CA67C3C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{80447484-FBCA-4BC5-B073-E121C8D6EFF9}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{804EC9E4-8E48-436D-8236-DA2C4ECCCAE7}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{81497998-6D01-4680-B898-4C8884A87A68}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{81DC2700-A017-4F78-8870-4C3E842F4C02}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{81FCD640-33CE-487C-908B-FF7D56444428}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{823139D9-F921-4DC5-B7DA-8DE70CCB0BE6}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{82595EA7-10CF-415F-80A9-297202229180}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{8305081E-A5ED-40DE-92B7-8009065DC010}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{83A6AA31-AF36-4A99-8ADE-86E055F46421}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{83C3B5ED-F2C1-4450-8834-F3436CAA1BE3}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{842BA65F-74BC-49E3-AC87-72CB6F0D9600}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{843A7AAB-6B08-43F1-9D5D-3588B550B14A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{855779B0-208D-4AB9-8562-B7D1F662E376}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{85C5C10C-B3AD-4FDF-962D-B8CFD6B2A9F3}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{85CAE830-8ED9-4B36-8577-A936EDD2A36C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{85D352C8-0F92-4C06-BFD1-875CF6BBCE94}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{86396C71-8F8C-4952-BDED-5C7BFA0B6C98}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{869EDEE2-4C94-48C6-BA6F-22C6BC049668}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{86CCA980-2976-478C-B9B5-4DBF0ECFBCD2}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{8775C250-62E1-4945-8704-0C569308121E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{8792AB0D-C357-41AC-96D2-358123CFBD49}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{87C3738E-B40E-4706-B469-05B657434759}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{87CB1F89-C86E-4FB2-ACD1-5601C1E2A78D}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{87D8AB50-C4A7-4F03-BD1E-0ADE26A4FBBF}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{88164E12-A25F-487C-B4E0-0909F3E250E0}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{8834C82A-8D8D-4734-BB31-1A7F5A3A57A7}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{8897BD41-7E87-41A7-A27E-366DC253DD8F}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{88AA3768-4898-42A7-B11E-7844BEBA3391}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{894E95F0-8031-4E75-BCCA-FA8CA6D869BC}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{8A3EA3C8-F264-4A15-BF4C-F72EE5910FC4}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{8CB468BC-6E39-43BE-90EE-9B2B0114EE27}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{8D6C81F4-A0E3-428A-A2BF-37FDF47D0284}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{8D7E1E64-97E4-4882-80F3-61423D58E702}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{8DFB94B8-8602-47D3-B9D6-E2C354CA5A46}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{8E2F5E68-246E-4E0B-A45E-45D36C670BC3}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{8E846639-F286-43D6-AB13-77E3823B33EE}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{8EC054B4-9BB2-473A-98F1-728327B01D13}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{8F0B7248-2553-4B54-8A04-AB89F903361E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{8FD0AD6D-9604-4164-8ACA-BD083B7D3194}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{8FFB7384-90CC-4515-9475-9A2E84E29708}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{90175358-F9DE-44A7-B75F-47E6EEAFFBEB}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{909BA2C7-5198-4DD6-B6BF-F04595515ED6}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{90EF03DF-174B-4139-91E7-8C1EFD375000}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{9110D47B-5FB6-49D3-989D-8EC8168B93FA}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{91294995-ED03-4D88-9CDA-BF2330EFF674}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{91EA27BB-24C8-481B-8110-D0CBD3499AC2}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{9243F79A-E19A-4762-B224-B67C5A6ABEB0}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{925B686A-D9FC-4159-8334-52139977BBDF}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{92D9A5A6-1859-417B-8E26-A79A4421524A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{939271F2-A56E-4881-8852-1C645116FCF0}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{93B689DB-ABB6-4A2A-B3BE-F21EBAA9EC09}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{93C6505E-AE83-41D3-A55A-B993F9D559D7}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{94BD0AF3-B2E0-4B22-85FE-8D7D06FF23A2}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{955F6F89-D6CC-4DDA-B075-D4084D03D949}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{96ECBC5C-4989-413C-A0E4-41F3336CBC84}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{97519E26-37E2-4335-942E-E6588FB8B0C4}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{9828E49E-9C16-4DBF-8A69-815E8932C9E9}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{985E40CE-FEB2-4FBF-AB2B-D5849A05B5E7}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{98877BCA-ED0F-42F7-9781-27E849B3E888}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{9ADA75DE-2CCB-4F57-BA8F-28F09D0F8D24}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{9AEE6B52-C408-4B12-9722-6628AE6E6D83}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{9B494C62-D8EB-4668-977C-BAB67999A7D1}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{9B78E53F-4DAE-4D44-A41F-28259A448A40}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{9C53CF40-1650-4B81-A214-0DFFFC54A4F1}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{9C96D67C-AD58-4C7B-9BD7-E3D14E7B8523}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{9C98EA93-8AEF-4771-8F5F-D1D84FDEDA6A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{9CE774CB-14A2-4792-BA22-1CDAD0705C64}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{9D2A1D2C-CC33-41C4-A6DD-3A1D3834DF6F}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{9D652CDE-E76F-4A4D-B24E-9B6FED5DB588}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{9D83D8D6-59D8-4448-8554-6873166D3D7D}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{9E210DFA-D5B0-4287-A141-A7E738F7CE06}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{9EAFF436-8BB9-4FC5-ADCB-8A048A4D3652}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{9F88619C-ACD9-4736-862F-A0E82D3FF7D6}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A01C024D-D550-4634-BED3-59A6D3F821CC}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A0789B60-F767-424C-B4D9-754B982F2A36}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A0C62F25-633B-47B4-91C5-4602C3C13D40}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A0C7A5D2-92A4-4EDD-9641-D5B9610E00A7}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A234AB76-05FB-47F1-A9AD-ECA8451162B2}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A32BB56D-7EB0-4DC0-B118-2CA22B0D6414}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A39DC3A9-100B-4B5C-8B55-6425B8CA69E5}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A468F48A-21B0-4F1D-B4D3-95F9A2CCD9D9}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A47429DE-9787-48EE-90B1-CEEF851A9F5E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A488DE19-EFEF-49A4-B710-287B9B472B47}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A4924343-C448-46A4-8E6A-70DDDD930EBF}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A52D1EF4-4F6D-4023-82C5-80D45BDB5F90}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A5541D6A-3D5F-4968-9DBC-1A1EE92C96DA}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A55CB24C-CDDF-473A-A667-EDFBF546F2A3}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A57E43FF-07A3-4A3C-BD21-034522D5B698}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A6C539EC-CFB7-4727-B010-12D76B812451}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A6FA1BF5-75F1-4057-8663-0E547CE675FB}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A76098DA-72AB-494A-AEF2-D463428C124D}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A79677EA-FB5F-4D5C-A45C-E937D95F01C6}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A871F520-FD53-4853-AEB3-1A014EB39332}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A8C9819D-0333-4F06-93FF-6A26E99BF5C9}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A8FE7665-B8C0-4E32-BEB8-E1A06613CB19}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A91623C5-7F4F-42C5-ABE2-1265DCA62469}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A922A2E7-EBB6-4BF7-84CD-AF7EEDA3A52E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A9A742D5-EA2E-4D64-941B-2202B3DD6D6A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{A9E2265F-F128-4E3B-8441-73AF8557307D}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{AA849358-71BB-474A-B09D-9563D8184AEF}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{AAFBFA0A-5DB9-42E1-9B68-D15665250AEA}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{AB702DE9-2090-4974-BE7A-FE3E956B701E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{ABDADF50-EAE8-4AE5-8A53-3D03032F8223}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{AC23A178-092A-491F-990B-5824B28DE2B4}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{AC7EC0CF-7ABD-488F-B2E2-FA1B006CA80A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{AC86168D-CA8A-4337-BC78-F2AB62EF2CAA}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{AC972ACF-29C6-44A2-9821-B4848A027C32}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{ACA5FB18-DA84-450F-AE25-410B600B058E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{ACCCB1DC-2988-4FB4-8F53-7A0D685CF756}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{AE38C632-9F47-482E-8D16-992F410C66D5}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{AEEC2521-4768-46F4-A8FD-6924B5BEEF49}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{AEEF5612-5BD6-4DD0-9665-DCA637D4E5D8}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{AEF4E336-0D41-4A2C-AA80-F031630299D6}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B0CBC733-47D0-4C36-91CD-7730BA16025E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B118AF06-AAA7-478B-AEF5-5B3556800C33}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B1964838-6A39-4835-B5F1-F48EA77F0CAE}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B29FD995-7859-492A-B02F-024962