Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: System Care AV

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.05.2013, 10:12   #1
vivtane
 
System Care AV - Standard

System Care AV



Hi,

ich habe mir gestern den System Care AV eingefangen (PC, Win7, 32-bit, Bullguard) und, da der Task-Manager blockiert war, versucht, es zu deinstallieren. Das sah zunächst ok aus, ich konnte Bullguard wieder starten. Beim Scan wurde eine Malware-Datei, AU_.exe, gefunden. Ich habe die Datei nicht in Quarantäne gestellt, sondern gleich gelöscht.
Dann habe ich 3 von Bullguard empfohlene SW-updates installiert (die neuesten für Adobe Air 3.x, Adobe Acrobat X 10.x und Java RE 1.6x / 6.x).
Der Rechner sah zwar wieder ok aus, aber die CPU-Auslastung war auf 80%, und nach einem Neustart war der Trojaner wieder aktiv.
Ich habe vor dem Neustart einen OTL-Scan durchgeführt -> otl.txt, extras.txt

Heute morgen habe ich den Rechner im abgesicherten Modus mit Netzwerktreibern hochgefahren (kein Anschuß ans Netzwerk), Bullguard deaktiviert und - Eurem Leitfaden folgend - defogger ausgeführt und - ohne Neustart - einen OTL-Scan durchgeführt. Im Gegensatz zu gestern findet sich jetzt bei 'folders'
C:\Users\vivtane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care
ein SC AV - Eintrag unter , aber OTL generiert keine extras.txt mehr. Leider habe ich die von gestern gelöscht...
Da ich im defogger ja nicht ohne Anweisung die Emulatoren wieder reaktivieren soll, wende ich mich an Euch mit der Bitte, mir weiterzuhelfen
Falls ich im Verlauf Eurer Anweisungen einen Neustart durchführen soll, schreibt mir bitte dazu, ob ich defogger schließen / re-aktivate anklicken soll.

Herzlichen Dank und lg
Marion

Es gibt auf dem Rechner auch eine SW-Installation (JNLP), die ich gestern deinstalliert habe, die sich aber heute wieder in der Liste findet. Kann das ein Teil des erwähnten Java-updates sein?

defogger-LOG
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:08 on 20/05/2013 (vivtane)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.05.2013 09:35:13 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\vivtane\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 67,89% Memory free
6,00 Gb Paging File | 5,30 Gb Available in Paging File | 88,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,17 Gb Total Space | 28,62 Gb Free Space | 4,92% Space Free | Partition Type: NTFS
Drive D: | 14,99 Gb Total Space | 2,94 Gb Free Space | 19,62% Space Free | Partition Type: FAT32
Drive K: | 1863,01 Gb Total Space | 1659,72 Gb Free Space | 89,09% Space Free | Partition Type: NTFS
 
Computer Name: GEPARD | User Name: vivtane | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.19 16:34:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vivtane\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Windows\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2013.05.15 16:04:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.11 14:07:00 | 000,528,256 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.02 13:33:20 | 000,014,528 | ---- | M] (Seagate Technology LLC) [Auto | Stopped] -- C:\Programme\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
SRV - [2012.05.26 16:14:26 | 000,189,784 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV - [2012.05.26 16:11:24 | 000,331,096 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV - [2012.03.16 10:37:16 | 000,197,464 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Programme\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV - [2012.02.26 23:36:19 | 000,500,568 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Programme\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire)
SRV - [2012.02.26 23:36:19 | 000,324,440 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Programme\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2011.12.19 12:02:31 | 000,338,776 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan)
SRV - [2011.12.18 23:14:24 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2011.11.12 02:31:00 | 000,288,600 | ---- | M] (BullGuard Ltd.) [On_Demand | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.05.26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.05.20 11:42:41 | 000,125,784 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Programme\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe -- (BgRaSvc)
SRV - [2011.05.20 11:42:41 | 000,067,928 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Programme\BullGuard Ltd\BullGuard\BsBrowser.dll -- (BsBrowser)
SRV - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.05.31 21:02:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wacomvhid.sys -- (wacomvhid)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\aiptektp.sys -- (aiptektp)
DRV - [2012.12.03 17:36:34 | 000,070,048 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wachidrouter.sys -- (WacHidRouter)
DRV - [2012.12.03 17:36:32 | 000,011,680 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2012.11.15 10:41:06 | 000,013,728 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV - [2011.05.02 19:25:38 | 000,215,624 | ---- | M] (NovaShield, Inc.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\NSKernel.sys -- (NovaShieldFilterDriver)
DRV - [2011.05.02 19:25:38 | 000,020,040 | ---- | M] (NovaShield, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NSNetmon.sys -- (NovaShieldTDIDriver)
DRV - [2011.04.23 15:32:42 | 000,328,296 | R--- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AfwCore.sys -- (afwcore)
DRV - [2011.04.23 15:32:41 | 000,034,920 | R--- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Afw.sys -- (afw)
DRV - [2011.04.23 15:32:08 | 000,061,152 | ---- | M] (BullGuard Ltd.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\BdSpy.sys -- (BdSpy)
DRV - [2011.04.23 15:32:04 | 000,304,712 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Trufos.sys -- (Trufos)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2010.04.03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.12.04 11:59:52 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Programme\BullGuard Ltd\BullGuard\Antirootkit\profos.sys -- (Profos)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.07.09 19:16:24 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009.06.26 22:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.08.25 04:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008.08.18 19:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.01.23 10:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006.07.31 07:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ov550i.sys -- (APL531)
DRV - [2003.12.19 22:16:26 | 000,016,035 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VocTrace.sys -- (SAFAUSB)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-1856749932-630562057-1855922848-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-1856749932-630562057-1855922848-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-1856749932-630562057-1855922848-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1856749932-630562057-1855922848-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1856749932-630562057-1855922848-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1856749932-630562057-1855922848-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1856749932-630562057-1855922848-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1856749932-630562057-1855922848-1000\..\SearchScopes,DefaultScope = {6765B302-91A3-4FA2-82BD-A7D2D843C146}
IE - HKU\S-1-5-21-1856749932-630562057-1855922848-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1856749932-630562057-1855922848-1000\..\SearchScopes\{6765B302-91A3-4FA2-82BD-A7D2D843C146}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKU\S-1-5-21-1856749932-630562057-1855922848-1000\..\SearchScopes\{C53EC8B9-2F95-4EA4-95DD-BC43D97D0C23}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-1856749932-630562057-1855922848-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1856749932-630562057-1855922848-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_45: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010.02.16 22:48:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\ [2012.01.12 04:22:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.05.19 16:22:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin [2010.05.22 09:38:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter [2011.04.23 15:35:15 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll
CHR - plugin:  Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\vivtane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\vivtane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\vivtane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Programme\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1856749932-630562057-1855922848-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1856749932-630562057-1855922848-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1856749932-630562057-1855922848-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BambooCore] C:\Programme\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [DBAgent] C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_2008_Premium\Trayserver.exe (MAGIX AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1856749932-630562057-1855922848-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1856749932-630562057-1855922848-1000..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1856749932-630562057-1855922848-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1856749932-630562057-1855922848-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-1856749932-630562057-1855922848-1000..\Run: [updateMgr] C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1 File not found
O4 - HKU\S-1-5-21-1856749932-630562057-1855922848-1000..\Run: [Uploader] C:\Programme\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1856749932-630562057-1855922848-1000..\RunOnce: [C68E63B821852AA90000C68D9D303055] C:\ProgramData\C68E63B821852AA90000C68D9D303055\C68E63B821852AA90000C68D9D303055.exe ()
O4 - Startup: C:\Users\vivtane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\vivtane\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
F3 - HKU\S-1-5-21-1856749932-630562057-1855922848-1000 WinNT: Run - (RmFile.exe) - C:\Windows\rmfile.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\vivtane\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programme\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} https://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab (UI File Upload Control)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C1DAF90-64FA-41FF-8DB2-0A69EC4AE8F4}: NameServer = 213.33.99.70,80.120.17.70
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.04.27 09:55:18 | 000,000,038 | ---- | M] () - K:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{6c94cbab-8d47-11e0-8b9c-40618601a444}\Shell - "" = AutoRun
O33 - MountPoints2\{6c94cbab-8d47-11e0-8b9c-40618601a444}\Shell\AutoRun\command - "" = J:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.19 16:34:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\vivtane\Desktop\OTL.exe
[2013.05.19 11:48:47 | 000,000,000 | ---D | C] -- C:\Users\vivtane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
[2013.05.19 11:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\C68E63B821852AA90000C68D9D303055
[2013.05.16 03:09:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 03:09:42 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 03:09:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 03:09:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.16 03:09:41 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 03:09:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.16 03:09:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.16 03:04:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.15 05:26:13 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.15 05:26:11 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.15 05:25:52 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.15 05:25:46 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.15 05:25:46 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.08 14:13:44 | 000,000,000 | ---D | C] -- C:\Users\vivtane\.android
[2013.04.24 06:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.20 09:35:07 | 007,864,320 | -HS- | M] () -- C:\Users\vivtane\ntuser.dat
[2013.05.20 09:08:35 | 000,000,000 | ---- | M] () -- C:\Users\vivtane\defogger_reenable
[2013.05.20 09:00:16 | 001,629,916 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2013.05.20 09:00:16 | 000,700,858 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.20 09:00:16 | 000,662,740 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.20 09:00:16 | 000,147,544 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.20 09:00:16 | 000,123,934 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.20 08:56:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.20 08:55:56 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.20 08:45:42 | 000,377,856 | ---- | M] () -- C:\Users\vivtane\Desktop\gmer_2.1.19163.exe
[2013.05.20 08:43:28 | 000,050,477 | ---- | M] () -- C:\Users\vivtane\Desktop\Defogger.exe
[2013.05.19 20:20:47 | 000,006,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.19 20:20:47 | 000,006,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.19 20:13:38 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.19 20:13:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2013.05.19 19:23:01 | 000,007,614 | ---- | M] () -- C:\Users\vivtane\AppData\Local\Resmon.ResmonCfg
[2013.05.19 19:04:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.19 19:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.19 16:34:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vivtane\Desktop\OTL.exe
[2013.05.17 09:48:22 | 000,001,456 | ---- | M] () -- C:\Users\vivtane\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013.05.16 03:29:58 | 003,902,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.05 21:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.04.25 14:02:29 | 000,110,670 | ---- | M] () -- C:\Users\Public\Documents\Antrag auf Mitgliedschaft ARGE.pdf
 
