Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 22.05.2014, 12:26   #1
ichmoechtauc
 
Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll - Standard

Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll



Hallo,

ich habe mal spaßeshalber einen vollständigen Scan mit MS Essentials gemacht und es wurde was gefunden.
Angeblich wurde der PC neu aufgesetzt, nachdem es mal Probleme gab. Ich habe diesen Rechner gerade ausgeborgt bekommen und bin selbst viel zu paranoid, um irgendwelche heruntergeladenen Sachen anzupacken. Firefox (bzw. jetzt Aurora, Beta) ist mittels Noscript und Adblockplus gesichert. Ich habe mir einen Nicht-Admin-Nutzer angelegt. Es muss also vorher darauf gewesen sein oder nach Neuaufsetzen doch wieder was neues passiert sein, was aber mehr als 1 Jahr her ist. Ich habe außerdem ...Windows/prefetch verschoben, um zu sehen, was dort nach dem nächsten Start wieder auftaucht. Die alten Dateien sind dort von 2010...
Achja, und die Firewallausnahmen hab ich noch reduziert, aber da schien a) nicht alles aufgeführt und b) nichts böses zu sein (habe Ditto und Spotify und Remoteunterstützung entfernt)

Bumat!rts -> Quarantäne
file:C:\Users\User\AppData\Roaming\5053\components\AcroFF6.dll

Bafi.A -> "gelöscht"
file:C:\Users\User\AppData\Roaming\5053\components\AcroFF.dll
file:C:\Users\User\AppData\Roaming\5053\components\AcroFF0.dll
file:C:\Users\User\AppData\Roaming\5053\components\AcroFF7.dll
file:C:\Users\User\AppData\Roaming\5053\components\AcroFF8.dll
file:C:\Users\User\AppData\Roaming\5054\components\AcroFF054.dll
file:C:\Users\User\AppData\Roaming\5054\components\AcroFF0540.dll
file:C:\Users\User\AppData\Roaming\5054\components\AcroFF0545.dll
file:C:\Users\User\AppData\Roaming\5054\components\AcroFF0546.dll
file:C:\Users\User\AppData\Roaming\5054\components\AcroFF0547.dll
file:C:\Users\User\AppData\Roaming\5054\components\AcroFF0548.dll

Bafi.D -> "gelöscht"
file:C:\Users\User\AppData\Roaming\AcroIEHelpe.dll

Brantall.C -> "gelöscht"
file:C:\$Recycle.Bin\...\ssk_claro.exe

Da ja das Löschen von Trojanern heute nicht mehr so einfach ist, ich mir aber den Ärger einer Neuinstallation sparen möchte, wende ich mich an euch.

OTL mit den Settings aus einem anderen Thread (AcroFF*.dll), also Minimal Output, Extra Registry Use Safelist. Zusätzlich habe ich Datei-Alter auf 360 Tage gesetzt und Scanne alle Benutzer ausgewählt. Meine Frage wäre, ob ich noch ein anderes Antivirusprogramm nutzen muss, weil in eurer Log-Liste M$ Essentials nicht auftaucht. Malwarebytes' Anti Malware wäre dann meine Wahl

OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.05.2014 13:10:45 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*Nutzer2-nonadmin*\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 44,25% Memory free
6,20 Gb Paging File | 4,79 Gb Available in Paging File | 77,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 295,79 Gb Total Space | 180,43 Gb Free Space | 61,00% Space Free | Partition Type: NTFS
 
Computer Name: pcname | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*Nutzer2-nonadmin*\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Notepadpp\notepad++.exe (Don HO don.h@free.fr)
PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder\phonostarTimer.exe ()
PRC - C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
PRC - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ce6c051500f9e64025b58921cc632f51\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fbf434299b068c463296945c12845734\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\73726634ae4a00a21279a6a66b081301\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d17ceca243fabda73eefb21d9bd072df\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f87e71868aedbc6c4e8fe7160d17c4ab\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\07d57714fff9db216537473f4a777f22\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d981bccab40fbbdc1d35bf2a58c947b7\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dll ()
MOD - C:\Program Files\Notepadpp\plugins\NppFTP.dll ()
MOD - C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder\phonostarTimer.exe ()
MOD - C:\Program Files\Notepadpp\plugins\NppExport.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TemproMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (huawei_ext_ctrl) -- system32\DRIVERS\ew_juextctrl.sys File not found
DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found
DRV - (huawei_cdcecm) -- system32\DRIVERS\ew_jucdcecm.sys File not found
DRV - (huawei_cdcacm) -- system32\DRIVERS\ew_jucdcacm.sys File not found
DRV - (ew_usbenumfilter) -- system32\DRIVERS\ew_usbenumfilter.sys File not found
DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found
DRV - (ENTECH) -- C:\Windows\system32\DRIVERS\ENTECH.sys File not found
DRV - (MpKsl44b073e6) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FAB0CEBA-40FA-42DE-A594-958068AC8094}\MpKsl44b073e6.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (QIOMem) -- C:\Windows\System32\drivers\QIOMem.sys (TOSHIBA)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 03 EB EC 9B 7E CD 01  [binary data]
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\..\SearchScopes\{9DF002E3-B996-4600-858A-B63E2D74FB66}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1001\..\SearchScopes,DefaultScope = {8E07EE6C-A3D4-4FAA-990C-FF532FE46153}
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1001\..\SearchScopes\{8E07EE6C-A3D4-4FAA-990C-FF532FE46153}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A010DE739&p={SearchTerms}
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014.05.05 23:57:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.05.05 23:57:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\User\AppData\Roaming\5054 [2011.12.09 12:35:15 | 000,000,000 | ---D | M]
 
[2010.09.14 18:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2014.04.18 13:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\o3cx0grh.default-1397302169899\extensions
[2014.05.05 23:57:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.05.05 23:58:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.05.19 22:04:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2014.05.19 22:05:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: McAfee (Enabled)
CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: AT_AgathaRuizdelaPrada = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccdaldnlpmblnjpbboadeocpnclfcbm\2_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe ()
O4 - HKU\S-1-5-21-3063606764-1177351860-3295820248-1001..\Run: [dradio-RecorderTimer] C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder\phonostarTimer.exe ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F44477E-CBE7-4BEA-AEB0-4BA2C7E7641A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46223214-E621-41AA-94EE-F9CE6C03F984}: DhcpNameServer = 83.169.186.97 83.169.186.33
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{361b7cc1-2b22-11e3-ba03-001e685fb673}\Shell - "" = AutoRun
O33 - MountPoints2\{361b7cc1-2b22-11e3-ba03-001e685fb673}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7dec3415-bc19-11df-863f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7dec3415-bc19-11df-863f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{95a712e7-3a24-11e2-abc2-001e685fb673}\Shell - "" = AutoRun
O33 - MountPoints2\{95a712e7-3a24-11e2-abc2-001e685fb673}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{d24006bf-29ea-11e3-bc5b-001e685fb673}\Shell - "" = AutoRun
O33 - MountPoints2\{d24006bf-29ea-11e3-bc5b-001e685fb673}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d24006ec-29ea-11e3-bc5b-001e685fb673}\Shell - "" = AutoRun
O33 - MountPoints2\{d24006ec-29ea-11e3-bc5b-001e685fb673}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 360 Days ==========
 