813BFD}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B2D81FBB-1161-44CB-8D98-FCB28433EC84}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B2F0C2FD-9697-413E-BD8A-C31B43BC28CD}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B3B1D7EF-0E14-4384-BAF3-DDF9646B7CEF}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B44B932C-D993-4A67-A218-A8623DE1653C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B458AB68-4396-4D8E-B4F1-E62001EE9254}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B5B63C89-6365-4758-9381-1ADF1FFC6BA2}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B5DC343B-C45C-474D-B103-6C10F7D020F4}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B6046DD4-1410-4606-B4E6-7569B3EFA503}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B6713E10-A24D-4CD9-B63A-CC3EC8D64AC4}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B6B979B4-5E2E-4B90-80E4-B183077D76AC}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B6BE6E97-F174-4743-B46A-5B4527356A29}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B6C2C168-77FD-48E7-BAC8-268CF9F74787}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B71A97EB-0C01-4158-9644-1897F2BD05F7}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B7694A32-2E49-4076-A9F2-40C52908C3AC}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B77B4848-8861-4B2D-B355-F3CDF2135BC9}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B77D1532-3CEC-44C0-A786-AA881D415FFD}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B7AC1EB1-5E5D-4534-9386-1A141AE9A890}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B82C1DA3-B22B-4298-8330-A662289B0937}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B87981EE-BC4D-4639-B15C-A2616365C7B0}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B8EC2EA2-5793-4E42-B421-BCA6E01D8539}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B90285C7-BA21-4123-89E0-42DB5BFDECB1}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B93EA916-2FF5-4EDB-814A-8941D7C9BEA7}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B959AD16-69C8-4407-9C80-37B9B0433671}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{B9E9D998-47CC-45BE-9267-3B3C64EC563B}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{BA09C809-82E9-47F5-A6ED-F036D1EDBC00}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{BA3A5325-E0AB-4F65-AAE3-B15A9EF42D5B}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{BA9D3079-C95D-44AF-BE75-18F40388DEE9}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{BACFFE9B-2F22-4B61-8BFA-76070D5D114B}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{BAD7AB29-B682-4B3C-B915-B62C0A5373CE}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{BB45A1BE-1A29-4ADF-9188-B82551AB360C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{BB5F29D4-943F-4AEC-BFE0-234699DDB80A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{BB76E075-F048-4FEC-9322-FDC5D166B48B}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{BC083DEF-6B20-46BA-824B-0C592CC3B51E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{BC3BD180-A345-4990-A4A2-C2CA4843BD1F}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{BCB7CBBF-9C75-4486-A979-BE1F10B1D7A2}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{BD0759DB-150C-41B6-A33D-9001C445F237}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{BD203ED5-FFE2-466D-8109-B0B7F1ACF974}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{BD94180C-9BF4-4DA7-9166-5D5CA64CBCF6}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{BE7831FF-A5FA-47DF-81FC-3E28BC26BDEA}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{BE9B5C33-DE30-41FA-A895-9F651927DAED}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{BED2D000-9057-44DA-BB92-AB48D778E1A9}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{BF2402F3-78AC-4B48-9862-E324E0205430}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{BF2DCC88-3AF9-4079-BF1E-F77A0E584989}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{C117D895-8E64-407F-B9E2-FB55A74B414E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{C1AF8221-61E1-4F19-B912-CC5551A087D1}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{C21ABD8A-D6F0-4DC6-8CEC-80B0D8D65A43}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{C23425B6-6D46-4CFC-BBD4-FDA0413C4662}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{C236A354-02CB-45BA-BF4E-2B16D35A03B3}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{C2AFE541-7E68-496F-908F-0A231F77D20A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{C3422E2F-7A01-4BD9-B458-39F5EAFA75A5}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{C34F34C2-6079-4F02-A9D8-E0F4B9517F34}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{C3803F6C-6BF7-43DF-AFDF-ED2F976F3682}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{C399A3E7-92D3-4B35-8180-457C44B79708}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{C3E34FC8-1D72-44DF-AE84-8D7BAFB8EF05}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{C440A5A2-BB3E-445F-B8C0-6EC73FC91A0E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{C45D353D-51AD-460E-896A-5F4C4C55E56A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{C497D565-42D5-4A1A-A4BF-C802DD9E8BCF}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{C4F83A63-FF56-44FB-A4F9-8306EFC2704C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{C7B9BDA5-402C-4B8B-AB64-6859C944157C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{C862D995-481F-4425-89BD-46D4FF348030}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CAA54FAB-14CA-4E27-92FF-CB212B9B916A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CAB820D7-1389-4333-B418-456EFB3C152B}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CAE2645D-3C7D-47A5-8A8D-D3B25AE4EFD6}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CB0E4FFE-312B-4311-8AC1-0ECB8BF8E40F}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CB59B54D-A85E-4E4B-BD6E-28906A457645}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CBC2B380-46BB-4E87-8FE8-4FA434E64B0E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CC0AD9C9-0E4F-4B35-81BE-37E5195FAD06}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CC0DBCA9-830E-41AA-8F90-17E1A965452B}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CC4247F1-B8E1-4FCB-AD69-3B91338C2153}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CCD48192-51A2-4D48-87E8-D1F6A00E4F27}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CD3FE028-4B62-4137-8B38-00102CFB3933}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CD49E0CF-F69B-4815-974D-21BD95520533}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CDA2144F-5335-4E65-BAB0-457A6AFCA3E2}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CDD9ED4A-1BCF-4585-92FC-1D049C0C36E0}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CE1237ED-98F6-4C2C-BEA3-9D739096E7DC}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CE7844EC-C1D8-47DE-93E3-0CF5D5F468EF}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CE8B001F-3998-4334-A117-B67EA3C120F0}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CF537401-2D91-40B1-AAE8-976B0F64861C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CF69A8B4-6B59-43CA-8ED5-B2D665086F8C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CFBCD0A6-3092-45B0-9B54-5472FA236917}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CFE79E5F-3187-45EA-B18D-81A2495E16E6}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{CFFD91BF-D81F-4D9E-9445-277846474D3E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D04ACF0D-2728-4573-82A4-5C4146C925B2}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D12ACF3F-ECA8-40A0-B80B-E4BFDB615E84}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D1328796-1A28-4B5B-A9D7-0C5A451B7F35}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D2CA20B9-B00C-4BFB-8878-41964D3F4979}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D2D5BB33-6F27-4513-85B1-7101969F72BF}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D37ABB84-4264-4E40-8D15-AC55FF1DC7A7}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D3F58EDD-EF55-42EF-BF0A-AF51FE19485C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D3FAD474-CAFE-47B3-B0AC-70F3D7DC2ACC}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D469946A-E4A8-48A1-8906-1E72AE7B0AC5}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D470E969-174A-4A5D-A897-A96BBBEDCE2D}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D52E98A7-5C1B-45C9-8A2D-F745E72F0C03}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D570F2F4-B0B4-40B8-AEF9-3789716E1CFF}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D5F52515-93D8-4C5D-BCF8-94FE5A9040D5}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D620B383-193D-4E7A-B3F7-393874DB1440}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D6BC800A-CD90-4383-9874-6958F029AF70}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D6C33888-AB07-4369-808A-946A44FC6F9F}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D771D766-7D71-4A0F-8B4B-CC2044A00AA5}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D783B921-9194-4165-8DE4-382A791BDA14}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D79E8C2A-5E96-4BCD-AD6D-BE3C977AB672}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D7E0D542-0135-44CD-AA41-135D873F61B1}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D82AB777-AFCA-4D3C-A992-380F15352DF0}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D8313331-8C8E-423F-A057-DBA8D62E76B9}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D8666D47-5656-4873-A3A5-8F7BC5BA386A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D8CD4D78-083B-42EF-B4E9-FFF9080948E7}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D8E1CD8B-7E53-4067-A751-289F79EEA202}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D9BA13E0-3B1B-4672-B140-E31685834B02}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D9BB1CDA-A68F-4DB3-9C80-D9D9D5955118}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{D9E93B6D-18D4-4F2F-8939-5D0E06D6E607}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{DA09E0B7-0E5A-4230-8D53-06924D982CAC}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{DA32943E-F6C5-48C5-B405-6A17C73115E7}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{DA80604D-95B7-4EED-98D5-C37E68A7CCFF}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{DAFD28D2-591B-417E-B9E0-8D10CFBD3653}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{DB5E37FE-CCF3-43A9-9580-0F3AF9A2D392}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{DB82A95B-608C-4678-89D7-FB5C83FCF472}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{DBD5464C-EC69-45B7-9078-9F13B22B9664}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