========== Files Created - No Company Name ==========
 
[2013.05.20 09:08:35 | 000,000,000 | ---- | C] () -- C:\Users\vivtane\defogger_reenable
[2013.05.20 08:48:45 | 000,377,856 | ---- | C] () -- C:\Users\vivtane\Desktop\gmer_2.1.19163.exe
[2013.05.20 08:48:45 | 000,050,477 | ---- | C] () -- C:\Users\vivtane\Desktop\Defogger.exe
[2013.05.06 01:20:55 | 000,001,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
[2013.04.25 14:02:29 | 000,110,670 | ---- | C] () -- C:\Users\Public\Documents\Antrag auf Mitgliedschaft ARGE.pdf
[2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.08.30 20:05:41 | 000,001,456 | ---- | C] () -- C:\Users\vivtane\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012.06.30 12:16:51 | 000,000,000 | ---- | C] () -- C:\Windows\DMM.INI
[2012.04.14 21:03:53 | 000,001,456 | ---- | C] () -- C:\Users\vivtane\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012.02.25 11:03:04 | 000,524,288 | -HS- | C] () -- C:\Users\vivtane\ntuser.dat{78888358-5f8f-11e1-9230-0025d361138d}.TMContainer00000000000000000002.regtrans-ms
[2012.02.25 11:03:04 | 000,524,288 | -HS- | C] () -- C:\Users\vivtane\ntuser.dat{78888358-5f8f-11e1-9230-0025d361138d}.TMContainer00000000000000000001.regtrans-ms
[2012.02.25 11:03:04 | 000,065,536 | -HS- | C] () -- C:\Users\vivtane\ntuser.dat{78888358-5f8f-11e1-9230-0025d361138d}.TM.blf
[2010.10.25 14:33:39 | 000,524,288 | -HS- | C] () -- C:\Users\vivtane\ntuser.dat{023ede5b-e034-11df-b0c1-0025d361138d}.TMContainer00000000000000000002.regtrans-ms
[2010.10.25 14:33:39 | 000,524,288 | -HS- | C] () -- C:\Users\vivtane\ntuser.dat{023ede5b-e034-11df-b0c1-0025d361138d}.TMContainer00000000000000000001.regtrans-ms
[2010.10.25 14:33:39 | 000,065,536 | -HS- | C] () -- C:\Users\vivtane\ntuser.dat{023ede5b-e034-11df-b0c1-0025d361138d}.TM.blf
[2010.07.18 17:35:41 | 000,003,584 | ---- | C] () -- C:\Users\vivtane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.09 02:50:59 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Falk Navi-Manager.msi
[2010.03.21 19:46:45 | 000,007,614 | ---- | C] () -- C:\Users\vivtane\AppData\Local\Resmon.ResmonCfg
[2010.02.20 20:27:57 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.02.17 10:51:06 | 000,153,280 | ---- | C] () -- C:\Users\vivtane\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.02.16 23:43:17 | 000,000,020 | -HS- | C] () -- C:\Users\vivtane\ntuser.ini
[2010.02.16 22:45:42 | 007,864,320 | -HS- | C] () -- C:\Users\vivtane\ntuser.dat
[2010.02.16 22:45:42 | 000,524,288 | -HS- | C] () -- C:\Users\vivtane\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.02.16 22:45:42 | 000,524,288 | -HS- | C] () -- C:\Users\vivtane\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.02.16 22:45:42 | 000,065,536 | -HS- | C] () -- C:\Users\vivtane\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2008.03.03 15:23:42 | 000,000,904 | -H-- | C] () -- C:\ProgramData\TDV4H73DS0Ampsd43.dat
[2006.12.14 14:11:22 | 000,000,544 | -H-- | C] () -- C:\ProgramData\winpmltsTDV4H73DS0A
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.08.17 23:22:55 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\onOne Software
[2011.08.17 23:22:55 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\onOne Software
[2010.12.20 18:26:18 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\Anthropics
[2012.10.23 20:24:52 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\Artisteer
[2011.04.23 15:49:15 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\BullGuard
[2010.07.10 21:12:43 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\Canon
[2012.07.02 20:45:55 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\capella-software
[2010.05.09 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\ChaosPro
[2012.04.11 16:59:42 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.11.03 22:06:36 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\com.adobe.bridge.PublishPanel
[2013.01.14 00:28:54 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\com.adobe.dmp.contentviewer
[2013.05.19 20:14:00 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\Dropbox
[2011.10.15 21:14:44 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\DVDVideoSoft
[2011.10.15 21:14:33 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.02.13 01:07:30 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\e-on software
[2010.06.23 22:05:00 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\Eovia
[2013.04.12 00:58:24 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\FileZilla
[2013.03.17 18:49:26 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\GARMIN
[2010.08.15 14:50:20 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\GetRightToGo
[2011.02.19 18:46:02 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\HDRsoft
[2011.02.20 15:04:00 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\ImagingLuminaryLLC
[2012.10.28 16:20:55 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\Leadertech
[2010.08.01 17:44:41 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\MAGIX
[2011.08.20 18:45:35 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\Mask Pro 4.0
[2012.07.28 21:09:44 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\Musicnotes
[2011.08.09 19:54:56 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\NeatImage PS 32
[2011.08.25 22:44:47 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\Nik Software
[2012.05.17 15:45:55 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\onOne Software
[2010.09.26 16:39:39 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\Opera
[2012.04.08 15:47:25 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\Poser
[2010.09.25 10:46:05 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\Poser Pro
[2010.08.01 16:51:24 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\ProtectDisc
[2011.04.03 14:43:19 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\Recolored
[2012.10.28 15:56:05 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\Seagate
[2010.09.22 20:30:33 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\ShadeExplorer
[2011.04.23 15:49:15 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\Software Inspection Library
[2010.06.23 21:07:56 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\Spiral Graphics
[2012.04.10 16:28:33 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.05.12 23:37:23 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\Ultra Fractal 5
[2010.02.23 23:29:18 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\uTorrent
[2013.01.14 12:33:48 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\Wacom
[2013.01.14 12:34:09 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2010.04.04 17:02:50 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\Windows Live Writer
[2013.01.14 12:16:03 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\WTouch
[2012.05.28 20:04:47 | 000,000,000 | ---D | M] -- C:\Users\vivtane\AppData\Roaming\Xycod
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 512 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:A8665DF4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5CB1E0D3