[2014.05.22 11:47:26 | 000,000,000 | ---D | C] -- C:\oldprefetch
[2014.05.19 21:50:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Ditto
[2014.05.17 00:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014.05.17 00:18:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.05.14 02:36:09 | 017,352,880 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2014.05.13 15:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Autohotkey
[2014.05.13 15:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto
[2014.05.13 15:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ditto
[2014.05.12 12:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2014.05.12 11:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\mp3directcut
[2014.05.10 10:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Notepadpp
[2014.05.05 23:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.04.18 13:42:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\vlc
[2014.04.16 11:14:03 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014.04.16 10:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014.04.16 10:08:22 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014.04.13 18:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014.04.13 18:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2014.04.13 16:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
[2014.04.13 16:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\LibreOffice 4
[2014.04.12 13:39:35 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014.04.12 13:35:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014.04.12 13:35:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.04.12 13:35:13 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.04.12 13:35:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.04.12 13:35:11 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.04.12 13:35:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014.04.12 13:35:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.04.12 13:29:40 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Alte Firefox-Daten
[2014.04.12 12:35:42 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014.04.12 12:35:38 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014.04.12 12:35:10 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2014.04.12 12:29:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014.03.31 22:46:48 | 001,070,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2014.03.31 22:46:48 | 000,130,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL
[2014.03.11 09:52:30 | 000,104,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys
[2014.01.16 02:40:14 | 000,487,016 | ---- | C] (McAfee, Inc.) -- C:\SecurityScanner.dll
[2013.12.11 22:24:09 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2013.12.11 22:24:09 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013.12.11 22:24:09 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013.12.11 22:24:05 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013.12.11 22:24:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2013.11.14 19:15:44 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013.10.24 23:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2013.10.18 14:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineUpdate
[2013.10.18 14:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\log
[2013.10.10 18:27:03 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.10.10 18:27:03 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.10.10 18:27:03 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.10.10 18:27:03 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.10.10 18:27:03 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.10.10 18:27:03 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.10.10 18:27:03 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.10.10 18:27:03 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.10.10 18:27:01 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.10.10 18:26:59 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013.10.10 18:26:46 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013.10.10 18:26:46 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013.10.10 18:26:41 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013.10.10 18:26:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.10.10 18:26:38 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013.09.30 18:17:21 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2013.09.30 18:17:21 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfCoInstaller01007.dll
[2013.09.30 18:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2013.09.29 16:07:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013.09.29 15:37:33 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.09.29 15:37:33 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.09.29 15:37:31 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013.09.29 15:28:50 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013.09.29 15:28:21 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013.09.29 15:28:21 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013.09.11 21:21:54 | 000,863,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr110_clr0400.dll
[2013.09.11 21:21:54 | 000,501,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp110_clr0400.dll
[2013.09.11 21:21:54 | 000,028,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aspnet_counters.dll
[2013.09.11 21:21:54 | 000,018,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100_clr0400.dll
[2013.06.27 21:52:00 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\User\AppData\Roaming\*.tmp files -> C:\Users\User\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 360 Days ==========
 
[2014.05.22 12:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.05.22 12:31:18 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000UA.job
[2014.05.22 12:31:18 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000Core.job
[2014.05.22 12:14:56 | 000,004,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014.05.22 12:14:56 | 000,004,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014.05.22 10:34:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.05.22 01:40:46 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2014.05.14 02:36:21 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.05.14 02:36:21 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014.05.14 02:36:11 | 017,352,880 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2014.05.12 12:39:48 | 000,152,139 | ---- | M] () -- C:\Users\User\Documents\usbnormal
[2014.05.12 11:27:34 | 000,000,812 | ---- | M] () -- C:\Users\User\Desktop\mp3DirectCut.lnk
[2014.05.12 11:24:25 | 000,674,274 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2014.05.12 11:24:25 | 000,634,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.05.12 11:24:25 | 000,146,254 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2014.05.12 11:24:25 | 000,120,050 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.05.06 01:14:12 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.04.16 10:10:28 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014.04.13 23:46:54 | 000,001,429 | ---- | M] () -- C:\Users\User\Desktop\DivX Movies.lnk
[2014.04.13 22:45:47 | 000,342,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.04.13 17:27:06 | 000,000,033 | ---- | M] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2014.04.13 16:48:06 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.2.lnk
[2014.04.12 13:38:19 | 000,001,626 | ---- | M] () -- C:\Windows\wininit.ini
[2014.04.12 13:27:02 | 000,000,314 | ---- | M] () -- C:\Windows\SIERRA.INI
[2014.04.12 12:42:49 | 000,002,065 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2014.04.12 12:18:06 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini
[2014.03.31 22:46:48 | 001,070,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2014.03.31 22:46:48 | 000,130,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL
[2014.03.11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys
[2014.03.08 01:12:00 | 001,806,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.03.08 01:02:19 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.03.08 01:00:41 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014.03.08 00:59:00 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.03.08 00:57:17 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.03.08 00:54:48 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.03.08 00:47:04 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014.02.07 12:38:44 | 002,050,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014.01.30 09:46:58 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2014.01.19 09:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014.01.16 02:40:14 | 000,487,016 | ---- | M] (McAfee, Inc.) -- C:\SecurityScanner.dll
[2013.12.21 21:49:18 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.12.21 21:49:18 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.12.10 21:59:40 | 000,043,008 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2013.12.10 14:12:00 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2013.12.10 14:11:29 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2013.11.27 19:15:57 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.11.13 02:30:19 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013.10.30 04:13:01 | 001,304,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMALFXGFXDSP.dll
[2013.10.30 04:12:54 | 000,335,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2013.10.30 03:43:04 | 000,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013.10.30 02:43:06 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013.10.24 23:47:11 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.10.11 04:08:55 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2013.10.11 04:07:57 | 000,596,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013.10.11 02:39:37 | 000,218,228 | ---- | M] () -- C:\Windows\System32\WFP.TMF
[2013.10.11 02:35:42 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013.09.30 18:24:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
[2013.09.30 18:24:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf
[2013.09.30 18:24:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2013.09.30 18:19:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013.09.11 21:21:54 | 000,863,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr110_clr0400.dll
[2013.09.11 21:21:54 | 000,501,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp110_clr0400.dll
[2013.09.11 21:21:54 | 000,028,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aspnet_counters.dll
[2013.09.11 21:21:54 | 000,018,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr100_clr0400.dll
[2013.08.27 04:47:50 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.08.27 04:47:50 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.08.27 04:47:50 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.08.27 04:47:50 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.08.27 03:52:08 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.08.27 03:50:40 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.08.27 03:32:20 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.08.27 03:28:36 | 001,069,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.08.02 06:09:35 | 001,548,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013.08.01 04:49:15 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.07.20 12:44:53 | 000,102,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013.07.08 06:55:51 | 003,603,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.07.08 06:55:51 | 003,551,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.07.03 04:10:50 | 000,025,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013.06.29 04:07:01 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013.06.29 04:06:53 | 000,006,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013.06.04 06:16:35 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.06.04 03:49:59 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\User\AppData\Roaming\*.tmp files -> C:\Users\User\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.05.12 12:39:36 | 000,152,139 | ---- | C] () -- C:\Users\User\Documents\usbnormal
[2014.05.12 12:19:20 | 000,000,842 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2014.05.12 11:27:34 | 000,000,812 | ---- | C] () -- C:\Users\User\Desktop\mp3DirectCut.lnk
[2014.04.18 13:33:58 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2014.04.16 10:10:56 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014.04.16 10:10:28 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014.04.16 10:10:04 | 000,001,786 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014.04.13 23:46:54 | 000,001,429 | ---- | C] () -- C:\Users\User\Desktop\DivX Movies.lnk
[2014.04.13 17:27:06 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2014.04.13 16:48:06 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.2.lnk
[2013.12.10 14:12:00 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2013.12.10 14:11:29 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2013.11.14 19:15:44 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2013.10.24 23:47:11 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.09.30 18:24:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
[2013.09.30 18:24:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf
[2013.09.30 18:24:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2013.09.30 18:19:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013.02.11 21:47:51 | 001,962,048 | ---- | C] () -- C:\Users\User\thomashinzer_tiere_frolleinmotte2.pdf
[2013.02.06 17:46:37 | 001,134,012 | ---- | C] () -- C:\Users\User\Scan_Einladung.pdf
[2013.01.30 18:26:05 | 000,240,821 | ---- | C] () -- C:\Users\User\652_1359563058.pdf
[2012.11.12 21:32:54 | 019,018,640 | ---- | C] () -- C:\Users\User\Mohammed_Bouazizi.avi
[2012.11.06 20:37:38 | 001,198,648 | ---- | C] () -- C:\Users\User\betterads_local.exe.quarantaene
[2011.12.08 19:28:40 | 000,000,054 | ---- | C] () -- C:\Users\User\AppData\Roaming\blckdom.res
[2011.01.11 20:59:49 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.09.14 16:42:55 | 000,015,360 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.09 16:00:52 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 15:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


Extras:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.05.2014 13:10:45 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*Nutzer2-nonadmin*\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 44,25% Memory free
6,20 Gb Paging File | 4,79 Gb Available in Paging File | 77,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 295,79 Gb Total Space | 180,43 Gb Free Space | 61,00% Space Free | Partition Type: NTFS
 