{DBF1AFE1-994A-4BA9-8503-ABA016D62317}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{DC390AEF-C7D9-4B62-A589-74DA5AF0A862}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{DC39393A-2D03-493A-AE53-57876DBD03B3}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{DC4BF7C4-C8A8-43EC-938E-6A8D58D9830C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{DE00FAFA-8972-4014-A757-A8FAB154661C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{DE7D2F27-BBEC-445B-8E3D-3F5548B67EDD}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{DE9881B7-E50E-4840-99B4-F4A5ADDBA2A4}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{DEF3014D-5A1A-4ADC-AA6A-23BD846A70AF}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{DF7DFD32-00CE-411E-880E-552D6CFB232D}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{DF8DAA25-3D21-46ED-BBAB-830805DB90C0}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{E06B7B0E-B197-46BF-9A94-B7234B49DFFA}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{E2243E3F-5BC5-452C-ADB4-9511CDE2649A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{E24C4506-5622-4CD6-8BC2-8D0EEE90174C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{E26EFEE5-64FB-4789-9B75-B97899B38E07}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{E2D05053-DF98-45B7-A3D2-D05271CECE4A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{E3480FAF-9848-4E80-ABF3-FAB2F6EABEDB}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{E368BA40-DCCF-4D75-8C43-BB9896CF9951}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{E391D85E-2335-4487-81BB-1AD96B76B36A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{E3B270C5-F2A6-4EE9-9FA7-EF44B37E7292}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{E3C6B34E-7F2A-4D61-BC74-D96A01BB8CE5}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{E4077969-753D-4BA1-BDDF-3F0693AC9537}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{E4551CC6-93A1-4DF0-AFF8-A0BE7F4BAF86}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{E47B4B1D-ADCF-4F48-B7BA-DDF948443EF0}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{E578928C-8A23-448F-8F6E-92511A65C342}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{E6BD5930-DCBE-4E39-9EFB-A95111240A45}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{E78A18FD-71F3-43D9-8AB7-8490B28C98F7}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{E8456D71-3917-4095-8AA7-28DBC395FAC3}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{E8512975-57CB-4C7F-AA6B-95AC9271F5E2}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{EB90C4CA-909B-474D-AA7C-77F79ADBA34D}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{EBA48C4A-191B-4D70-99C5-6D761617841E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{EBB52266-4A2A-4BBE-99B6-A3DC1AD58BC2}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{EBC4B476-CCCF-430A-8EF1-7FA2CB4B2ABA}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{EBC72D56-A619-4C2E-85A4-7025AD9C34BD}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{EC09FD9A-F7B6-4D42-A422-E482047B384E}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{ECBDAF86-B77E-4C96-8302-96F46BD070BD}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{ECCF6B7F-8153-4910-9D78-0CF9663F4B2B}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{ED2DC20F-4054-4F11-ABA2-A4F331003006}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{ED89E541-7D0F-41AD-A6F2-C4A06693D783}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{EDC74CFD-833D-44CD-8B80-91C6F8DBB9BB}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{EE333FBF-7047-433F-BD7B-D060D98ACCD8}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{EE9F260C-B3CB-4FE2-BAFD-A35DB39400A4}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{EF42E32A-A7A0-48E7-B393-85185DBE869F}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{EFA1CA75-D828-4B10-8F0F-BCE70B4CBA7D}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{EFEB70ED-9442-4B75-93EA-E8968786AA55}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F0108846-7084-4F3C-B40E-F7F2F879F313}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F0A0A1D5-F7D9-472A-AD28-F1603F939E05}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F0B404FA-3CC7-422F-B32F-3A1B9E2F5B1B}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F12270E0-795E-4940-B8D0-B5C0AB477837}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F1E234BA-FEE7-4F2A-ACC8-0539BF5CDA2D}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F1EB87B9-9923-416F-8970-95CB431A0D74}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F2130135-E5EB-40D2-BEFC-B2B0658244EB}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F23F64CC-E005-40B8-8BEC-C693AC1E9763}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F29A7F3E-94CD-4720-85E3-002027143E14}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F323FC06-31CF-4B59-935E-ADEAF6A700D2}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F3245332-6795-4418-B295-8AF3631D0E98}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F37B7E98-5CBF-4275-AB14-7D08916B39A9}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F3F6C8CB-C804-4312-B753-33CE529509A5}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F43CA6E4-65D3-4362-AFFB-C8068798BA37}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F4F453B4-2346-4F7C-BBC8-3DACF9844992}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F5418903-96BC-424C-B349-C340F9EFFDAB}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F54939CF-719A-4718-9A61-32DB55760263}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F5704740-3AF1-436F-B001-F5932F04B373}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F5A1F4C9-B575-4DF1-9AE1-A28514131DC2}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F5ACC827-94F4-42C1-848F-165BE740AD36}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F6D6AD72-520C-4F13-83A9-317D8819E762}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F75ADC80-C84D-417D-BEF9-E8D5B8C8E9A1}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F7CE70FE-8A65-4EA5-9C08-9A4EA3BB56AE}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F7DB2784-C668-4F12-8EE4-DEE38D34A7C5}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F8542CF4-0463-4DAA-8628-885027B6F13A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F95FCFCA-FFC1-4BBA-B421-14A13D994A64}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F98117A0-E19E-4764-8F3E-E2D185903C06}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{F9F5D2B3-4213-4FD7-A688-DBAE22AE1911}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{FA2DE29C-5099-4F12-98AA-ED2720969DAE}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{FB782C3B-395C-44B2-B88B-0C653305FDD3}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{FBB40052-CDDE-4F98-BF2B-FD137CE5A93A}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{FBED7701-1261-4C95-9D1D-61E6A9AFA938}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{FC16F418-1133-4284-BEC7-625DB434FE2C}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{FD0D254A-097B-4EB6-933C-B7947A1B2A33}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{FD33840F-B928-45FD-835B-D4AEA57679B0}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{FD47ADE3-5176-45A9-9D34-E64FCB217B94}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{FDC524A6-CD3D-41C1-8B7E-35E0202670A1}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{FDEBCFF5-8468-4194-A4EF-5D10B2C7D101}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{FE39D9A1-33E5-4C71-8C5B-E2EA6737FBBF}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{FE55E09E-251D-492B-8687-1354F78C6429}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{FEFB034E-0D74-4D01-984D-563AC56B49B9}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{FFB36F6B-E9AB-4E99-98E4-0EB07E712408}
Successfully deleted: [Empty Folder] C:\Users\Claudia\appdata\local\{FFC5A58B-F48C-494C-800D-4624FABFA40D}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.12.2013 at 14:24:54,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2013
Ran by Claudia (administrator) on CLAUDIA-PC on 02-12-2013 14:36:17
Running from C:\Users\Claudia\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Fujitsu Siemens Computers) C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(C&E) C:\Program Files\C&E\OSD\osd.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Dropbox, Inc.) C:\Users\Claudia\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\Office10\WINWORD.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4468736 2007-05-10] (Realtek Semiconductor)
HKLM\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM\...\Run: [OSD] - C:\Program Files\C&E\OSD\osd.exe [561152 2007-09-20] (C&E)
HKLM\...\Run: [Norman ZANDA] - "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
HKLM\...\Run: [NPCTray] - C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [520192 2006-12-14] ()
HKLM\...\Run: [NBAgent] - C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-04-03] (Nero AG)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKCU\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [958352 2011-07-26] (Samsung)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3507088 2011-07-26] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [20880 2011-07-26] ()
HKCU\...\Run: [UpgradeChecker] - C:\Users\Claudia\AppData\Roaming\Media Player Classic\{B4C47102-44E0-4CFC-88CF-D82CA0636F10}\UpgradeChecker.exe
HKCU\...\Run: [Efpiih] - C:\Users\Claudia\AppData\Roaming\Ubfa\uluha.exe
HKCU\...\Run: [5JYZ1C4F5BYX5VXFRWDBDBQSSQZ] - C:\gb45g2q434g\22E75E012C7.exe /q
HKCU\...\Run: [Exetender_148] - "C:\Program Files\FreeRide Games\GPlayer.exe" /schedule 300000
MountPoints2: {d7a891f8-1b35-11e0-8cc3-a2afb53cd7b2} - G:\setup.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dalflfbg.lnk
ShortcutTarget: dalflfbg.lnk -> C:\PROGRA~2\gbflflad.dss (No File)
Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Claudia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
URLSearchHook: HKCU - (No Name) - {3bbd3c14-4c16-4989-8366-95bc9179779d} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [490280 2010-03-25] (Nero AG)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [14848 2011-04-26] ()
S2 OsdService; C:\Program Files\C&E\OSD\OsdService\OsdService.exe [53248 2007-09-03] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-20] ()
R2 TestHandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [307200 2008-02-29] (Fujitsu Siemens Computers)
S3 Tomcat7; C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\tomcat7.exe [70656 2010-08-04] (Apache Software Foundation)
S2 Norman ZANDA; "C:\Program Files\Norman\Npm\Bin\Zanda.exe" [x]