< End of report >
         
--- --- ---

[/CODE]

Geändert von vivtane (20.05.2013 um 10:16 Uhr) Grund: Nachtrag

Alt 20.05.2013, 11:15   #2
ryder
/// TB-Ausbilder
 
System Care AV - Standard

System Care AV



!! Hinweis an Mitlesende !!
Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht.
Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.




Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:
Bitte lesen:
Regeln für die Bereinigung
  • Illegal genutzte Software
    Beim ersten Anzeichen wird der Support ohne Diskussion eingestellt. Also sorge bitte vorher dafür, dass hier nichts mehr auftaucht.
  • Keine Garantie
    Wir werden uns Mühe geben, aber einen 100% sicheren und sauberen Computer bekommst du nicht zurück. Der einzig sichere Weg ist die Formatierung mit Neuaufsetzen.
  • Keine Alleingänge
    Die Bereinigung funktioniert nur, wenn du genau das machst, was ich anweise. Installiere/deinstalliere keine Software, führe keine Scans durch, die ich dir nicht angewiesen habe. Poste dein Thema in keinem anderen Forum und folge nicht den Anweisungen anderer Helfer. Du raubst damit allen Beteiligten nur Zeit.
  • Aufmerksam lesen und nachfragen
    Lies jede Anleitung genau durch. Bei Unklarheiten bitte vorher nachfragen. Arbeite die Schritte in der Reihenfolge ab und antworte dann erst nach dem letzten Schritt oder wenn du eine Frage hast.
  • Richtig antworten
    • Nachdem du alle Schritte abgearbeitet hast gibst du mir bitte zu jedem Schritt eine Rückmeldung (Logfile oder Antwort) und das gesammelt in einer Antwort.
    • Mache deinen Namen nur dann unkenntlich, wenn es wirklich sein muss.
    • Logfiles bitte zwischen Code-Tags platzieren (im Antwortfenster das #-Symbol anklicken) sieht dann so aus:
      [CODE] (Logfile) [/CODE]
    • Hinweis in eigener Sache: Angehängte oder gezippte Logfiles erschweren mir die Arbeit massiv! Mache das also nur, wenn das Logfile zu groß ist, um es direkt zu posten.
  • Keine privaten Nachrichten
    Ich sehe es, wenn du geantwortet hast, du mußt mich nicht benachrichtigen. Schicke mir nur dann eine PM wenn ich drei Tage nicht geantwortet habe und nur dann.
  • Wie läuft die Bereinigung ab?
    Ganz grob: Analyse > Bereinigung > Kontrolle mit Updates > Fertig. Ob fertig oder nicht werde ich dir ganz deutlich mitteilen, du brauchst nicht nachzufragen.


Lesestoff:
Banking-Trojaner
Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 20.05.2013, 13:33   #3
vivtane
 
System Care AV - Standard

System Care AV



Hallo ryder,

danke für Deine Antwort.
Den Hinweis auf nicht-lizensierte Software verstehe ich nicht, da ich die vielen teuren Programme auf dem Rechner gekauft und auch registriert habe...
Den Online-Banking-Zugang habe ich durch mehrmalige falsche PIN-Eingabe von diesem (sauberen) Notebook gesperrt - ich hoffe, das reicht?

Combofix ist einwandfrei gelaufen und hat, wenn ich den Log richtig interpretiere, auch einiges gelöscht. Bitte nicht böse sein, wenn ich mich erst abends wieder melde; ich muss meine gehbehinderte Mom zu einer Familienfeier bringen. Im Moment ist ja hoffentlich nichts Dringendes zu tun:
Der Rechner ist vom Netz und läuft im abgesicherten Modus
Der Internetzugang um Konto ist gesperrt und ich informiere morgen meine Bank, um ggf. weitere Schritte zu veranlassen.