Computer Name: pcname | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C5DE29F-79AF-4570-8BC2-FC6867506A92}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0D1F9EE8-7F4B-4366-94C5-2E033205A002}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{19633041-0D6D-4C18-A79C-86057B5D415C}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{19F0A652-CBBB-41D5-BEFA-78BD59C54F4F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{24E1A939-7BC9-4B16-A4C7-AF663BBB67B8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{33DDD471-9808-4F7F-8984-FE99AC8272A2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{3C9C8BF2-20F5-4B07-9B05-F46C9D7C9121}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{57A8E1D8-0AF4-4ADC-9AD3-712459492B9D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5B1D9701-4E6C-4CF6-9DE6-A72C6600FEC1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{63B9F6B1-7942-425B-9595-D34CA989CD33}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7DCE1CDD-7828-4CAD-8A20-0FC459AB91D9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{889917A7-7DFA-4E3E-9E79-7929461C1937}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B55E8332-6BE6-44A2-A530-0D9DB1B771BE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C7372943-83C8-4122-92D9-F765080900B3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EF06CBED-7619-400F-9B50-7844CD38A26A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F5322A0E-31A2-4328-B028-EA470BCE90AD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3416FE92-9112-4632-A9CC-210078E5B5B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{48B1C531-6E42-4791-93D0-9450A72E5C61}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{84CF93BE-9B4B-4669-B097-E1EB2B2B5249}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9AD1A2B5-AC78-45C1-B727-DE0830F931CD}" = protocol=6 | dir=in | app=d:\alicesetup.exe | 
"{A652F757-F69D-47D7-AE66-EC5D3DAFFC15}" = protocol=17 | dir=in | app=d:\alicesetup.exe | 
"{A65B63E8-4C0B-4DA6-B825-9BE35EE8D5D2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{DB0CCD4C-16F0-41A8-9CE5-2BA4841918E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{ED43CBDB-31A3-4EB0-ADAB-1D9F41A98C9F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{41627B4E-8D09-42E9-808C-E28423B60281}C:\program files\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files\yworks\yed\yed.exe | 
"TCP Query User{623E661E-ED3F-4EAC-B069-AE7ABBBD9DD4}C:\program files\ditto\ditto.exe" = protocol=6 | dir=in | app=c:\program files\ditto\ditto.exe | 
"TCP Query User{822A2EA3-E04F-4F94-A9F3-C6668B93F648}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{9EEB226F-E90D-4B2F-A3B9-9566F5A0C58A}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{DBC96856-12D5-4782-BE2F-DF24A9DA048F}C:\program files\libreoffice 4\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files\libreoffice 4\program\soffice.bin | 
"UDP Query User{0102041F-EED0-4159-8D62-B20B61870192}C:\program files\libreoffice 4\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files\libreoffice 4\program\soffice.bin | 
"UDP Query User{4E280A72-A64C-44ED-88F9-45F5526AA110}C:\program files\ditto\ditto.exe" = protocol=17 | dir=in | app=c:\program files\ditto\ditto.exe | 
"UDP Query User{9F8D2E98-C265-498B-B9E5-D445134C2F08}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{E51C47CF-74FD-4FD3-89ED-3C08BB3876EB}C:\program files\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files\yworks\yed\yed.exe | 
"UDP Query User{FE68CACB-589D-4BA5-A622-0DCD6E744735}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1A5A851C-B8B4-CD8E-920B-EE21B9E4FE31}" = Catalyst Control Center Graphics Full Existing
"{2BA8A909-F17C-4AE5-85C1-9107B7A60D26}" = Toshiba TEMPRO
"{2D7D6A0E-A6A7-1080-980C-67FB8E20D93D}" = ccc-utility
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{4117DF3C-6677-4A22-90B7-FF06923417E9}" = LibreOffice 4.2.3.3
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{502DBACB-D72F-276E-9B51-1CC980633BDC}" = CCC Help German
"{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6275D380-371D-6D6E-32AF-97009138EBE3}" = Skins
"{67905A54-F074-6F13-3C61-DA40552079BB}" = Catalyst Control Center Graphics Light
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E4F5172-7A60-E18C-D1F2-C8D783197A7C}" = Catalyst Control Center Localization German
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Premium
"{9E871D09-064D-3BC9-963B-3AB8ABE1273D}" = Microsoft .NET Framework 4.5.1 (DEU)
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.9) - Deutsch
"{C6DCC59B-48D8-5092-2F69-8C423BFAB27F}" = Catalyst Control Center Graphics Previews Vista
"{C970757C-FD82-ED94-66C4-AF7C0266699E}" = ATI Catalyst Install Manager
"{CB22A47C-EFEA-2400-DB68-8F9B1D24BF43}" = Catalyst Control Center Graphics Full New
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE8B9F6B-7D9E-3C56-7B27-1E484CD41D78}" = ccc-core-static
"{D00EAB9D-C698-D4F6-214F-6FFC496B7F71}" = Catalyst Control Center Core Implementation
"{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}" = Catalyst Control Center - Branding
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2130
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"Ditto_is1" = Ditto
"GIMP-2_is1" = GIMP 2.8.10
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 29.0 (x86 de)" = Mozilla Firefox 29.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProInst" = Intel(R) PROSet/Wireless Software
"S3" = Die Siedler III Gold Edition
"VLC media player" = VLC media player 2.1.3
"WinRAR archiver" = WinRAR
"yEd Graph Editor 3.6" = yEd Graph Editor 3.6
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Aurora 31.0a2 (x86 de)" = Aurora 31.0a2 (x86 de)
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.6
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.03.2012 01:04:18 | Computer Name = pcname | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.03.2012 06:43:15 | Computer Name = pcname | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.03.2012 09:06:48 | Computer Name = pcname | Source = EventSystem | ID = 4621
Description = 
 
Error - 30.03.2012 15:34:28 | Computer Name = pcname | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.03.2012 16:20:50 | Computer Name = pcname | Source = EventSystem | ID = 4621
Description = 
 
Error - 30.03.2012 20:14:28 | Computer Name = pcname | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.03.2012 20:24:35 | Computer Name = pcname | Source = EventSystem | ID = 4621
Description = 
 
Error - 31.03.2012 05:40:02 | Computer Name = pcname | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.03.2012 07:34:08 | Computer Name = pcname | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.03.2012 11:42:54 | Computer Name = pcname | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 16.08.2011 11:51:45 | Computer Name = pcname | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 19.05.2014 16:25:20 | Computer Name = pcname | Source = DCOM | ID = 10010
Description = 
 
Error - 21.05.2014 19:41:14 | Computer Name = pcname | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 21.05.2014 19:41:14 | Computer Name = pcname | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.1.100 deaktiviert,
 da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
 die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
 IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
 dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 21.05.2014 19:41:18 | Computer Name = pcname | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 21.05.2014 19:42:14 | Computer Name = pcname | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.05.2014 19:42:14 | Computer Name = pcname | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.05.2014 19:42:14 | Computer Name = pcname | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.05.2014 19:42:14 | Computer Name = pcname | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 22.05.2014 04:15:01 | Computer Name = pcname | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 22.05.2014 04:35:03 | Computer Name = pcname | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
 
< End of report >
         
--- --- ---

Alt 22.05.2014, 12:34   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll - Standard

Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 22.05.2014, 23:47   #3
ichmoechtauc
 
Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll - Standard

Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll



Danke! Hier die Files... wobei ich gleich mal schauen muss, ob die mit Admin-Rechten anders aussehen...

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-05-2014
Ran by *Nutzer2-nonadmin* (ATTENTION: The logged in user is not administrator) on pcname on 23-05-2014 00:38:19
Running from C:\Users\*Nutzer2-nonadmin*\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder\phonostarTimer.exe
(Mozilla Corporation) C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora\firefox.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1050072 2010-08-27] (Toshiba Europe GmbH)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
HKU\S-1-5-21-3063606764-1177351860-3295820248-1001\...\Run: [dradio-RecorderTimer] => C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder\phonostarTimer.exe [42496 2012-10-13] ()

==================== Internet (Whitelisted) ====================

SearchScopes: HKCU - DefaultScope {8E07EE6C-A3D4-4FAA-990C-FF532FE46153} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A010DE739&p={SearchTerms}
SearchScopes: HKCU - {8E07EE6C-A3D4-4FAA-990C-FF532FE46153} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A010DE739&p={SearchTerms}
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @phonostar.de/phonostar - C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder\npphonostarDetectNP.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Pocket - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\isreaditlater@ideashower.com [2014-05-06]
FF Extension: FEBE - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-05-06]
FF Extension: DownloadHelper - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-13]
FF Extension: Add-on Compatibility Reporter - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\compatibility@addons.mozilla.org.xpi [2014-05-06]
FF Extension: gui:config - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\guiconfig@slosd.net.xpi [2014-05-06]
FF Extension: Remove Google Tracking - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\jid0-DpogclPgnN9OvqNntEBbPZxBinY@jetpack.xpi [2014-04-26]
FF Extension: Lazarus: Form Recovery - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\lazarus@interclue.com.xpi [2014-04-26]
FF Extension: Print Edit - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\printedit@DW-dev.xpi [2014-05-19]
FF Extension: Session Manager - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-05-10]
FF Extension: NoScript - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-26]
FF Extension: Adblock Plus - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-13]
FF Extension: BetterPrivacy - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-05-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome: 
=======