==================== Drivers (Whitelisted) ====================

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-12-15] (Avira GmbH)
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [28048 2010-02-05] (CSR, plc)
S3 Cam5603D; C:\Windows\System32\Drivers\BisonCam.sys [753456 2007-06-01] ()
R3 CEBFilter; C:\Program Files\C&E\OSD\OsdService\cebuffer.sys [5120 2007-09-04] (Windows (R) Codename Longhorn DDK provider)
R3 CEIO; C:\Program Files\C&E\OSD\OsdService\ceio.sys [4608 2007-08-31] (Windows (R) Codename Longhorn DDK provider)
R3 cKBFilter; C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys [7168 2007-08-31] (Windows (R) Codename Longhorn DDK provider)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [46592 2007-04-04] (Windows (R) Codename Longhorn DDK provider)
R0 JRAID; C:\Windows\System32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210224 2007-01-30] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [10368 2004-11-01] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [5504 2006-10-18] (Silicon Image, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-04-26] (The OpenVPN Project)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Claudia\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-02 14:36 - 2013-12-02 14:36 - 01092187 _____ (Farbar) C:\Users\Claudia\Desktop\FRST.exe
2013-12-02 14:24 - 2013-12-02 14:24 - 00070497 _____ C:\Users\Claudia\Desktop\JRT.txt
2013-12-02 14:20 - 2013-12-02 14:20 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 14:19 - 2013-12-02 14:19 - 01034531 _____ (Thisisu) C:\Users\Claudia\Desktop\JRT.exe
2013-12-02 14:09 - 2013-12-02 14:11 - 00000000 ____D C:\AdwCleaner
2013-12-02 14:09 - 2013-12-02 14:09 - 01110034 _____ C:\Users\Claudia\Desktop\adwcleaner.exe
2013-12-01 19:33 - 2013-12-01 19:35 - 00000000 ___SD C:\ComboFix
2013-12-01 10:29 - 2013-12-01 10:29 - 00000000 ____D C:\Qoobox
2013-12-01 10:29 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-01 10:29 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-01 10:29 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-01 10:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-01 10:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-01 10:29 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-01 10:29 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-01 10:29 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-01 10:27 - 2013-12-01 19:33 - 00000000 ___SD C:\32788R22FWJFW
2013-12-01 10:24 - 2013-12-01 19:33 - 05151572 ____R (Swearware) C:\Users\Claudia\Desktop\ComboFix.exe
2013-11-30 12:44 - 2013-11-30 12:49 - 00018018 _____ C:\Users\Claudia\Desktop\Addition.txt
2013-11-30 12:43 - 2013-12-02 14:37 - 00013784 _____ C:\Users\Claudia\Desktop\FRST.txt
2013-11-30 12:43 - 2013-11-30 12:43 - 00000000 ____D C:\FRST
2013-11-24 17:13 - 2013-11-24 17:13 - 01595904 ____T C:\ProgramData\dalflfbg.fdd
2013-11-24 17:13 - 2013-11-24 17:13 - 00000285 _____ C:\ProgramData\dalflfbg.reg
2013-11-24 17:12 - 2013-11-24 17:13 - 95025368 ____T C:\ProgramData\dalflfbg.bxx
2013-11-24 17:12 - 2013-11-24 17:12 - 00000000 _____ C:\ProgramData\dalflfbg.fvv