Danke im Voraus für weitere Anweisungen,
Lg Marion

Hier der Combofix-Log:
Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-05-18.04 - vivtane 20.05.2013  13:06:30.1.4 - x86 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.3071.2016 [GMT 2:00]
ausgeführt von:: c:\users\vivtane\Desktop\ComboFix.exe
AV: BullGuard Antivirus *Disabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
FW: BullGuard Firewall *Disabled* {68747E43-7A47-EA26-053F-CB84640E3E67}
SP: BullGuard Antispyware *Disabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
 ADS - Windows: deleted 512 bytes in 1 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\C68E63B821852AA90000C68D9D303055
c:\programdata\C68E63B821852AA90000C68D9D303055\C68E63B821852AA90000C68D9D303055
c:\programdata\C68E63B821852AA90000C68D9D303055\C68E63B821852AA90000C68D9D303055.exe
c:\programdata\C68E63B821852AA90000C68D9D303055\C68E63B821852AA90000C68D9D303055.ico
c:\users\Public\sdelevURL.tmp
c:\users\vivtane\4.0
c:\users\vivtane\AppData\Local\Microsoft\Windows\Temporary Internet Files\preset.php
K:\Autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-20 bis 2013-05-20  ))))))))))))))))))))))))))))))
.
.
2013-05-20 11:19 . 2013-05-20 11:19	--------	d-----w-	c:\users\vivtane\AppData\Local\temp
2013-05-20 11:19 . 2013-05-20 11:19	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-20 07:08 . 2013-05-20 07:08	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{121BB21D-8F4E-4FE9-8BD3-EE5B65455CA4}\offreg.dll
2013-05-17 13:58 . 2013-05-13 23:49	7016152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{121BB21D-8F4E-4FE9-8BD3-EE5B65455CA4}\mpengine.dll
2013-05-16 01:04 . 2013-05-05 19:12	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-15 03:26 . 2013-03-19 04:53	186368	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-15 03:26 . 2013-03-19 03:33	40960	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-15 03:26 . 2013-04-10 03:14	2347520	----a-w-	c:\windows\system32\win32k.sys
2013-05-15 03:25 . 2013-04-10 05:18	728424	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 03:25 . 2013-04-10 05:18	218984	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 03:25 . 2013-02-27 05:05	101720	----a-w-	c:\windows\system32\consent.exe
2013-05-15 03:25 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\system32\authui.dll
2013-05-15 03:25 . 2013-02-27 04:49	47104	----a-w-	c:\windows\system32\appinfo.dll
2013-05-10 07:57 . 2013-05-10 07:57	49728	----a-w-	c:\windows\system32\AdobePDF.dll
2013-05-10 07:57 . 2013-05-10 07:57	25160	----a-w-	c:\windows\system32\AdobePDFUI.dll
2013-05-08 12:13 . 2013-05-08 12:13	--------	d-----w-	c:\users\vivtane\.android
2013-04-24 04:37 . 2013-04-24 04:37	--------	d-----w-	c:\programdata\McAfee
2013-04-24 00:26 . 2013-04-12 13:45	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-19 14:32 . 2012-10-28 20:25	473520	----a-w-	c:\windows\system32\deployJava1.dll
2013-05-19 14:32 . 2012-07-07 12:03	477616	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-05-15 14:04 . 2012-04-02 18:13	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-15 14:04 . 2011-06-18 12:37	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2010-02-17 00:29	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-15 03:26	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 03:26	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-03-19 05:04 . 2013-04-10 00:01	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 00:01	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 00:01	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 00:01	69632	----a-w-	c:\windows\system32\smss.exe
2009-11-17 13:01 . 2010-04-09 00:50	1456640	----a-w-	c:\program files\Common Files\Falk Navi-Manager.msi
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\vivtane\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\vivtane\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\vivtane\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Uploader"="c:\program files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe" [2012-07-02 120496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrayServer"="c:\progra~1\MAGIX\VIDEO_~1\TrayServer.exe" [2008-01-17 90112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"DBAgent"="c:\program files\Seagate\Seagate Dashboard 2.0\DBAgent.exe" [2012-07-02 1454216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-10 958576]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2012-10-16 646744]
.
c:\users\vivtane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\vivtane\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
.
R1 aiptektp;HyperPen;c:\windows\system32\DRIVERS\aiptektp.sys [x]
R1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [x]
R1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys [x]
R1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys [x]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
R2 BsBhvScan;BullGuard behavioural detection service;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [x]
R2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe [x]
R2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [x]
R2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe [x]
R2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [x]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [x]
R2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
R2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
R3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys [x]
R3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 BgRaSvc;BgRaSvc;c:\program files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [x]
R3 SAFAUSB;Voice Tracer Comm. driver;c:\windows\system32\Drivers\VocTrace.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [x]
S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [x]
S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [x]
S3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [x]
S3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BdFileSpy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
BullGuard_Main	REG_MULTI_SZ   	BsMain
BullGuard	REG_MULTI_SZ   	BsFileScan BsMailProxy BsFire
BullGuard_LowPriv	REG_MULTI_SZ   	BsBrowser
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 07:59	1642448	----a-w-	c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 14:04]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-19 09:39]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-19 09:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube to MP3 Converter - c:\users\vivtane\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4
LSP: c:\windows\system32\BGLsp.dll
TCP: Interfaces\{1C1DAF90-64FA-41FF-8DB2-0A69EC4AE8F4}: NameServer = 213.33.99.70,80.120.17.70
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} - hxxps://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-updateMgr - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
HKCU-Run-AdobeBridge - (no file)
AddRemove-OVT Scanner - c:\windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner
AddRemove-Vue 8 Infinite - c:\program files\e-on software\Vue 8 Infinite\Uninstall.exe
AddRemove-_{E1A63F75-1F72-4450-980D-434496FFC646} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {E1A63F75-1F72-4450-980D-434496FFC646}
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-20  13:20:52
ComboFix-quarantined-files.txt  2013-05-20 11:20
.
Vor Suchlauf: 9 Verzeichnis(se), 30.586.449.920 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 33.237.831.680 Bytes frei
.
- - End Of File - - 380785A95A37C91CAE9847CCEB43B434
         
--- --- ---
__________________

Alt 20.05.2013, 16:40   #4
ryder
/// TB-Ausbilder
 
System Care AV - Standard

System Care AV



Das ist schonmal gut. Und notfalls hast du dein Bankkonto umsonst gesperrt, aber besser so als anders.


Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)
Deinstallation von Programmen
  • Windows XP: Start > Systemsteuerung > Software > [Programmname] > Deinstallieren
  • Windows Vista / 7: Start > Systemsteuerung > Programme und Funktionen > [Programmname] > Deinstallieren
  • ggf. Neustart zulassen
Deinstalliere - falls du es nicht absichtlich installiert hast - alles was den Zusatz "Toolbar" enthält, sowie Downloader-Anwendungen

Gehe bitte die folgende Liste durch und deinstalliere die genannten Programme, falls vorhanden:
CCleaner oder andere Registry-Cleaner, TuneUp Utilities (inkl. Language Pack), Glary Utilities, Spybot S & D (inklusive Teatimer), Zonealarm Firewall, McAfee Security Scan, Spyware Hunter, Spyware Terminator, Java 6 (alle), Pokersoftware, xp-Antispy, Hotspot Shield, iLivid, Amazon Icon, DriverEasy, Advanced Driver Updater, DriverCure, Uniblue DriverScanner, FireJump, SearchAnonymizer, SpeedMaxPC, Optimzer Pro




Schritt 2:
AdwCleaner: Werbeprogramme suchen und löschen
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3:
Nochmals Combofix.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 20.05.2013, 21:01   #5
vivtane
 
System Care AV - Standard

System Care AV



Mmh, danke - leider hakt es schon bei Schritt 1:
- ich habe ein Java (TM) 6 Update 45, das ich über die Systemsteuerung nicht deinstallieren kann.
Fehlermeldung:
'Auf den Windows Installer-Dienst kann nicht zugegriffen werden. Dies kann auftreten, wenn der Windows Installer nicht richtig installiert wurde. Wenden Sie Sich an den Support, um weitere Unterstützung zu erhalten.'