========================== Services (Whitelisted) =================

S4 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [124368 2010-08-27] (Toshiba Europe GmbH)
S2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [X]
S2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [X]
S2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-10] (Avira GmbH)
S3 ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-23 00:38 - 2014-05-23 00:39 - 00009949 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\FRST.txt
2014-05-23 00:37 - 2014-05-23 00:38 - 00000000 ____D () C:\FRST
2014-05-23 00:36 - 2014-05-23 00:37 - 01056768 _____ (Farbar) C:\Users\*Nutzer2-nonadmin*\Desktop\FRST(1).exe
2014-05-23 00:33 - 2014-05-23 00:33 - 01056768 _____ (Farbar) C:\Users\*Nutzer2-nonadmin*\Desktop\FRST.exe
2014-05-22 13:14 - 2014-05-22 13:22 - 00041314 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Extras.Txt
2014-05-22 13:13 - 2014-05-22 13:22 - 00081012 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\OTL.Txt
2014-05-22 12:58 - 2014-05-22 13:14 - 00002039 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\trojboard.txt
2014-05-22 12:53 - 2014-05-22 12:53 - 00004437 _____ () C:\Users\*Nutzer2-nonadmin*\AppData\Local\recently-used.xbel
2014-05-22 11:26 - 2014-05-22 12:53 - 00286140 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\viren.xcf
2014-05-22 11:18 - 2014-05-22 11:18 - 00602112 _____ (OldTimer Tools) C:\Users\*Nutzer2-nonadmin*\Desktop\OTL.exe
2014-05-22 01:42 - 2014-05-22 01:43 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora
2014-05-19 21:50 - 2014-05-19 21:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Ditto
2014-05-19 14:40 - 2014-05-22 11:18 - 00000093 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise2.txt
2014-05-17 00:21 - 2014-05-17 00:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-17 00:18 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 00:18 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 00:18 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 00:09 - 2014-05-17 00:12 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder
2014-05-17 00:09 - 2014-05-17 00:09 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\phonostar GmbH
2014-05-15 14:44 - 2014-05-15 14:45 - 00000289 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise.txt
2014-05-15 14:06 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 02:12 - 2014-05-15 02:13 - 107708366 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Druna-CI-Workshop-Beispiel.mp4
2014-05-14 02:36 - 2014-05-14 02:36 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-05-13 16:03 - 2014-05-13 16:03 - 00000788 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.exe.lnk
2014-05-13 15:51 - 2014-05-13 15:52 - 00000000 ____D () C:\Program Files\Autohotkey
2014-05-13 15:49 - 2014-05-13 16:02 - 00002190 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.ahk
2014-05-13 15:46 - 2014-05-14 00:10 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Ditto
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\Program Files\Ditto
2014-05-12 12:39 - 2014-05-12 12:39 - 00152139 _____ () C:\Users\User\Documents\usbnormal
2014-05-12 12:25 - 2014-05-22 11:26 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gtk-2.0
2014-05-12 12:25 - 2014-05-12 12:25 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.thumbnails
2014-05-12 12:23 - 2014-05-22 12:53 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.gimp-2.8
2014-05-12 12:23 - 2014-05-12 12:23 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gegl-0.2
2014-05-12 12:19 - 2014-05-12 12:19 - 00000842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-12 12:15 - 2014-05-12 12:18 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-12 11:27 - 2014-05-12 11:27 - 00000812 _____ () C:\Users\User\Desktop\mp3DirectCut.lnk
2014-05-12 11:26 - 2014-05-12 11:27 - 00000000 ____D () C:\Program Files\mp3directcut
2014-05-12 01:52 - 2014-05-12 01:52 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Apps\2.0
2014-05-12 01:23 - 2014-05-12 01:28 - 25235372 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\futurama-brutale-Polizeigewalt.ogg
2014-05-10 10:17 - 2014-05-10 10:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Notepad++
2014-05-10 10:08 - 2014-05-10 10:11 - 00000000 ____D () C:\Program Files\Notepadpp
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Ahead
2014-05-06 00:28 - 2014-05-06 00:28 - 00000853 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Aurora.lnk
2014-05-05 23:57 - 2014-05-19 22:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-28 08:49 - 2014-05-22 12:34 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\Desktopordner
2014-04-28 08:15 - 2014-04-28 08:15 - 00000104 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Computer.lnk
2014-04-24 12:03 - 2014-04-24 12:09 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Microsoft Games
2014-04-24 12:03 - 2014-04-24 12:03 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Intel

==================== One Month Modified Files and Folders =======

2014-05-23 00:39 - 2014-05-23 00:38 - 00009949 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\FRST.txt
2014-05-23 00:38 - 2014-05-23 00:37 - 00000000 ____D () C:\FRST
2014-05-23 00:37 - 2014-05-23 00:36 - 01056768 _____ (Farbar) C:\Users\*Nutzer2-nonadmin*\Desktop\FRST(1).exe
2014-05-23 00:36 - 2012-05-04 22:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-23 00:34 - 2008-01-21 03:35 - 01480077 _____ () C:\Windows\WindowsUpdate.log
2014-05-23 00:33 - 2014-05-23 00:33 - 01056768 _____ (Farbar) C:\Users\*Nutzer2-nonadmin*\Desktop\FRST.exe
2014-05-23 00:28 - 2010-09-14 16:31 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-05-23 00:28 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-23 00:28 - 2006-11-02 14:47 - 00004160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-23 00:28 - 2006-11-02 14:47 - 00004160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-22 13:28 - 2006-11-02 15:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-22 13:24 - 2010-11-08 17:13 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000UA.job
2014-05-22 13:22 - 2014-05-22 13:14 - 00041314 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Extras.Txt
2014-05-22 13:22 - 2014-05-22 13:13 - 00081012 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\OTL.Txt
2014-05-22 13:14 - 2014-05-22 12:58 - 00002039 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\trojboard.txt
2014-05-22 12:53 - 2014-05-22 12:53 - 00004437 _____ () C:\Users\*Nutzer2-nonadmin*\AppData\Local\recently-used.xbel
2014-05-22 12:53 - 2014-05-22 11:26 - 00286140 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\viren.xcf
2014-05-22 12:53 - 2014-05-12 12:23 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.gimp-2.8
2014-05-22 12:34 - 2014-04-28 08:49 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\Desktopordner
2014-05-22 12:31 - 2010-11-08 17:13 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000Core.job
2014-05-22 11:26 - 2014-05-12 12:25 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gtk-2.0
2014-05-22 11:18 - 2014-05-22 11:18 - 00602112 _____ (OldTimer Tools) C:\Users\*Nutzer2-nonadmin*\Desktop\OTL.exe
2014-05-22 11:18 - 2014-05-19 14:40 - 00000093 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise2.txt
2014-05-22 01:43 - 2014-05-22 01:42 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora
2014-05-19 22:04 - 2014-05-05 23:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-19 21:50 - 2014-05-19 21:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Ditto
2014-05-17 01:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-17 00:25 - 2013-09-29 16:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 00:22 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-17 00:21 - 2014-05-17 00:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-17 00:21 - 2010-09-14 16:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-17 00:12 - 2014-05-17 00:09 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder
2014-05-17 00:09 - 2014-05-17 00:09 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\phonostar GmbH
2014-05-15 14:45 - 2014-05-15 14:44 - 00000289 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise.txt
2014-05-15 02:13 - 2014-05-15 02:12 - 107708366 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Druna-CI-Workshop-Beispiel.mp4
2014-05-14 04:03 - 2014-04-13 18:19 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\vlc
2014-05-14 02:36 - 2014-05-14 02:36 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-05-14 02:36 - 2012-05-04 22:15 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 02:36 - 2011-05-17 18:00 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 02:31 - 2010-09-14 11:11 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-05-14 00:10 - 2014-05-13 15:46 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Ditto
2014-05-13 16:03 - 2014-05-13 16:03 - 00000788 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.exe.lnk
2014-05-13 16:02 - 2014-05-13 15:49 - 00002190 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.ahk
2014-05-13 15:52 - 2014-05-13 15:51 - 00000000 ____D () C:\Program Files\Autohotkey
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\Program Files\Ditto
2014-05-12 12:39 - 2014-05-12 12:39 - 00152139 _____ () C:\Users\User\Documents\usbnormal
2014-05-12 12:25 - 2014-05-12 12:25 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.thumbnails
2014-05-12 12:25 - 2014-04-13 14:45 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*
2014-05-12 12:23 - 2014-05-12 12:23 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gegl-0.2
2014-05-12 12:19 - 2014-05-12 12:19 - 00000842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-12 12:18 - 2014-05-12 12:15 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-12 11:27 - 2014-05-12 11:27 - 00000812 _____ () C:\Users\User\Desktop\mp3DirectCut.lnk
2014-05-12 11:27 - 2014-05-12 11:26 - 00000000 ____D () C:\Program Files\mp3directcut
2014-05-12 11:24 - 2008-01-21 09:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 11:22 - 2006-11-02 14:52 - 00125458 _____ () C:\Windows\setupact.log
2014-05-12 01:52 - 2014-05-12 01:52 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Apps\2.0
2014-05-12 01:28 - 2014-05-12 01:23 - 25235372 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\futurama-brutale-Polizeigewalt.ogg
2014-05-10 10:17 - 2014-05-10 10:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Notepad++
2014-05-10 10:11 - 2014-05-10 10:08 - 00000000 ____D () C:\Program Files\Notepadpp
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Ahead
2014-05-08 14:27 - 2012-05-23 19:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-06 01:32 - 2014-05-17 00:18 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 01:14 - 2014-05-17 00:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 01:14 - 2014-05-17 00:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 00:28 - 2014-05-06 00:28 - 00000853 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Aurora.lnk
2014-04-28 08:15 - 2014-04-28 08:15 - 00000104 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Computer.lnk
2014-04-24 12:09 - 2014-04-24 12:03 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Microsoft Games
2014-04-24 12:03 - 2014-04-24 12:03 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Intel