==================== One Month Modified Files and Folders =======

2013-12-02 14:37 - 2013-11-30 12:43 - 00013784 _____ C:\Users\Claudia\Desktop\FRST.txt
2013-12-02 14:37 - 1979-12-31 23:00 - 01722599 _____ C:\Windows\WindowsUpdate.log
2013-12-02 14:36 - 2013-12-02 14:36 - 01092187 _____ (Farbar) C:\Users\Claudia\Desktop\FRST.exe
2013-12-02 14:24 - 2013-12-02 14:24 - 00070497 _____ C:\Users\Claudia\Desktop\JRT.txt
2013-12-02 14:20 - 2013-12-02 14:20 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 14:19 - 2013-12-02 14:19 - 01034531 _____ (Thisisu) C:\Users\Claudia\Desktop\JRT.exe
2013-12-02 14:17 - 2012-09-13 16:05 - 00000000 ___RD C:\Users\Claudia\Dropbox
2013-12-02 14:17 - 2012-09-13 15:41 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Dropbox
2013-12-02 14:15 - 2011-07-02 21:38 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-02 14:14 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-02 14:14 - 2006-11-02 13:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-02 14:14 - 2006-11-02 13:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-02 14:12 - 2008-12-15 10:09 - 00002140 _____ C:\Windows\bthservsdp.dat
2013-12-02 14:12 - 2006-11-02 14:01 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-02 14:11 - 2013-12-02 14:09 - 00000000 ____D C:\AdwCleaner
2013-12-02 14:11 - 2012-11-27 01:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-02 14:09 - 2013-12-02 14:09 - 01110034 _____ C:\Users\Claudia\Desktop\adwcleaner.exe
2013-12-02 13:53 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-02 13:49 - 2013-08-03 10:33 - 00039904 _____ C:\Windows\PFRO.log
2013-12-02 13:13 - 2011-07-02 21:38 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-01 19:35 - 2013-12-01 19:33 - 00000000 ___SD C:\ComboFix
2013-12-01 19:33 - 2013-12-01 10:27 - 00000000 ___SD C:\32788R22FWJFW
2013-12-01 19:33 - 2013-12-01 10:24 - 05151572 ____R (Swearware) C:\Users\Claudia\Desktop\ComboFix.exe
2013-12-01 19:33 - 2012-01-28 20:53 - 00000000 ____D C:\Windows\ERDNT
2013-12-01 10:29 - 2013-12-01 10:29 - 00000000 ____D C:\Qoobox
2013-12-01 09:18 - 2006-11-02 12:18 - 00000000 __RSD C:\Windows\Media
2013-11-30 12:49 - 2013-11-30 12:44 - 00018018 _____ C:\Users\Claudia\Desktop\Addition.txt
2013-11-30 12:43 - 2013-11-30 12:43 - 00000000 ____D C:\FRST
2013-11-30 11:41 - 2009-05-14 19:23 - 00026112 _____ C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-24 17:13 - 2013-11-24 17:13 - 01595904 ____T C:\ProgramData\dalflfbg.fdd
2013-11-24 17:13 - 2013-11-24 17:13 - 00000285 _____ C:\ProgramData\dalflfbg.reg
2013-11-24 17:13 - 2013-11-24 17:12 - 95025368 ____T C:\ProgramData\dalflfbg.bxx
2013-11-24 17:13 - 2010-04-28 19:06 - 00000680 _____ C:\Users\Claudia\AppData\Local\d3d9caps.dat
2013-11-24 17:12 - 2013-11-24 17:12 - 00000000 _____ C:\ProgramData\dalflfbg.fvv
2013-11-14 19:42 - 2013-08-16 17:59 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 19:39 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-13 20:08 - 2009-04-26 18:39 - 00002575 _____ C:\Users\Claudia\Desktop\Microsoft Word.lnk
2013-11-11 05:50 - 2009-10-03 10:13 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-09 13:58 - 2008-01-21 08:16 - 01475854 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-06 11:15 - 2010-04-29 16:05 - 00000474 _____ C:\Windows\Tasks\Ad-Aware Update (Weekly).job

Files to move or delete:
====================
C:\ProgramData\dalflfbg.bxx
C:\ProgramData\dalflfbg.fdd
C:\ProgramData\dalflfbg.fvv
C:\ProgramData\dalflfbg.reg


Some content of TEMP:
====================
C:\Users\Claudia\AppData\Local\Temp\catchme.dll
C:\Users\Claudia\AppData\Local\Temp\drm_dyndata_7380009.dll
C:\Users\Claudia\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-02 14:22

==================== End Of Log ============================
         
--- --- ---




Das hat lange gedauert
aber ich glaube es hat alles geklappt!

Alt 03.12.2013, 08:50   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus? - Standard

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus?




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.12.2013, 20:54   #9
Sunshine_71
 
Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus? - Standard

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus?



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dc9334998d567849ad9bbc4b2e7efa14
# engine=16120
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-03 08:27:00
# local_time=2013-12-03 09:27:00 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 100 15143 251525710 7874 0
# compatibility_mode=5378 16777214 0 8 143369192 143373245 0 0
# compatibility_mode=5892 16776574 100 100 42885 223635148 0 0
# scanned=209900
# found=4
# cleaned=0
# scan_time=10548
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=6072492BCE7E21383D527AACC8A70728FF40C365 ft=0 fh=0000000000000000 vn="Win32/Spy.SpyEye.CFG.A trojan" ac=I fn="C:\gb45g2q434g\C15E8FCB27E7944"
sh=6CD50D0651D7DA2281236C2EB518AE73622D4861 ft=1 fh=f597eb84d3a34818 vn="a variant of Win32/Reveton.W trojan" ac=I fn="C:\ProgramData\dalflfbg.fdd"
sh=6CD50D0651D7DA2281236C2EB518AE73622D4861 ft=1 fh=f597eb84d3a34818 vn="a variant of Win32/Reveton.W trojan" ac=I fn="C:\Users\All Users\dalflfbg.fdd"
         

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.76  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 CCleaner     
 Java(TM) 6 Update 30  
 Java version out of Date! 
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSASCui.exe 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Windows Defender MSASCui.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2013
Ran by Claudia (administrator) on CLAUDIA-PC on 03-12-2013 22:05:50
Running from C:\Users\Claudia\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Fujitsu Siemens Computers) C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(C&E) C:\Program Files\C&E\OSD\osd.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Dropbox, Inc.) C:\Users\Claudia\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
(Microsoft Corporation) C:\Programme\Microsoft Office\Office10\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4468736 2007-05-10] (Realtek Semiconductor)
HKLM\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM\...\Run: [OSD] - C:\Program Files\C&E\OSD\osd.exe [561152 2007-09-20] (C&E)
HKLM\...\Run: [Norman ZANDA] - "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
HKLM\...\Run: [NPCTray] - C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [520192 2006-12-14] ()
HKLM\...\Run: [NBAgent] - C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-04-03] (Nero AG)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKCU\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [958352 2011-07-26] (Samsung)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3507088 2011-07-26] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [20880 2011-07-26] ()
HKCU\...\Run: [UpgradeChecker] - C:\Users\Claudia\AppData\Roaming\Media Player Classic\{B4C47102-44E0-4CFC-88CF-D82CA0636F10}\UpgradeChecker.exe
HKCU\...\Run: [Efpiih] - C:\Users\Claudia\AppData\Roaming\Ubfa\uluha.exe
HKCU\...\Run: [5JYZ1C4F5BYX5VXFRWDBDBQSSQZ] - C:\gb45g2q434g\22E75E012C7.exe /q
HKCU\...\Run: [Exetender_148] - "C:\Program Files\FreeRide Games\GPlayer.exe" /schedule 300000
MountPoints2: {d7a891f8-1b35-11e0-8cc3-a2afb53cd7b2} - G:\setup.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dalflfbg.lnk
ShortcutTarget: dalflfbg.lnk -> C:\PROGRA~2\gbflflad.dss (No File)
Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Claudia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
URLSearchHook: HKCU - (No Name) - {3bbd3c14-4c16-4989-8366-95bc9179779d} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [490280 2010-03-25] (Nero AG)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [14848 2011-04-26] ()
S2 OsdService; C:\Program Files\C&E\OSD\OsdService\OsdService.exe [53248 2007-09-03] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-20] ()
R2 TestHandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [307200 2008-02-29] (Fujitsu Siemens Computers)
S3 Tomcat7; C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\tomcat7.exe [70656 2010-08-04] (Apache Software Foundation)
S2 Norman ZANDA; "C:\Program Files\Norman\Npm\Bin\Zanda.exe" [x]