Dieselbe Fehlermeldung bekomme ich, wenn ich versuche, Apple Software Update, Quicktime, Apple Mobile Device Support und Apple Software Support zu löschen.

Ich habe daraufhin zu Testzwecken Dropbox und FileZilla deinstalliert, das hat einwandfrei funkioniert.

Den System Care AV finde ich nicht mehr in der Systemsteuerung, aber unter Start >>Programme gibt es den Eintrag noch.

Kann/soll ich diese Java-Installation über die Kommandozeile deinstallieren oder jetzt einfach den Adware-Cleaner und Comofix laufen lassen?

Danke und lg
Marion


Alt 20.05.2013, 21:49   #6
ryder
/// TB-Ausbilder
 
System Care AV - Standard

System Care AV



Ich habe hier noch eine Anleitung die dir weiterhelfen könnte:

Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen.

Downloade dir JavaRa auf deinen Desktop und starte es:
  • Klicke Update JavaRa Definitions > Download > Back.
  • Klicke Remove Java Runtime und probiere zunächst ob der Uninstallprozess funktioniert, wähle also die Installation aus und wähle Run Uninstaller.
  • Funktioniert das nicht klicke unten rechts Next und klicke Perform Removal Routine.
  • Klicke wieder Next und installiere die neueste Version.
  • Klicke dann Additional Tasks, wähle Remove Outdated JRE Firefox Extensions und Clean JRE Temp Files und dann auf Run.
Schließe das Progamm und lösche es.
__________________
--> System Care AV

Alt 22.05.2013, 08:48   #7
ryder
/// TB-Ausbilder
 
System Care AV - Standard

System Care AV



Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 22.05.2013, 10:23   #8
vivtane
 
System Care AV - Standard

System Care AV



entschuldige bitte, ryder, dass ich mich gestern nicht gemeldet habe.
ich habe am freitag die erste vernissage meiner fotos und in den letzten tagen läuft einfach alles nach murphy's gesetzen. d.h., alles, was schiefgehen kann, geht auch schief ... hab mehrere nächte nur stundenweise geschlafen...
ich bin froh, wenn du mir weiterhilfst - natürlich ist der trojaner noch nicht weg. aber da ich den rechner im moment nicht unbedingt brauche, bitte ich dich, dass du den thread noch bibs sonntsg in deinem postfach lässt, wenn das geht. ich hatte nämlich zum zeitpunkt des 'befalls' eine 2 TB externe festplatte mit all meinen wichtigen fotos am pc hängen, um ein backup der neuesten zu machen. und wenn's geht, würde ich die bilder (ca. 2 jahre) gerne retten. auch die noch nicht gesicherten.
deshalb möchte ich, wenn's irgendwie geht, den rechner nicht neu aufsetzen müssen ))

bin momentan echt am limit, aber sobald die eröffnung vorbei ist, müsste es gehen.

danke und lg
marion

Alt 22.05.2013, 12:18   #9
ryder
/// TB-Ausbilder
 
System Care AV - Standard

System Care AV



In Ordnung.


Unterbrechung
Du hast mir mitgeteilt, dass du für mehr als 2 Tage nicht antworten kannst.
Ich werde daher jetzt mein Abo für dieses Thema löschen.
Sobald du hier geantwortet hast schreibe mir bitte eine kurze Notiz per PM mit Link hierher zu deinem Thema, damit wir weiter machen können.

Alle anderen User: Neues Thema eröffnen
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 28.05.2013, 20:01   #10
ryder
/// TB-Ausbilder
 
System Care AV - Standard

System Care AV



Logfiles bitte.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 28.05.2013, 22:02   #11
vivtane
 
System Care AV - Standard

System Care AV



ok, ich versuch*s nochmal...

JavaRa_1
Code:
ATTFilter
JavaRa 2.0 loaded without incident. Checking system...
User initialised redundant data purge.
......................

Removed registry subkey: java.exe
Removed registry subkey: javaw.exe
Removed registry subkey tree: JavaPlugin.FamilyVersionSupport
Removed registry subkey tree: {CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0038-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0034-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0036-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
Removed registry subkey tree: {E19F9331-3110-11D4-991C-005004D3B3DB}
Removed registry subkey: application/x-java-applet;version=1.6
Removed registry subkey tree: {CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}
Removed registry subkey tree: JavaPlugin
Removed registry subkey tree: JavaWebStart.isInstalled.1.6.0.0
Removed registry subkey: 1.6
Removed registry subkey: 1.0.1
Removed registry subkey: 1.0.1_02
Removed registry subkey: 1.0.1_03
Removed registry subkey: 1.0.1_04
Removed registry subkey: 1.2
Removed registry subkey: 1.2.0_01
Removed registry subkey: {08B0E5C0-4FCB-11CF-AAA5-00401C608500}
Removed registry subkey: 0357E4991DA5FF14F9615B3412062B06
Removed registry subkey: 0357E4991DA5FF14F9615B3612062B06
Removed registry subkey: application/x-java-applet;version=1.1
Removed registry subkey: application/x-java-applet;version=1.1.1
Removed registry subkey: application/x-java-applet;version=1.1.2
Removed registry subkey: application/x-java-applet;version=1.1.3
Removed registry subkey: application/x-java-applet;version=1.2
Removed registry subkey: application/x-java-applet;version=1.2.1
Removed registry subkey: application/x-java-applet;version=1.3
Removed registry subkey: application/x-java-applet;version=1.3.1
Removed registry subkey: application/x-java-applet;version=1.4
Removed registry subkey: application/x-java-applet;version=1.4.1
Removed registry subkey: application/x-java-applet;version=1.4.2
Removed registry subkey: application/x-java-applet;version=1.5
Removal routine completed successfully. 663 items have been deleted.
         