Some content of TEMP:
====================
C:\Users\*Nutzer2-nonadmin*\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\AskSLib.dll
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\DivXSetup.exe
C:\Users\User\AppData\Local\Temp\i4jdel0.exe
C:\Users\User\AppData\Local\Temp\instloffer.exe
C:\Users\User\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\User\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\User\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\User\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\User\AppData\Local\Temp\KUIU.EXE
C:\Users\User\AppData\Local\Temp\nsqB6C3.tmp.ConduitEngineEmbbed.exe
C:\Users\User\AppData\Local\Temp\ose00000.exe
C:\Users\User\AppData\Local\Temp\softonic-de3.exe
C:\Users\User\AppData\Local\Temp\tbsof0.dll
C:\Users\User\AppData\Local\Temp\utildel.exe
C:\Users\User\AppData\Local\Temp\_is68D6.exe
C:\Users\User\AppData\Local\Temp\_isC5F1.exe
C:\Users\User\AppData\Local\Temp\{45A92BE1-6EBD-49E1-BD6A-D44009C4A718}-30.0.1599.69_chrome_installer.exe
C:\Users\User\AppData\Local\Temp\{73892D8B-5C3B-403C-A7F1-07553C8EE695}-30.0.1599.69_chrome_installer.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         
--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-05-2014
Ran by *Nutzer2-nonadmin* at 2014-05-23 00:39:39
Running from C:\Users\*Nutzer2-nonadmin*\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{C970757C-FD82-ED94-66C4-AF7C0266699E}) (Version: 3.0.657.0 - ATI Technologies, Inc.)
Aurora 31.0a2 (x86 de) (HKCU\...\Aurora 31.0a2 (x86 de)) (Version: 31.0a2 - Mozilla)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Catalyst Control Center - Branding (HKLM\...\{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}) (Version: 1.00.0000 - ATI)
Catalyst Control Center Core Implementation (Version: 2008.0130.1509.26922 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0130.1509.26922 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0130.1509.26922 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0130.1509.26922 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0130.1509.26922 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0130.1509.26922 - ATI) Hidden
CCC Help German (Version: 2008.0130.1508.26922 - ATI) Hidden
ccc-core-static (Version: 2008.0130.1509.26922 - Ihr Firmenname) Hidden
ccc-utility (Version: 2008.0130.1509.26922 - ATI) Hidden
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.00 - TOSHIBA)
Die Siedler III Gold Edition (HKLM\...\S3) (Version:  - )
Ditto (HKLM\...\Ditto_is1) (Version:  - Scott Brogden)
dradio-Recorder Version 3.02.6 (HKCU\...\dradio-Recorder_is1) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179) (Version:  - )
HL-2130 (HKLM\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.6.0 - Brother Industries, Ltd.)
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.5.0000 - Intel Corporation)
LibreOffice 4.2.3.3 (HKLM\...\{4117DF3C-6677-4A22-90B7-FF06923417E9}) (Version: 4.2.3.3 - The Document Foundation)
mCorev32.ism_new (Version: 11.02.0000 - Intel Corporation) Hidden
mCPlug (Version: 11.02.0000 - Intel Corporation) Hidden
mHelp (Version: 11.02.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
mMHouse (Version: 11.02.0000 - Intel Corporation) Hidden
Mozilla Firefox 29.0 (x86 de) (HKLM\...\Mozilla Firefox 29.0 (x86 de)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
mPfMgr (Version: 11.02.0000 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Premium (HKLM\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711031}) (Version: 7.03.1151 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
PC Connectivity Solution (HKLM\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia)
PDF24 Creator 5.4.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
QuickTime (HKLM\...\{EB900AF8-CC61-4E15-871B-98D1EA3E8025}) (Version: 7.67.75.0 - Apple Inc.)
Secure Download Manager (HKLM\...\{AA57D6F1-6360-4397-B2D9-B21C69863D97}) (Version: 3.1.0 - Kivuto Solutions Inc.)
Skins (Version: 2008.0130.1509.26922 - ATI) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.04 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.1.26 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - Toshiba) Hidden
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}) (Version: 3.00.01.00 - TOSHIBA)
TOSHIBA Hardware Setup (Version: 3.00.01.00 - TOSHIBA) Hidden
Toshiba TEMPRO (HKLM\...\{2BA8A909-F17C-4AE5-85C1-9107B7A60D26}) (Version: 2.30 - Toshiba Europe GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0) (HKLM\...\3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F) (Version: 10/12/2007 6.85.4.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
yEd Graph Editor 3.6 (HKLM\...\yEd Graph Editor 3.6) (Version:  - yWorks GmbH)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000Core.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000UA.job => ?

==================== Loaded Modules (whitelisted) =============

2010-09-11 13:11 - 2008-01-30 16:30 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2010-09-10 15:37 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2014-05-17 00:09 - 2012-10-13 16:05 - 00042496 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder\phonostarTimer.exe
2014-05-22 01:42 - 2014-05-22 01:43 - 03897456 _____ () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: NBService => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\Windows\pss\OpenOffice.org 3.2.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: Google Update => "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
MSCONFIG\startupreg: TOSCDSPD => C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/23/2014 00:29:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2014 01:28:22 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/22/2014 10:50:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\*Nutzer2-nonadmin*\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\7O2PKBZD.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/22/2014 10:50:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\*Nutzer2-nonadmin*\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\7O2PKBZD.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/22/2014 10:50:34 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\*Nutzer2-nonadmin*\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\7O2PKBZD.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/22/2014 10:50:34 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\*Nutzer2-nonadmin*\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\7O2PKBZD.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/22/2014 10:50:34 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\*Nutzer2-nonadmin*\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\7O2PKBZD.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/22/2014 10:50:34 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\*Nutzer2-nonadmin*\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\7O2PKBZD.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/22/2014 10:50:34 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\*Nutzer2-nonadmin*\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\7O2PKBZD.DEFAULT\CACHE\6> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/22/2014 10:50:34 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\*Nutzer2-nonadmin*\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\7O2PKBZD.DEFAULT\CACHE\6> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (05/23/2014 00:29:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee SiteAdvisor Service%%3

Error: (05/23/2014 00:29:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Avira Echtzeit-Scanner%%3

Error: (05/23/2014 00:29:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (05/23/2014 00:29:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Avira Planer%%3

Error: (05/23/2014 00:28:56 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (05/23/2014 00:28:37 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.1.100 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.

Error: (05/23/2014 00:28:37 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.

Error: (05/22/2014 01:28:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/22/2014 10:35:03 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (05/22/2014 10:15:01 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.


Microsoft Office Sessions:
=========================
Error: (08/16/2011 05:51:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2012-12-02 19:25:47.231
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-02 19:25:46.948
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-02 19:25:46.942
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-02 19:25:46.897
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-02 19:24:13.583
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-02 19:24:13.529
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-02 19:24:13.164
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-02 19:24:13.121
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-02 19:12:43.257
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-02 19:12:42.969
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 38%
Total physical RAM: 3069.67 MB
Available physical RAM: 1880.26 MB
Total Pagefile: 6341.61 MB
Available Pagefile: 5284.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:295.79 GB) (Free:180.38 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
--- --- ---
__________________

Geändert von ichmoechtauc (22.05.2014 um 23:53 Uhr) Grund: an

Alt 23.05.2014, 16:29   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll - Standard

Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll



Unsere Tools brauchen auf jeden Fall Adminrechte.