==================== Drivers (Whitelisted) ====================

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-12-15] (Avira GmbH)
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [28048 2010-02-05] (CSR, plc)
S3 Cam5603D; C:\Windows\System32\Drivers\BisonCam.sys [753456 2007-06-01] ()
R3 CEBFilter; C:\Program Files\C&E\OSD\OsdService\cebuffer.sys [5120 2007-09-04] (Windows (R) Codename Longhorn DDK provider)
R3 CEIO; C:\Program Files\C&E\OSD\OsdService\ceio.sys [4608 2007-08-31] (Windows (R) Codename Longhorn DDK provider)
R3 cKBFilter; C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys [7168 2007-08-31] (Windows (R) Codename Longhorn DDK provider)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [46592 2007-04-04] (Windows (R) Codename Longhorn DDK provider)
R0 JRAID; C:\Windows\System32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210224 2007-01-30] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [10368 2004-11-01] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [5504 2006-10-18] (Silicon Image, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-04-26] (The OpenVPN Project)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Claudia\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-03 22:05 - 2013-12-03 22:05 - 00013544 _____ C:\Users\Claudia\Desktop\FRST.txt
2013-12-03 21:57 - 2013-12-03 21:57 - 00891184 _____ C:\Users\Claudia\Desktop\SecurityCheck.exe
2013-12-03 18:28 - 2013-12-03 18:28 - 02347384 _____ (ESET) C:\Users\Claudia\Desktop\esetsmartinstaller_enu.exe
2013-12-02 14:36 - 2013-12-02 14:36 - 01092187 _____ (Farbar) C:\Users\Claudia\Desktop\FRST.exe
2013-12-02 14:24 - 2013-12-02 14:24 - 00070497 _____ C:\Users\Claudia\Desktop\JRT.txt
2013-12-02 14:20 - 2013-12-02 14:20 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 14:19 - 2013-12-02 14:19 - 01034531 _____ (Thisisu) C:\Users\Claudia\Desktop\JRT.exe
2013-12-02 14:09 - 2013-12-02 14:11 - 00000000 ____D C:\AdwCleaner
2013-12-02 14:09 - 2013-12-02 14:09 - 01110034 _____ C:\Users\Claudia\Desktop\adwcleaner.exe
2013-12-01 19:33 - 2013-12-01 19:35 - 00000000 ___SD C:\ComboFix
2013-12-01 10:29 - 2013-12-01 10:29 - 00000000 ____D C:\Qoobox
2013-12-01 10:29 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-01 10:29 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-01 10:29 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-01 10:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-01 10:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-01 10:29 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-01 10:29 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-01 10:29 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-01 10:27 - 2013-12-01 19:33 - 00000000 ___SD C:\32788R22FWJFW
2013-12-01 10:24 - 2013-12-01 19:33 - 05151572 ____R (Swearware) C:\Users\Claudia\Desktop\ComboFix.exe
2013-11-30 12:44 - 2013-11-30 12:49 - 00018018 _____ C:\Users\Claudia\Desktop\Addition.txt
2013-11-30 12:43 - 2013-11-30 12:43 - 00000000 ____D C:\FRST
2013-11-24 17:13 - 2013-11-24 17:13 - 01595904 ____T C:\ProgramData\dalflfbg.fdd
2013-11-24 17:13 - 2013-11-24 17:13 - 00000285 _____ C:\ProgramData\dalflfbg.reg
2013-11-24 17:12 - 2013-11-24 17:13 - 95025368 ____T C:\ProgramData\dalflfbg.bxx
2013-11-24 17:12 - 2013-11-24 17:12 - 00000000 _____ C:\ProgramData\dalflfbg.fvv

==================== One Month Modified Files and Folders =======

2013-12-03 22:06 - 2013-12-03 22:05 - 00013544 _____ C:\Users\Claudia\Desktop\FRST.txt
2013-12-03 21:57 - 2013-12-03 21:57 - 00891184 _____ C:\Users\Claudia\Desktop\SecurityCheck.exe
2013-12-03 21:52 - 2012-07-22 20:15 - 00000000 ____D C:\Program Files\ElsterFormular2012
2013-12-03 21:37 - 1979-12-31 23:00 - 01183985 _____ C:\Windows\WindowsUpdate.log
2013-12-03 21:13 - 2011-07-02 21:38 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 21:13 - 2011-07-02 21:38 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-03 20:08 - 2006-11-02 13:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 20:08 - 2006-11-02 13:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 18:32 - 2008-01-21 08:16 - 01475854 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-03 18:28 - 2013-12-03 18:28 - 02347384 _____ (ESET) C:\Users\Claudia\Desktop\esetsmartinstaller_enu.exe
2013-12-03 18:28 - 2012-09-13 16:05 - 00000000 ___RD C:\Users\Claudia\Dropbox
2013-12-03 18:28 - 2012-09-13 15:41 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Dropbox
2013-12-03 18:08 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 11:25 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-03 10:32 - 2008-12-15 10:09 - 00002140 _____ C:\Windows\bthservsdp.dat
2013-12-03 10:32 - 2006-11-02 14:01 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-02 14:36 - 2013-12-02 14:36 - 01092187 _____ (Farbar) C:\Users\Claudia\Desktop\FRST.exe
2013-12-02 14:24 - 2013-12-02 14:24 - 00070497 _____ C:\Users\Claudia\Desktop\JRT.txt
2013-12-02 14:20 - 2013-12-02 14:20 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 14:19 - 2013-12-02 14:19 - 01034531 _____ (Thisisu) C:\Users\Claudia\Desktop\JRT.exe
2013-12-02 14:11 - 2013-12-02 14:09 - 00000000 ____D C:\AdwCleaner
2013-12-02 14:11 - 2012-11-27 01:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-02 14:09 - 2013-12-02 14:09 - 01110034 _____ C:\Users\Claudia\Desktop\adwcleaner.exe
2013-12-02 13:49 - 2013-08-03 10:33 - 00039904 _____ C:\Windows\PFRO.log
2013-12-01 19:35 - 2013-12-01 19:33 - 00000000 ___SD C:\ComboFix
2013-12-01 19:33 - 2013-12-01 10:27 - 00000000 ___SD C:\32788R22FWJFW
2013-12-01 19:33 - 2013-12-01 10:24 - 05151572 ____R (Swearware) C:\Users\Claudia\Desktop\ComboFix.exe
2013-12-01 19:33 - 2012-01-28 20:53 - 00000000 ____D C:\Windows\ERDNT
2013-12-01 10:29 - 2013-12-01 10:29 - 00000000 ____D C:\Qoobox
2013-12-01 09:18 - 2006-11-02 12:18 - 00000000 __RSD C:\Windows\Media
2013-11-30 12:49 - 2013-11-30 12:44 - 00018018 _____ C:\Users\Claudia\Desktop\Addition.txt
2013-11-30 12:43 - 2013-11-30 12:43 - 00000000 ____D C:\FRST
2013-11-30 11:41 - 2009-05-14 19:23 - 00026112 _____ C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-24 17:13 - 2013-11-24 17:13 - 01595904 ____T C:\ProgramData\dalflfbg.fdd
2013-11-24 17:13 - 2013-11-24 17:13 - 00000285 _____ C:\ProgramData\dalflfbg.reg
2013-11-24 17:13 - 2013-11-24 17:12 - 95025368 ____T C:\ProgramData\dalflfbg.bxx
2013-11-24 17:13 - 2010-04-28 19:06 - 00000680 _____ C:\Users\Claudia\AppData\Local\d3d9caps.dat
2013-11-24 17:12 - 2013-11-24 17:12 - 00000000 _____ C:\ProgramData\dalflfbg.fvv
2013-11-14 19:42 - 2013-08-16 17:59 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 19:39 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-13 20:08 - 2009-04-26 18:39 - 00002575 _____ C:\Users\Claudia\Desktop\Microsoft Word.lnk
2013-11-11 05:50 - 2009-10-03 10:13 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-06 11:15 - 2010-04-29 16:05 - 00000474 _____ C:\Windows\Tasks\Ad-Aware Update (Weekly).job

Files to move or delete:
====================
C:\ProgramData\dalflfbg.bxx
C:\ProgramData\dalflfbg.fdd
C:\ProgramData\dalflfbg.fvv
C:\ProgramData\dalflfbg.reg


Some content of TEMP:
====================
C:\Users\Claudia\AppData\Local\Temp\catchme.dll
C:\Users\Claudia\AppData\Local\Temp\drm_dyndata_7380009.dll
C:\Users\Claudia\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-03 18:17

==================== End Of Log ============================
         
--- --- ---

Geändert von Sunshine_71 (03.12.2013 um 21:07 Uhr)

Alt 04.12.2013, 10:57   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus? - Standard

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus?