JavaRa_2

Code:
ATTFilter
JavaRa 2.0 loaded without incident. Checking system...
== Cleaning JRE temporary files ==
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a491a18
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a491a18.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a491a18-n\decora-d3d.dll
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a491a18-n\decora-sse.dll
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-69d73d2e
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-69d73d2e.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-69d73d2e-n\jmc.dll
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-69d73d2e-n\msvcp71.dll
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-69d73d2e-n\msvcr71.dll
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-136c3bd0.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-3d393b87.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-4d4df2ed
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-4d4df2ed.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-72d93ad5.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-737bec0b
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-737bec0b.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\3\1cfa1583-628ddced
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\3\1cfa1583-628ddced.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\26\457dee9a-4fbb43fe
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\26\457dee9a-4fbb43fe.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\11\21e928cb-5f69af99
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\11\21e928cb-5f69af99.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\lastAccessed
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\splash\splash.xml
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\13ed8b09-5cb391d9
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\13ed8b09-5cb391d9.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\7ceccf09-5b27d781
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\7ceccf09-5b27d781.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\3127dcc8-43f2113d
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\3127dcc8-43f2113d.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\622992c8-70ba8562
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\622992c8-70ba8562.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\6bf473c8-1096871f
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\6bf473c8-1096871f.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\5ec42607-67fa7db5
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\5ec42607-67fa7db5.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\6b0aec7-2f1d1f9d
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\6b0aec7-2f1d1f9d.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\7d365a07-1f46d9c9
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\7d365a07-1f46d9c9.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\1148e0bf-3b6a937b
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\1148e0bf-3b6a937b.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\55cd3ffd-3d4ee155
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\55cd3ffd-3d4ee155.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\3d99706-498ce986
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\3d99706-498ce986.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\23871bfb-4d38911f
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\23871bfb-4d38911f.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\25f5deba-33cc2622
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\25f5deba-33cc2622.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\44db50fa-46f6c071
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\44db50fa-46f6c071.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7fe6b739-14f6e4e5
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7fe6b739-14f6e4e5.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\62552ab8-43aa24c0
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\62552ab8-43aa24c0.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\254bdf77-7cb79395
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\254bdf77-7cb79395.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\37837377-23d254fd
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\37837377-23d254fd.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\65412537-50596eeb
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\65412537-50596eeb.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\19044276-745d1143
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\19044276-745d1143.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\502518f5-60c360cc
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\502518f5-60c360cc.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\27a522f4-258d2d83
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\461006b4-3f91813f
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\461006b4-3f91813f.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\52674ff4-110d4406
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\52674ff4-110d4406.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\51f170b3-125402e9
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\51f170b3-125402e9.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\4a4bae32-2bcb19f3
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\4a4bae32-2bcb19f3.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\6ffaaeb2-68f2ade9
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\6ffaaeb2-68f2ade9.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1b6eacc5-4bea21e2
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1b6eacc5-4bea21e2.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\d3f8c31-572a64bc
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\d3f8c31-572a64bc.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\f16d0b1-3e35a018
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\f16d0b1-3e35a018.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\38c6a4af-1462fbee
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\38c6a4af-1462fbee.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\53522f6e-2e3f64ed
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\53522f6e-2e3f64ed.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\66deeeee-6154e9f1
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\66deeeee-6154e9f1.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\170f0e6d-347022c8
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\170f0e6d-347022c8.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\4255daed-163e0034
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\4255daed-163e0034.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\33ab83ec-15bd0b67
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\33ab83ec-15bd0b67.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\4670ceab-1ede2651
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\4670ceab-1ede2651.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\832652b-1045b5ee
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\832652b-1045b5ee.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\10c3606a-3e28411e
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\10c3606a-3e28411e.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\1ad0696a-7941bfb0
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\1ad0696a-7941bfb0.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\2812ea-67ae0c04
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\2812ea-67ae0c04.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\4941b7aa-55925ad1
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\4941b7aa-55925ad1.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\4941b7aa-6e9fe87e
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\4941b7aa-6e9fe87e.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\52281329-20a8e1ef
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\52281329-20a8e1ef.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\441b8028-2fb15ba5
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\441b8028-2fb15ba5.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\4ef1a5a8-73eee04c
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\4ef1a5a8-73eee04c.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\708c79a8-23f2212a
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\708c79a8-23f2212a.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\44036ca7-1838c2d2
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\44036ca7-1838c2d2.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\4afc27e7-46ad86dc
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\4afc27e7-46ad86dc.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\4d328f67-1a83e221
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\4d328f67-1a83e221.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\90f3e27-6431ee55
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\90f3e27-6431ee55.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\28a82066-7210a40a
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\28a82066-7210a40a.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\633f9a6-6ee597f6
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\633f9a6-6ee597f6.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\67661e66-4dd0b977
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\67661e66-4dd0b977.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\744fdba6-4215671d
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\744fdba6-4215671d.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\4d923865-7f3b7592
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\4d923865-7f3b7592.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\770cd925-3901574f
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\770cd925-3901574f.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\2471d164-7a8da1dc
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\2471d164-7a8da1dc.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4af45a24-4c180334
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4af45a24-4c180334.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\11e77e23-22f01d01
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\11e77e23-22f01d01.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\3afdaae3-4e1ddb39
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\3afdaae3-4e1ddb39.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\6a9a163-66da45c6
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\6a9a163-66da45c6.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\31b89a1-372809fd
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\31b89a1-372809fd.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\74563ea1-6c522e73
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\74563ea1-6c522e73.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7edb6a61-6d206ade
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7edb6a61-6d206ade.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4bf6c9e0-42bc3608
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4bf6c9e0-42bc3608.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\42d1f983-59ab3dad
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\42d1f983-59ab3dad.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\42e69d1c-5831747a
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\42e69d1c-5831747a.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\4e482dc-7d32878d
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\4e482dc-7d32878d.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\50a6069c-69a4fb44
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\50a6069c-69a4fb44.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\5d90725c-2e162c9e
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\5d90725c-2e162c9e.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\1ba2a8db-28d04763
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\1ba2a8db-28d04763.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\48c967db-7229047b
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\48c967db-7229047b.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\6d214e1b-363ab5a5
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\6d214e1b-363ab5a5.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\1324e85a-54d9fbf0
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\1324e85a-54d9fbf0.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\1e8d421a-6ef888ea
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\1e8d421a-6ef888ea.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\4fe463da-1aacd0c0
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\4fe463da-1aacd0c0.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\28113b98-62d30cf3
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\28113b98-62d30cf3.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\3605ac98-3daa30ff
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\3605ac98-3daa30ff.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\62d2c1d8-293815ac
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\62d2c1d8-293815ac.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\75f1358-512bd528
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\75f1358-512bd528.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\6b420517-26f036f0
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\6b420517-26f036f0.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\19d58f56-1d48cc03
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\19d58f56-1d48cc03.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\23e35096-4f1913c0
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\23e35096-4f1913c0.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\11229155-17a8ad46
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\11229155-17a8ad46.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\2d0146d5-241c47be
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\2d0146d5-241c47be.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\66e00314-7a37d41c
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\66e00314-7a37d41c.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\16b6ae42-6c3a4289
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\16b6ae42-6c3a4289.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\3ea05f42-35fef378
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\3ea05f42-35fef378.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\4e350cc2-14b54606
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\4e350cc2-14b54606.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\b15f8c2-7b471b39
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\b15f8c2-7b471b39.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\dc4b602-3e448a9c
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\dc4b602-3e448a9c.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\1afdfbd3-5c878f5c
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\1afdfbd3-5c878f5c.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\250d9653-6259dc72
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\250d9653-6259dc72.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\18c102d2-7afc92de
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\18c102d2-7afc92de.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1f1067d2-51cce706
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1f1067d2-51cce706.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\26d1952-12bd2869
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\26d1952-12bd2869.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\49692ed2-321068f2
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\49692ed2-321068f2.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\61f5ba52-1caf887c
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\61f5ba52-1caf887c.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\64905fd2-25a1c2bb-0308.0004.2010.0802-
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\64905fd2-25a1c2bb-0308.0004.2010.0802-.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7354cc12-45364ac6
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7354cc12-45364ac6.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7354cc12-6ba3d219
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7354cc12-6ba3d219.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\1ec0f751-27dc82e7
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\1ec0f751-27dc82e7.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\6643d2d0-329246b7
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\6643d2d0-329246b7.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\17197ccf-776c063b
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\17197ccf-776c063b.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\58c21f8f-26807c8e
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\58c21f8f-26807c8e.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\7d71f7cf-2c78b4a9
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\7d71f7cf-2c78b4a9.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\54fb9fce-757f6137
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\54fb9fce-757f6137.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\7a96a58e-705e8690
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\7a96a58e-705e8690.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2250e68c-7e297736
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2250e68c-7e297736.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2666d2cc-77ceac30
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2666d2cc-77ceac30.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2cb3c10c-5d0bbad1
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2cb3c10c-5d0bbad1.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\7defbc4c-1ef7ff79
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\7defbc4c-1ef7ff79.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\48fa33cb-773c71ee
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\48fa33cb-773c71ee.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\6730200b-7ea5c1a6
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\6730200b-7ea5c1a6.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\234aae0a-10e68e94
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\234aae0a-10e68e94.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\4f64a50a-5b80d512
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\4f64a50a-5b80d512.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\40789781-5605bca0
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\40789781-5605bca0.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\469c2c81-1fec7702
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\469c2c81-1fec7702.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cf26a81-74e5f43f
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cf26a81-74e5f43f.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\518d0941-1412fc23
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\518d0941-1412fc23.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\5b7b3701-7eae7fad
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\5b7b3701-7eae7fad.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\d454d01-598a78b0
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\d454d01-598a78b0.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\2eea0280-25058207
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\2eea0280-25058207.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\53877140-4fa7840b
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\53877140-4fa7840b.idx
         