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.05.2014, 14:42   #5
ichmoechtauc
 
Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll - Standard

Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll



Neustart probier ich mal gleich. Edit: Keine Fehlermeldung

Code:
ATTFilter
ComboFix 14-05-19.01 - User 23.05.2014  17:50:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1883 [GMT 2:00]
ausgeführt von:: c:\users\*Nutzer2-nonadmin*\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\User\AppData\Roaming\AcroIEHelpe.txt
c:\users\User\AppData\Roaming\srvblck2.tmp
c:\users\User\betterads_local.exe.quarantaene
c:\windows\IsUn0407.exe
c:\windows\system32\Oleaut32.1
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-23 bis 2014-05-23  ))))))))))))))))))))))))))))))
.
.
2014-05-23 15:58 . 2014-05-23 16:00	--------	d-----w-	c:\users\User\AppData\Local\temp
2014-05-23 15:58 . 2014-05-23 15:58	--------	d-----w-	c:\users\*Nutzer2-nonadmin*\AppData\Local\temp
2014-05-23 15:58 . 2014-05-23 15:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-23 14:54 . 2014-05-23 14:54	62576	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46B8E6ED-9C00-45F3-87D5-E1A62AA3C101}\offreg.dll
2014-05-23 14:54 . 2014-05-23 14:54	39464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46B8E6ED-9C00-45F3-87D5-E1A62AA3C101}\MpKsld4347f8e.sys
2014-05-23 13:17 . 2014-05-23 13:17	--------	d-----w-	c:\users\*Nutzer2-nonadmin*\AppData\Roaming\Nokia Suite
2014-05-23 13:17 . 2014-05-23 13:17	--------	d-----w-	c:\users\*Nutzer2-nonadmin*\AppData\Roaming\Nokia
2014-05-23 13:04 . 2014-05-23 13:04	--------	d-----w-	c:\users\*Nutzer2-nonadmin*\AppData\Local\Nokia
2014-05-23 13:04 . 2014-05-23 13:15	--------	d-----w-	c:\users\*Nutzer2-nonadmin*\AppData\Roaming\PC Suite
2014-05-23 13:04 . 2014-05-23 13:04	--------	d-----w-	c:\users\User\AppData\Local\Nokia
2014-05-23 13:02 . 2014-05-23 13:02	--------	d-----w-	c:\program files\Common Files\Nokia
2014-05-23 13:02 . 2014-05-23 13:04	--------	d-----w-	c:\programdata\Nokia
2014-05-23 13:01 . 2012-10-17 12:53	19072	----a-w-	c:\windows\system32\drivers\pccsmcfd.sys
2014-05-23 13:01 . 2014-05-23 13:01	--------	d-----w-	c:\program files\PC Connectivity Solution
2014-05-23 12:59 . 2014-05-23 13:01	--------	d-----w-	c:\windows\LastGood
2014-05-23 12:57 . 2014-05-23 13:02	--------	d-----w-	c:\program files\Nokia
2014-05-23 12:54 . 2006-08-29 14:56	32377	----a-w-	c:\windows\system32\drivers\prodigy.sys
2014-05-23 12:54 . 2014-05-23 13:24	--------	d-----w-	c:\program files\NSS
2014-05-23 10:58 . 2014-04-30 23:37	8073384	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46B8E6ED-9C00-45F3-87D5-E1A62AA3C101}\mpengine.dll
2014-05-23 01:48 . 2014-05-23 01:49	--------	d-----w-	c:\program files\Python26
2014-05-23 01:07 . 2014-05-23 01:30	--------	d-----w-	c:\users\*Nutzer2-nonadmin*\MediathekView
2014-05-23 01:05 . 2014-05-23 01:24	--------	d-----w-	c:\users\*Nutzer2-nonadmin*\.mediathek3
2014-05-23 01:00 . 2014-05-23 01:00	--------	d-----w-	c:\programdata\Oracle
2014-05-23 01:00 . 2014-05-23 01:00	--------	d-----w-	c:\program files\Common Files\Java
2014-05-23 00:59 . 2014-05-23 00:58	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-05-23 00:12 . 2014-05-23 00:13	--------	d-----w-	c:\program files\mediathekview
2014-05-22 23:09 . 2014-05-22 23:10	--------	d-----w-	c:\program files\Python27
2014-05-22 22:57 . 2014-05-22 22:57	--------	d-----w-	c:\program files\Meld
2014-05-22 22:51 . 2014-05-22 22:51	--------	d-----w-	c:\users\*Nutzer2-nonadmin*\AppData\Local\Aurora
2014-05-22 22:37 . 2014-05-22 23:09	--------	d-----w-	C:\FRST
2014-05-22 09:47 . 2014-05-22 09:47	--------	d-----w-	C:\oldprefetch
2014-05-21 23:56 . 2014-05-04 17:20	765968	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E91C2C8F-CFEF-402F-A525-A80DD171CA34}\gapaengine.dll
2014-05-21 23:54 . 2014-04-30 23:37	8073384	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-19 19:50 . 2014-05-19 19:50	--------	d-----w-	c:\users\User\AppData\Roaming\Ditto
2014-05-16 22:18 . 2014-05-05 23:14	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-16 22:09 . 2014-05-16 22:09	--------	d-----w-	c:\users\*Nutzer2-nonadmin*\AppData\Roaming\phonostar GmbH
2014-05-14 00:36 . 2014-05-14 00:36	17352880	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2014-05-13 13:51 . 2014-05-13 13:52	--------	d-----w-	c:\program files\Autohotkey
2014-05-13 13:46 . 2014-05-13 22:10	--------	d-----w-	c:\users\*Nutzer2-nonadmin*\AppData\Roaming\Ditto
2014-05-13 13:46 . 2014-05-13 13:46	--------	d-----w-	c:\program files\Ditto
2014-05-12 10:25 . 2014-05-22 09:26	--------	d-----w-	c:\users\*Nutzer2-nonadmin*\AppData\Local\gtk-2.0
2014-05-12 10:25 . 2014-05-12 10:25	--------	d-----w-	c:\users\*Nutzer2-nonadmin*\.thumbnails
2014-05-12 10:23 . 2014-05-12 10:23	--------	d-----w-	c:\users\*Nutzer2-nonadmin*\AppData\Local\fontconfig
2014-05-12 10:23 . 2014-05-22 10:53	--------	d-----w-	c:\users\*Nutzer2-nonadmin*\.gimp-2.8
2014-05-12 10:23 . 2014-05-12 10:23	--------	d-----w-	c:\users\*Nutzer2-nonadmin*\AppData\Local\gegl-0.2
2014-05-12 10:15 . 2014-05-12 10:18	--------	d-----w-	c:\program files\GIMP 2
2014-05-12 09:26 . 2014-05-12 09:27	--------	d-----w-	c:\program files\mp3directcut
2014-05-11 23:52 . 2014-05-11 23:52	--------	d-----w-	c:\users\*Nutzer2-nonadmin*\AppData\Local\Apps
2014-05-10 08:17 . 2014-05-10 08:17	--------	d-----w-	c:\users\*Nutzer2-nonadmin*\AppData\Roaming\Notepad++
2014-05-10 08:08 . 2014-05-10 08:11	--------	d-----w-	c:\program files\Notepadpp
2014-05-09 12:27 . 2014-05-09 12:27	--------	d-----w-	c:\users\*Nutzer2-nonadmin*\AppData\Local\Ahead
2014-04-24 10:03 . 2014-04-24 10:09	--------	d-----w-	c:\users\*Nutzer2-nonadmin*\AppData\Local\Microsoft Games
2014-04-24 10:03 . 2014-04-24 10:03	--------	d-----w-	c:\users\*Nutzer2-nonadmin*\AppData\Roaming\Intel
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 00:36 . 2012-05-04 20:15	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-05-14 00:36 . 2011-05-17 16:00	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-04 17:20 . 2014-04-20 13:00	765968	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-03-31 20:46 . 2014-03-31 20:46	130712	----a-w-	c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46	1070232	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2014-03-17 08:16 . 2014-04-16 08:03	7969936	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A62FBF1C-8C10-48F3-BCCE-F6A6B9B9A755}\mpengine.dll
2014-03-11 07:52 . 2014-03-11 07:52	104264	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-07 23:12 . 2014-04-12 11:35	1806848	----a-w-	c:\windows\system32\jscript9.dll
2014-03-07 23:02 . 2014-04-12 11:35	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2014-03-07 23:02 . 2014-04-12 11:35	1129472	----a-w-	c:\windows\system32\wininet.dll
2014-03-07 22:57 . 2014-04-12 11:35	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2014-03-07 22:56 . 2014-04-12 11:35	421376	----a-w-	c:\windows\system32\vbscript.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Ditto"="c:\program files\Ditto\Ditto.exe" [2012-11-08 1433200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-08-27 1050072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 09:13	152872	----a-w-	c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
2010-06-10 12:42	2621440	------r-	c:\program files\Browny02\Brother\BrStMonW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-11-08 15:13	136176	----atw-	c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 06:27	570664	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2013-03-20 12:38	162856	----a-w-	c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 03:15	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-10 21:28	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2013-04-18 08:55	1105408	----a-w-	c:\users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 10:35	90112	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2007-12-29 07:06	430080	----a-w-	c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSLD4347F8E
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 00:36]
.
2014-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-08 15:13]
.
2014-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-08 15:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube Download - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o3cx0grh.default-1397302169899\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
HKLM-Run-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
AddRemove-Avira AntiVir Desktop - c:\program files\Avira\AntiVir Desktop\setup.exe
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179\UIU32m.exe
AddRemove-S3 - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-05-23 18:00
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
c:\users\User\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}]
@DACL=(02 0000)
@="MX XML Reader 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}]
@DACL=(02 0000)
@="Update3COMClass"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{08FB66B9-2D2D-4B35-A747-D5D9E9F472E2}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{0F9285DF-3511-4FE6-A587-CD8F61A121CA}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{1793FE32-120E-4D33-8BE9-19EF4AD165F6}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{220DFF67-87CE-4D26-8020-27E0B554A880}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}]
@DACL=(02 0000)
@="GoogleUpdate Update3Web"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}]
@DACL=(02 0000)
@="Google Update Legacy On Demand"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{3063357E-821C-4A7D-B49A-F61EA772BF9B}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{3A6EE5C3-7A28-452B-832D-08FE74C7EEAD}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{4A26DF46-A5AF-4D46-A60D-14AD89E57A63}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{515C93ED-88BD-4CCB-AE7F-9F2A1E9695A3}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}]
@DACL=(02 0000)
@="Google.OneClickProcessLauncher"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{546958A5-5C48-48BE-9396-599811623E60}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}]
@DACL=(02 0000)
@="CommandExecuteImpl Class"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}]
@DACL=(02 0000)
@="SAX XML Reader 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="XML DOM Document 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="Free Threaded XML DOM Document 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="XML Schema Cache 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="XSL Template 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="XML Data Source Object 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="XML HTTP 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="Server XML HTTP 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="MXXMLWriter 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="MXHTMLWriter 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="SAXAttributes 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="MXNamespaceManager 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{A1436E43-F58F-4D3B-B908-B6DA44563B00}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{A480C024-04D0-4F28-8CF0-ADACE2BD839C}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{B41AD4BE-25BA-4A51-A0BB-FC1584E316F1}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
@DACL=(02 0000)
@="Google Update Plugin"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
@DACL=(02 0000)
@="Google Update Plugin"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.0_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.0_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.0_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_08"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_08"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_09"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_09"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_10"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_10"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_11"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_11"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_12"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_12"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_13"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_13"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_14"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_14"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_15"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_15"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_16"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_16"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_17"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_17"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_18"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_18"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_19"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_19"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_20"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_20"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_21"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_21"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_22"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_22"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_23"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_23"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_24"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_24"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_25"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_25"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_27"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_27"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_28"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_28"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_29"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_29"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_30"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_30"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_08"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_08"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_09"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_09"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_10"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_10"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_11"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_11"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_12"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_12"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_13"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_13"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_14"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_14"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_15"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_15"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_16"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_16"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_17"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_17"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_18"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_18"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_19"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_19"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_20"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_20"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_21"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_21"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_22"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_22"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_23"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_23"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_24"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_24"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_25"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_25"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_27"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_27"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_28"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_28"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_29"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_29"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_30"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_30"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_08"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_08"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_08"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_09"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_09"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_09"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_10"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_10"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_10"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_11"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_11"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_11"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_12"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_12"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_12"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_13"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_13"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_13"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_14"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_14"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_14"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_15"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_15"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_15"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_16"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_16"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_16"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_17"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_17"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_17"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_18"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_18"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_18"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_19"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_19"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_19"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_20"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_20"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_20"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_21"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_21"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_21"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_22"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_22"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_22"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_23"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_23"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_23"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_24"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_24"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_24"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_25"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_25"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_25"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_27"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_27"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_27"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_28"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_28"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_28"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_29"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_29"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_29"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_30"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_30"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_30"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_08"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_08"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_08"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_09"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_09"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_09"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_10"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_10"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_10"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_11"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_11"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_11"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_12"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_12"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_12"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_13"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_13"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_13"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_14"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_14"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_14"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_15"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_15"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_15"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_16"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_16"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_16"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_17"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_17"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_17"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_18"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_18"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_18"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_19"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_19"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_19"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_20"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_20"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_20"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_21"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_21"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_21"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_22"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_22"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_22"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_23"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_23"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_23"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_24"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_24"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_24"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_25"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_25"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_25"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CD221623-4F9A-4FA5-A9EE-A77EC8F0E7BD}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.0_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}]
@DACL=(02 0000)
@="GoogleUpdate CredentialDialog"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{EFF39A40-C163-4d5d-B073-52FBB55C646A}]
@DACL=(02 0000)
@="Adobe PDF Reader Link Helper"
"AppID"="{74DB2CD7-094B-4d60-9656-ADC2F8830D29}"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{FD10EA6A-0D14-4AA2-A376-0C8D51CA8779}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2014-05-23  18:02:38
ComboFix-quarantined-files.txt  2014-05-23 16:02
.
Vor Suchlauf: 11 Verzeichnis(se), 193.216.204.800 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 196.871.512.064 Bytes frei
.
- - End Of File - - AB1D20248AA11D60BEDB8B23B0DA48AB
5C616939100B85E558DA92B899A0FC36
         