Java und Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\gb45g2q434g
C:\ProgramData\dalflfbg.fdd
2013-11-24 17:13 - 2013-11-24 17:13 - 01595904 ____T C:\ProgramData\dalflfbg.fdd
2013-11-24 17:13 - 2013-11-24 17:13 - 00000285 _____ C:\ProgramData\dalflfbg.reg
2013-11-24 17:12 - 2013-11-24 17:13 - 95025368 ____T C:\ProgramData\dalflfbg.bxx
2013-11-24 17:12 - 2013-11-24 17:12 - 00000000 _____ C:\ProgramData\dalflfbg.fvv
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.12.2013, 16:47   #11
Sunshine_71
 
Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus? - Standard

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus?



Hier die Fixlog Datei:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-12-2013
Ran by Claudia at 2013-12-05 17:44:09 Run:1
Running from C:\Users\Claudia\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\gb45g2q434g
C:\ProgramData\dalflfbg.fdd
2013-11-24 17:13 - 2013-11-24 17:13 - 01595904 ____T C:\ProgramData\dalflfbg.fdd
2013-11-24 17:13 - 2013-11-24 17:13 - 00000285 _____ C:\ProgramData\dalflfbg.reg
2013-11-24 17:12 - 2013-11-24 17:13 - 95025368 ____T C:\ProgramData\dalflfbg.bxx
2013-11-24 17:12 - 2013-11-24 17:12 - 00000000 _____ C:\ProgramData\dalflfbg.fvv
*****************

C:\gb45g2q434g => Moved successfully.
C:\ProgramData\dalflfbg.fdd => Moved successfully.
"C:\ProgramData\dalflfbg.fdd" => File/Directory not found.
C:\ProgramData\dalflfbg.reg => Moved successfully.
C:\ProgramData\dalflfbg.bxx => Moved successfully.
C:\ProgramData\dalflfbg.fvv => Moved successfully.

==== End of Fixlog ====
         
Bin ich jetzt wieder 'clean' ??

Ich hab noch eine Frage... Hab jetzt alles nach Anleitung gemacht; auch das mit dem DelFix Programm... Aber bei mir öffnen sich seit diesem Virus nach dem Neustart immer zwei Fenster. Das erste: 1. RunDLL 'Fehler beim Laden von C:\PROGR~2\gbflflad.dss
Und das 2.: Windows Defender Fehler bei der Anwendungsinitialisierung. 0x800106ba.
Hat das auch was mit dem Virus zu tun? Danke schon mal im Vorraus.

Viele Grüße
Claudia

Geändert von Sunshine_71 (05.12.2013 um 17:29 Uhr)

Alt 06.12.2013, 09:21   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus? - Standard

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus?



Poste mal ein frisches FRST log, ich schau nochmal drüber
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.12.2013, 10:45   #13
Sunshine_71
 
Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus? - Standard

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus?




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-12-2013
Ran by Claudia (administrator) on CLAUDIA-PC on 06-12-2013 11:35:32
Running from C:\Users\Claudia\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Fujitsu Siemens Computers) C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(C&E) C:\Program Files\C&E\OSD\osd.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Dropbox, Inc.) C:\Users\Claudia\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
(Microsoft Corporation) C:\Programme\Microsoft Office\Office10\WINWORD.EXE
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4468736 2007-05-10] (Realtek Semiconductor)
HKLM\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM\...\Run: [OSD] - C:\Program Files\C&E\OSD\osd.exe [561152 2007-09-20] (C&E)
HKLM\...\Run: [Norman ZANDA] - "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
HKLM\...\Run: [NPCTray] - C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [520192 2006-12-14] ()
HKLM\...\Run: [NBAgent] - C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-04-03] (Nero AG)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKCU\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [958352 2011-07-26] (Samsung)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3507088 2011-07-26] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [20880 2011-07-26] ()
HKCU\...\Run: [UpgradeChecker] - C:\Users\Claudia\AppData\Roaming\Media Player Classic\{B4C47102-44E0-4CFC-88CF-D82CA0636F10}\UpgradeChecker.exe
HKCU\...\Run: [Efpiih] - C:\Users\Claudia\AppData\Roaming\Ubfa\uluha.exe
HKCU\...\Run: [5JYZ1C4F5BYX5VXFRWDBDBQSSQZ] - C:\gb45g2q434g\22E75E012C7.exe /q
HKCU\...\Run: [Exetender_148] - "C:\Program Files\FreeRide Games\GPlayer.exe" /schedule 300000
MountPoints2: {d7a891f8-1b35-11e0-8cc3-a2afb53cd7b2} - G:\setup.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dalflfbg.lnk
ShortcutTarget: dalflfbg.lnk -> C:\PROGRA~2\gbflflad.dss (No File)
Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Claudia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
URLSearchHook: HKCU - (No Name) - {3bbd3c14-4c16-4989-8366-95bc9179779d} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [490280 2010-03-25] (Nero AG)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [14848 2011-04-26] ()
S2 OsdService; C:\Program Files\C&E\OSD\OsdService\OsdService.exe [53248 2007-09-03] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-20] ()
R2 TestHandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [307200 2008-02-29] (Fujitsu Siemens Computers)
S3 Tomcat7; C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\tomcat7.exe [70656 2010-08-04] (Apache Software Foundation)
S2 Norman ZANDA; "C:\Program Files\Norman\Npm\Bin\Zanda.exe" [x]

==================== Drivers (Whitelisted) ====================

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-12-15] (Avira GmbH)
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [28048 2010-02-05] (CSR, plc)
S3 Cam5603D; C:\Windows\System32\Drivers\BisonCam.sys [753456 2007-06-01] ()
R3 CEBFilter; C:\Program Files\C&E\OSD\OsdService\cebuffer.sys [5120 2007-09-04] (Windows (R) Codename Longhorn DDK provider)
R3 CEIO; C:\Program Files\C&E\OSD\OsdService\ceio.sys [4608 2007-08-31] (Windows (R) Codename Longhorn DDK provider)
R3 cKBFilter; C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys [7168 2007-08-31] (Windows (R) Codename Longhorn DDK provider)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [46592 2007-04-04] (Windows (R) Codename Longhorn DDK provider)
R0 JRAID; C:\Windows\System32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210224 2007-01-30] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [10368 2004-11-01] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [5504 2006-10-18] (Silicon Image, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-04-26] (The OpenVPN Project)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Claudia\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-06 11:35 - 2013-12-06 11:36 - 00013430 _____ C:\Users\Claudia\Desktop\FRST.txt
2013-12-06 11:35 - 2013-12-06 11:35 - 00000000 ____D C:\FRST
2013-12-06 11:32 - 2013-12-06 11:32 - 01405939 _____ (Farbar) C:\Users\Claudia\Desktop\FRST.exe
2013-12-05 17:53 - 2013-12-05 17:54 - 00001395 _____ C:\DelFix.txt
2013-12-02 14:20 - 2013-12-05 17:53 - 00000000 ____D C:\Windows\ERUNT
2013-12-01 10:27 - 2013-12-05 17:50 - 00000000 ___SD C:\32788R22FWJFW