JavaRa_3

Code:
ATTFilter
JavaRa 2.0 loaded without incident. Checking system...
User initialised redundant data purge.
......................

Removed registry subkey tree: {CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0014-0002-0038-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0034-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB}
Removed registry subkey tree: {CAFEEFAC-0015-0000-0036-ABCDEFFEDCBC}
Removed registry subkey tree: {CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}
Removed registry subkey tree: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}
Removal routine completed successfully. 105 items have been deleted.
         
JavaRa_4

Code:
ATTFilter
JavaRa 2.0 loaded without incident. Checking system...
Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
== Cleaning JRE temporary files ==
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a491a18
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a491a18.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a491a18-n\decora-d3d.dll
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a491a18-n\decora-sse.dll
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-69d73d2e
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-69d73d2e.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-69d73d2e-n\jmc.dll
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-69d73d2e-n\msvcp71.dll
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-69d73d2e-n\msvcr71.dll
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-136c3bd0.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-3d393b87.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-4d4df2ed
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-4d4df2ed.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-72d93ad5.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-737bec0b
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-737bec0b.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\3\1cfa1583-628ddced
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\3\1cfa1583-628ddced.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\26\457dee9a-4fbb43fe
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\26\457dee9a-4fbb43fe.idx
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\11\21e928cb-5f69af99
Deleted file: C:\Users\vivtane\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\11\21e928cb-5f69af99.idx
         
JavaRa_5

Code:
ATTFilter
JavaRa 2.0 loaded without incident. Checking system...
Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
User initialised redundant data purge.
......................

Removal routine completed successfully. 0 items have been deleted.
         
AdwCleaner_1 (2013_05_20, vor JavaRa)

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 20/05/2013 um 22:54:50 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : vivtane - GEPARD
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\vivtane\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Ordner Gelöscht : C:\Users\vivtane\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\vivtane\AppData\Roaming\dvdvideosoftiehelpers

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\vivtane\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2177 octets] - [20/05/2013 22:54:50]

########## EOF - C:\AdwCleaner[S1].txt - [2237 octets] ##########
         
--- --- ---

[/CODE]

AdwCleaner_2 (2013_05_20, vor JavaRa)

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 20/05/2013 um 23:00:30 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : vivtane - GEPARD
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\vivtane\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\vivtane\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2306 octets] - [20/05/2013 22:54:50]
AdwCleaner[S2].txt - [818 octets] - [20/05/2013 23:00:30]

########## EOF - C:\AdwCleaner[S2].txt - [877 octets] ##########
         
--- --- ---

[/CODE]

AdCleaner_3 (2013_05_20, vor JavaRa)

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 20/05/2013 um 23:03:18 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : vivtane - GEPARD
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\vivtane\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\vivtane\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2306 octets] - [20/05/2013 22:54:50]
AdwCleaner[S2].txt - [945 octets] - [20/05/2013 23:00:30]
AdwCleaner[S3].txt - [877 octets] - [20/05/2013 23:03:18]

########## EOF - C:\AdwCleaner[S3].txt - [936 octets] ##########
         
--- --- ---

[/CODE]

AdwCleaner_4 (heute, nach JavaRa)

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 28/05/2013 um 13:01:44 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : vivtane - GEPARD
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\vivtane\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\vivtane\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2306 octets] - [20/05/2013 22:54:50]
AdwCleaner[S2].txt - [945 octets] - [20/05/2013 23:00:30]
AdwCleaner[S3].txt - [1004 octets] - [20/05/2013 23:03:18]
AdwCleaner[S4].txt - [937 octets] - [28/05/2013 13:01:44]

########## EOF - C:\AdwCleaner[S4].txt - [996 octets] ##########
         
--- --- ---

[/CODE]

Alt 28.05.2013, 22:18   #12
ryder
/// TB-Ausbilder
 
System Care AV - Standard

System Care AV



Und Combofix?
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 28.05.2013, 22:18   #13
vivtane
 
System Care AV - Standard

System Care AV



AdwCleaner_5 (heute, nach JavaRa)

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 28/05/2013 um 13:09:14 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : vivtane - GEPARD
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\vivtane\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\vivtane\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2306 octets] - [20/05/2013 22:54:50]
AdwCleaner[S2].txt - [945 octets] - [20/05/2013 23:00:30]
AdwCleaner[S3].txt - [1004 octets] - [20/05/2013 23:03:18]
AdwCleaner[S4].txt - [1064 octets] - [28/05/2013 13:01:44]
AdwCleaner[S5].txt - [997 octets] - [28/05/2013 13:09:14]

########## EOF - C:\AdwCleaner[S5].txt - [1056 octets] ##########
         
--- --- ---

[/CODE]

ComboFix (heute, nach JavaRa, AdwCleaner)

Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-05-28.02 - vivtane 28.05.2013  13:35:20.3.4 - x86 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.3071.2546 [GMT 2:00]
ausgeführt von:: c:\users\vivtane\Desktop\ComboFix.exe
AV: BullGuard Antivirus *Disabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
FW: BullGuard Firewall *Disabled* {68747E43-7A47-EA26-053F-CB84640E3E67}
SP: BullGuard Antispyware *Disabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
 ADS - Windows: deleted 0 bytes in 1 streams. 
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-28 bis 2013-05-28  ))))))))))))))))))))))))))))))
.
.
2013-05-28 11:46 . 2013-05-28 11:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-20 21:24 . 2013-05-28 11:46	--------	d-----w-	c:\users\vivtane\AppData\Local\temp
2013-05-17 13:58 . 2013-05-13 23:49	7016152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{121BB21D-8F4E-4FE9-8BD3-EE5B65455CA4}\mpengine.dll
2013-05-16 01:04 . 2013-05-05 19:12	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-15 03:26 . 2013-03-19 04:53	186368	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-15 03:26 . 2013-03-19 03:33	40960	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-15 03:26 . 2013-04-10 03:14	2347520	----a-w-	c:\windows\system32\win32k.sys
2013-05-15 03:25 . 2013-04-10 05:18	728424	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 03:25 . 2013-04-10 05:18	218984	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 03:25 . 2013-02-27 05:05	101720	----a-w-	c:\windows\system32\consent.exe
2013-05-15 03:25 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\system32\authui.dll
2013-05-15 03:25 . 2013-02-27 04:49	47104	----a-w-	c:\windows\system32\appinfo.dll
2013-05-10 07:57 . 2013-05-10 07:57	49728	----a-w-	c:\windows\system32\AdobePDF.dll
2013-05-10 07:57 . 2013-05-10 07:57	25160	----a-w-	c:\windows\system32\AdobePDFUI.dll
2013-05-08 12:13 . 2013-05-08 12:13	--------	d-----w-	c:\users\vivtane\.android
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-19 14:32 . 2012-10-28 20:25	473520	----a-w-	c:\windows\system32\deployJava1.dll
2013-05-19 14:32 . 2012-07-07 12:03	477616	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-05-15 14:04 . 2012-04-02 18:13	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-15 14:04 . 2011-06-18 12:37	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2010-02-17 00:29	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-15 03:26	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 03:26	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 00:26	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-03-19 05:04 . 2013-04-10 00:01	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 00:01	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 00:01	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 00:01	69632	----a-w-	c:\windows\system32\smss.exe
2009-11-17 13:01 . 2010-04-09 00:50	1456640	----a-w-	c:\program files\Common Files\Falk Navi-Manager.msi
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Uploader"="c:\program files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe" [2012-07-02 120496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrayServer"="c:\progra~1\MAGIX\VIDEO_~1\TrayServer.exe" [2008-01-17 90112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"DBAgent"="c:\program files\Seagate\Seagate Dashboard 2.0\DBAgent.exe" [2012-07-02 1454216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-10 958576]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
.
R1 aiptektp;HyperPen;c:\windows\system32\DRIVERS\aiptektp.sys [x]
R1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [x]
R1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys [x]
R1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys [x]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
R2 BsBhvScan;BullGuard behavioural detection service;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [x]
R2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe [x]
R2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [x]
R2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe [x]
R2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [x]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [x]
R2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
R3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys [x]
R3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 BgRaSvc;BgRaSvc;c:\program files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [x]
R3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [x]
R3 SAFAUSB;Voice Tracer Comm. driver;c:\windows\system32\Drivers\VocTrace.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [x]
S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [x]
S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [x]
S3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BdFileSpy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
BullGuard_Main	REG_MULTI_SZ   	BsMain
BullGuard	REG_MULTI_SZ   	BsFileScan BsMailProxy BsFire
BullGuard_LowPriv	REG_MULTI_SZ   	BsBrowser
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 07:59	1642448	----a-w-	c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 14:04]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-19 09:39]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-19 09:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4
LSP: c:\windows\system32\BGLsp.dll
TCP: Interfaces\{1C1DAF90-64FA-41FF-8DB2-0A69EC4AE8F4}: NameServer = 213.33.99.70,80.120.17.70
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} - hxxps://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-28  13:48:52
ComboFix-quarantined-files.txt  2013-05-28 11:48
ComboFix2.txt  2013-05-20 21:24
ComboFix3.txt  2013-05-20 11:20
.
Vor Suchlauf: 17 Verzeichnis(se), 33.381.601.280 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 33.311.686.656 Bytes frei
.
- - End Of File - - D54F529FEDFD2E4A47B931370E7A0F25
         
--- --- ---

Alt 29.05.2013, 15:18   #14
ryder
/// TB-Ausbilder
 
System Care AV - Standard

System Care AV



Gut!

Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten.

Schritt 1:
Quick-Scan mit Malwarebytes
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 2:

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte poste das Logfile hier oder teile mir mit, dass nichts gefunden wurde.
Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!

Schritt 3:
Scan mit SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 30.05.2013, 09:11   #15
vivtane
 
System Care AV - Standard

System Care AV



Hallo ryder,

Malwarebytes hat noch ein file gefunden - der Ordner C:\Qoobox gehört zu Combofix, oder?
Eset hat nichts gefunden.
Securitycheck zeigt die kaputte Java-Installation an, die ich auch mit JavaRa nicht entfenen konnte, habe noch keine neue/funktionierende JRE installiert.
Die Bulluard-Firewall und den Spamfilter kann ich (wg. des abgesicherten Modus?) nicht einschalten, Virenscanner geht.

Defogger ist auch noch aktiv.

Wie geht's jetzt weiter?

Lg Marion


Malwarebytes
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.29.06

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
vivtane :: GEPARD [Administrator]

29.05.2013 20:28:27
mbam-log-2013-05-29 (20-28-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|J:\|K:\|L:\|M:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 665026
Laufzeit: 2 Stunde(n), 10 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Qoobox\Quarantine\C\ProgramData\C68E63B821852AA90000C68D9D303055\C68E63B821852AA90000C68D9D303055.exe.vir (Trojan.FakeAlert.RRE) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Security Check

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
BullGuard Antivirus   
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 45  
 Java version out of Date! 
 Adobe Flash Player 	11.7.700.202  
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 windows defender MpCmdRun.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Geändert von vivtane (30.05.2013 um 09:13 Uhr) Grund: code-tag nicht geschlossen

Antwort

Themen zu System Care AV
autorun, bho, bingbar, blockiert, bonjour, converter, ebay, error, firefox, flash player, format, ftp, home, homepage, hängen, logfile, mp3, netzwerk, plug-in, reaktivieren, registry, scan, schannel.dll, security, server, software, system, system care, system care av, trojaner, windows




Ähnliche Themen: System Care AV


  1. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 16.12.2013 (22)
  2. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (4)
  3. System Care Antivirus im System
    Log-Analyse und Auswertung - 16.08.2013 (9)
  4. System Care Antivirus was tun?
    Plagegeister aller Art und deren Bekämpfung - 09.08.2013 (3)
  5. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (25)
  6. System Care Antivirus auf PC
    Plagegeister aller Art und deren Bekämpfung - 20.07.2013 (10)
  7. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (15)
  8. System Care Antivirus
    Log-Analyse und Auswertung - 25.06.2013 (33)
  9. System Care Antivirus
    Log-Analyse und Auswertung - 23.06.2013 (9)
  10. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (70)
  11. System Care Antivirus-OTL Log
    Log-Analyse und Auswertung - 31.05.2013 (15)
  12. System Care AV
    Plagegeister aller Art und deren Bekämpfung - 17.05.2013 (11)
  13. System Care Antivir
    Log-Analyse und Auswertung - 09.05.2013 (13)
  14. System Care Antivirus Win XP
    Plagegeister aller Art und deren Bekämpfung - 03.05.2013 (11)
  15. System Care Antivirus Win XP
    Mülltonne - 01.05.2013 (1)
  16. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 19.04.2013 (1)

Zum Thema System Care AV - Hi, ich habe mir gestern den System Care AV eingefangen (PC, Win7, 32-bit, Bullguard) und, da der Task-Manager blockiert war, versucht, es zu deinstallieren. Das sah zunächst ok aus, ich - System Care AV...
Archiv
Du betrachtest: System Care AV auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.