Nach dem Neustart war jetzt das WiFi deaktiviert. Das passt zu den von Combofix behandelten Dateien. In der Ini standen allerdings keine Programmnamen drin. Insofern verstehe ich nicht, warum die in Quarantäne geschickt wurde.


Geändert von ichmoechtauc (23.05.2014 um 19:52 Uhr)

Alt 25.05.2014, 07:07   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll - Standard

Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll



Das ist ne Fehlerkennng. Können wir wieder rausholen falls Du es nicht schon behoben hast.

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll

Alt 27.05.2014, 12:06   #7
ichmoechtauc
 
Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll - Standard

Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll



Hier ist jetzt alles zu finden, ein paar weitere wurden noch entdeckt:


MBAM

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 26.05.2014
Suchlauf-Zeit: 00:29:38
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.05.25.07
Rootkit Datenbank: v2014.05.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: User

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 282752
Verstrichene Zeit: 9 Min, 29 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 4
Trojan.Agent, HKU\S-1-5-21-3063606764-1177351860-3295820248-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EFF39A40-C163-4d5d-B073-52FBB55C646A}, In Quarantäne, [54474b0a413a4cea7252fa46d62cf60a], 
PUP.Optional.BundleInstaller.A, HKLM\SOFTWARE\VITTALIA\AxtanInstaller, In Quarantäne, [8a111a3b4d2ecb6bde30158f51b1cd33], 
PUP.Optional.PriceGong.A, HKU\S-1-5-21-3063606764-1177351860-3295820248-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, In Quarantäne, [7d1e7dd8d8a3f83e27c5c7d96f9305fb], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-3063606764-1177351860-3295820248-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [603b98bde29988ae0a154b4a50b24ab6], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 1
Adware.InstallBrain, C:\ProgramData\IBUpdaterService, In Quarantäne, [e8b3b5a04c2f4ceaf371920457acb34d], 

Dateien: 3
Trojan.Agent, C:\Users\User\AppData\Roaming\5053\components\AcroFF5.dll, In Quarantäne, [cad123327902bb7bf240c3ba29d747b9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dhdepfaagokllfmhfbcfmocaeigmoebo_0.localstorage-journal, In Quarantäne, [d4c79bba05761c1a82cbc7cb6e9414ec], 
Adware.InstallBrain, C:\ProgramData\IBUpdaterService\repository.xml, In Quarantäne, [e8b3b5a04c2f4ceaf371920457acb34d], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Ein zweiter Durchlauf nach dem Neustart, zusätzlich mit angeschalteter Rootkit-Suche, fand nichts.