==================== One Month Modified Files and Folders =======

2013-12-06 11:36 - 2013-12-06 11:35 - 00013430 _____ C:\Users\Claudia\Desktop\FRST.txt
2013-12-06 11:35 - 2013-12-06 11:35 - 00000000 ____D C:\FRST
2013-12-06 11:32 - 2013-12-06 11:32 - 01405939 _____ (Farbar) C:\Users\Claudia\Desktop\FRST.exe
2013-12-06 11:31 - 1979-12-31 23:00 - 01760867 _____ C:\Windows\WindowsUpdate.log
2013-12-06 11:30 - 2012-09-13 16:05 - 00000000 ___RD C:\Users\Claudia\Dropbox
2013-12-06 11:30 - 2012-09-13 15:41 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Dropbox
2013-12-06 11:28 - 2011-07-02 21:38 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-06 11:24 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-06 11:24 - 2006-11-02 13:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-06 11:24 - 2006-11-02 13:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-06 11:21 - 2008-12-15 10:09 - 00002140 _____ C:\Windows\bthservsdp.dat
2013-12-06 11:21 - 2006-11-02 14:01 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-06 11:15 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-06 11:14 - 2011-07-02 21:38 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-05 17:54 - 2013-12-05 17:53 - 00001395 _____ C:\DelFix.txt
2013-12-05 17:53 - 2013-12-02 14:20 - 00000000 ____D C:\Windows\ERUNT
2013-12-05 17:50 - 2013-12-01 10:27 - 00000000 ___SD C:\32788R22FWJFW
2013-12-05 17:50 - 2012-01-28 20:53 - 00000000 ____D C:\Windows\ERDNT
2013-12-04 09:16 - 2008-01-21 08:16 - 01475854 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-04 09:04 - 2010-04-29 16:05 - 00000474 _____ C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2013-12-03 22:09 - 2013-08-03 10:33 - 00040694 _____ C:\Windows\PFRO.log
2013-12-03 21:52 - 2012-07-22 20:15 - 00000000 ____D C:\Program Files\ElsterFormular2012
2013-12-02 14:11 - 2012-11-27 01:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-01 09:18 - 2006-11-02 12:18 - 00000000 __RSD C:\Windows\Media
2013-11-30 11:41 - 2009-05-14 19:23 - 00026112 _____ C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-24 17:13 - 2010-04-28 19:06 - 00000680 _____ C:\Users\Claudia\AppData\Local\d3d9caps.dat
2013-11-14 19:42 - 2013-08-16 17:59 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 19:39 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-13 20:08 - 2009-04-26 18:39 - 00002575 _____ C:\Users\Claudia\Desktop\Microsoft Word.lnk
2013-11-11 05:50 - 2009-10-03 10:13 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Claudia\AppData\Local\Temp\catchme.dll
C:\Users\Claudia\AppData\Local\Temp\drm_dyndata_7380009.dll
C:\Users\Claudia\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-06 11:29

==================== End Of Log ============================
         
--- --- ---

Geändert von Sunshine_71 (06.12.2013 um 11:09 Uhr)

Alt 07.12.2013, 10:33   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus? - Standard

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus?



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKCU\...\Run: [Efpiih] - C:\Users\Claudia\AppData\Roaming\Ubfa\uluha.exe
HKCU\...\Run: [5JYZ1C4F5BYX5VXFRWDBDBQSSQZ] - C:\gb45g2q434g\22E75E012C7.exe /q
Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dalflfbg.lnk
ShortcutTarget: dalflfbg.lnk -> C:\PROGRA~2\gbflflad.dss (No File)
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Downloade dir bitte Windows Repair (All In One) von hier.
  • Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
  • Klicke auf Step 2 und drücke unter Check Disk auf Do It.

  • Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.

  • Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.

  • Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
  • Hake Restart System when Finished an.
  • Drücke Start.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.12.2013, 12:41   #15
Sunshine_71
 
Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus? - Standard

Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus?



Hier die Fixlog Datei:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-12-2013 01
Ran by Claudia at 2013-12-07 13:39:56 Run:1
Running from C:\Users\Claudia\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Efpiih] - C:\Users\Claudia\AppData\Roaming\Ubfa\uluha.exe
HKCU\...\Run: [5JYZ1C4F5BYX5VXFRWDBDBQSSQZ] - C:\gb45g2q434g\22E75E012C7.exe /q
Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dalflfbg.lnk
ShortcutTarget: dalflfbg.lnk -> C:\PROGRA~2\gbflflad.dss (No File)
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Efpiih => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\5JYZ1C4F5BYX5VXFRWDBDBQSSQZ => Value deleted successfully.
C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dalflfbg.lnk => Moved successfully.
C:\PROGRA~2\gbflflad.dss not found.

==== End of Fixlog ====
         

Antwort

Themen zu Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus?
adware.installbrain, bundesamt für sicherheit, illegale, programm, pup.bprotector, pup.optional.1clickdownload.a, pup.optional.babylon.a, pup.optional.bprotector.a, pup.optional.conduit.a, pup.optional.datamngr.a, pup.optional.filescout.a, pup.optional.performersoft.a, pup.optional.sweetim.a, riskware.tool.ck, sicherheit, trojan.agent, trojan.ransom.ed, unerwünschte, unerwünschtes, unerwünschtes programm, virenscan, virenscanner, win32/adware.yontoo.b, win32/reveton.w, win32/spy.spyeye.cfg.a



Ähnliche Themen: Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus?


  1. Windows Vista SP2 64-bit - Virus / unerwünschtes Programm?
    Plagegeister aller Art und deren Bekämpfung - 09.11.2014 (9)
  2. Unerwünschtes Programm oder Virus im Verzeichnis C:\Dokumente und Einstellungen
    Plagegeister aller Art und deren Bekämpfung - 11.01.2014 (1)
  3. Windows 7, 64 bit: Virus oder unerwünschtes Programm ADWARE/BProtector.E
    Plagegeister aller Art und deren Bekämpfung - 04.12.2013 (3)
  4. Virus oder unerwünschtes Programm 'ADWARE/BProtector.E'
    Plagegeister aller Art und deren Bekämpfung - 03.12.2013 (1)
  5. C:\Users\Helmut\AppData\Local\Temp\wpbt0.dll' enthielt einen Virus oder unerwünschtes Programm 'TR/Reveton.N.370' [trojan].
    Log-Analyse und Auswertung - 25.09.2013 (11)
  6. Unerwünschtes Programm oder Virus gefunden
    Log-Analyse und Auswertung - 12.01.2013 (7)
  7. Avira Meldung: Virus oder unerwünschtes Programm TR/Sirefef.AZ.62
    Plagegeister aller Art und deren Bekämpfung - 29.08.2012 (2)
  8. Avira Meldung: Virus oder unerwünschtes Programm TR/Sirefef.AZ.62
    Log-Analyse und Auswertung - 27.08.2012 (1)
  9. Virus oder unerwünschtes Programm BOO/Dosump.A im Masterbootsektor Laufwerk D:
    Plagegeister aller Art und deren Bekämpfung - 06.04.2012 (6)
  10. Virus oder unerwünschtes Programm ' BOO/TDss.O' wurde von Antivir gefunden
    Log-Analyse und Auswertung - 19.02.2012 (29)
  11. 1.Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden...
    Plagegeister aller Art und deren Bekämpfung - 26.03.2011 (25)
  12. Trojaner, Virus, unerwünschtes Programm an Bord
    Plagegeister aller Art und deren Bekämpfung - 19.03.2011 (1)
  13. Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan]
    Plagegeister aller Art und deren Bekämpfung - 18.11.2010 (20)
  14. Virus oder unerwünschtes Programm 'TR/PSW.Zbot.128000.Y.3'
    Plagegeister aller Art und deren Bekämpfung - 15.10.2010 (30)
  15. Virus oder unerwünschtes Programm 'HEUR/HTML.Malware' [heuristic]
    Plagegeister aller Art und deren Bekämpfung - 10.02.2010 (12)
  16. unerwünschtes Programm 'HEUR/Worm.Outlook.VBS' ..Virus oder Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 06.06.2008 (20)
  17. wurde ein Virus oder unerwünschtes Programm 'BDS/Agent.elw'
    Log-Analyse und Auswertung - 18.02.2008 (2)

Zum Thema Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus? - Hallo, ich habe mir vor ein paar Tagen einen Virus eingefangen. Eine Seite erschien vom Bundesamt für Sicherheit, ich hätte illegale Inhalte geladen. Jetzt meldet sich regelmäßig mein Virenscanner mit - Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus?...
Archiv
Du betrachtest: Unerwünschtes Programm 'TR/Reveton.A.2410' Bundesamt Virus? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.