Code:
ATTFilter
# AdwCleaner v3.210 - Bericht erstellt am 26/05/2014 um 02:29:34
# Aktualisiert 19/05/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : User - pcname
# Gestartet von : C:\Users\*Nutzer2-nonadmin*\Desktop\adwcleaner_3.210.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Windows\system32\conduitEngine.tmp
Ordner Gefunden : C:\Program Files\FreeRIP3
Ordner Gefunden : C:\ProgramData\FreeRIP
Ordner Gefunden : C:\Users\User\AppData\Local\Conduit
Ordner Gefunden : C:\Users\User\AppData\Local\OpenCandy
Ordner Gefunden : C:\Users\User\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\User\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\User\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gefunden : C:\Users\User\AppData\Roaming\Uniblue

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\MGShareware
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{501451DE-5808-4599-B544-8BD0915B6B24}_is1
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gefunden : HKLM\Software\MGShareware
Schlüssel Gefunden : HKLM\Software\Uniblue
Schlüssel Gefunden : HKLM\Software\Vittalia

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v29.0 (de)

[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o3cx0grh.default-1397302169899\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gefunden [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
Gefunden [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Gefunden [Extension] : kincjchfokkeneeofpeefomkikfkiedl

*************************

AdwCleaner[R0].txt - [2616 octets] - [26/05/2014 02:29:34]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [2676 octets] ##########
         
Code:
ATTFilter
# AdwCleaner v3.210 - Bericht erstellt am 26/05/2014 um 02:31:34
# Aktualisiert 19/05/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : User - pcname
# Gestartet von : C:\Users\*Nutzer2-nonadmin*\Desktop\adwcleaner_3.210.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\FreeRIP
Ordner Gelöscht : C:\Program Files\FreeRIP3
Ordner Gelöscht : C:\Users\User\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\User\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\User\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Uniblue
Datei Gelöscht : C:\Windows\system32\conduitEngine.tmp

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKCU\Software\MGShareware
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\MGShareware
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Vittalia
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{501451DE-5808-4599-B544-8BD0915B6B24}_is1

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v29.0 (de)

[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o3cx0grh.default-1397302169899\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
Gelöscht [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Gelöscht [Extension] : kincjchfokkeneeofpeefomkikfkiedl

*************************

AdwCleaner[R0].txt - [2754 octets] - [26/05/2014 02:29:34]
AdwCleaner[S0].txt - [2677 octets] - [26/05/2014 02:31:34]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [2737 octets] ##########
         

JRT hat eine Logdatei ausgespuckt, allerdings erst beim 2. Mal. Es kann weiterhin sein, dass ich das mehrmals gestartet hab (irgendwie liefen aber auch beide Male 2 von den Programmen gleichzeitig, auch wenn ich das nur einmal gestartet hab)


JRT

JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by User on 26.05.2014 at  2:56:52,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.05.2014 at  3:01:50,10
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---


Hab hierdrin nochmal aus Versehen Combofix statt FRST gestartet. Das hat aber nix gefunden.

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by User (administrator) on pcname on 26-05-2014 14:04:02
Running from C:\Users\*Nutzer2-nonadmin*\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1050072 2010-08-27] (Toshiba Europe GmbH)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [1433200 2012-11-08] ()
HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3063606764-1177351860-3295820248-1001\...\Run: [dradio-RecorderTimer] => C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder\phonostarTimer.exe [42496 2012-10-13] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE003EBEC9B7ECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {9DF002E3-B996-4600-858A-B63E2D74FB66} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o3cx0grh.default-1397302169899
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll No File
CHR Plugin: (ScorchPlugin) - C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (SiteAdvisor) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-09-12]
CHR Extension: (AT_AgathaRuizdelaPrada) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccdaldnlpmblnjpbboadeocpnclfcbm [2010-11-08]

========================== Services (Whitelisted) =================

S4 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [124368 2010-08-27] (Toshiba Europe GmbH)
S2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [X]
S2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [X]
S2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-10] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S3 ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-26 14:04 - 2014-05-26 14:04 - 00012075 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\FRST.txt
2014-05-26 14:03 - 2014-05-26 14:03 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\FRST-OlderVersion
2014-05-26 13:59 - 2014-05-26 13:59 - 00074398 _____ () C:\ComboFix.txt
2014-05-26 13:44 - 2014-05-26 14:00 - 00000000 ____D () C:\ComboFix
2014-05-26 03:00 - 2014-05-26 03:01 - 00000818 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\JRT.txt
2014-05-26 02:36 - 2014-05-26 02:36 - 00000000 ____D () C:\Windows\ERUNT
2014-05-26 02:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-26 02:29 - 2014-05-26 02:31 - 00000000 ____D () C:\AdwCleaner
2014-05-26 02:28 - 2014-05-26 02:28 - 00000546 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\bandscheiben.txt
2014-05-26 00:54 - 2014-05-26 02:51 - 00000554 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\todo-viren.txt
2014-05-26 00:53 - 2014-05-26 00:53 - 01326389 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\adwcleaner_3.210.exe
2014-05-26 00:53 - 2014-05-26 00:53 - 01016261 _____ (Thisisu) C:\Users\*Nutzer2-nonadmin*\Desktop\JRT.exe
2014-05-26 00:43 - 2014-05-26 00:44 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora
2014-05-26 00:43 - 2014-05-26 00:43 - 00002469 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\mbam.txt
2014-05-26 00:28 - 2014-05-26 00:43 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 00:28 - 2014-05-26 00:28 - 00000859 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-26 00:28 - 2014-05-26 00:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 00:28 - 2014-05-26 00:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-26 00:28 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-26 00:28 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-26 00:28 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-23 17:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-23 17:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-23 17:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-23 17:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-23 17:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-23 17:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-23 17:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-23 17:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-23 17:41 - 2014-05-26 14:00 - 00000000 ____D () C:\Qoobox
2014-05-23 17:41 - 2014-05-23 18:01 - 00000000 ____D () C:\Windows\erdnt
2014-05-23 17:39 - 2014-05-26 13:44 - 05200919 ____R (Swearware) C:\Users\*Nutzer2-nonadmin*\Desktop\ComboFix.exe
2014-05-23 15:17 - 2014-05-23 15:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Nokia Suite
2014-05-23 15:17 - 2014-05-23 15:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Nokia
2014-05-23 15:07 - 2014-05-23 15:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2014-05-23 15:04 - 2014-05-23 15:15 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\PC Suite
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ccdcmb_01009.Wdf
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\User\AppData\Local\Nokia
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\NokiaAccount
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Nokia
2014-05-23 15:03 - 2014-05-23 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2014-05-23 15:02 - 2014-05-23 15:04 - 00000000 ____D () C:\ProgramData\Nokia
2014-05-23 15:02 - 2014-05-23 15:02 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2014-05-23 15:01 - 2014-05-23 15:01 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2014-05-23 15:01 - 2012-10-17 14:53 - 00019072 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfd.sys
2014-05-23 14:57 - 2014-05-23 15:02 - 00000000 ____D () C:\Program Files\Nokia
2014-05-23 14:57 - 2014-05-23 14:57 - 00000000 ____D () C:\ProgramData\NokiaInstallerCache
2014-05-23 14:54 - 2014-05-23 20:31 - 00000000 ____D () C:\Program Files\NSS
2014-05-23 14:54 - 2006-08-29 16:56 - 00032377 _____ (B-phreaks) C:\Windows\system32\Drivers\prodigy.sys
2014-05-23 13:20 - 2014-05-24 15:46 - 00039524 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Desktop.rar
2014-05-23 13:16 - 2014-05-23 13:16 - 00000520 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Aufnahmen - DRadio.lnk
2014-05-23 13:16 - 2014-05-23 13:16 - 00000506 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\MediathekView.lnk
2014-05-23 13:14 - 2014-05-23 13:14 - 00000044 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\filme.txt
2014-05-23 03:49 - 2014-05-23 03:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.6
2014-05-23 03:48 - 2014-05-23 03:49 - 00000000 ____D () C:\Program Files\Python26
2014-05-23 03:07 - 2014-05-23 03:30 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\MediathekView
2014-05-23 03:05 - 2014-05-23 03:24 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.mediathek3
2014-05-23 03:00 - 2014-05-23 03:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-23 03:00 - 2014-05-23 03:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-23 02:59 - 2014-05-23 02:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-23 02:59 - 2014-05-23 02:58 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-23 02:59 - 2014-05-23 02:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-23 02:59 - 2014-05-23 02:58 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-23 02:59 - 2014-05-23 02:58 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-23 02:12 - 2014-05-23 02:13 - 00000000 ____D () C:\Program Files\mediathekview
2014-05-23 01:07 - 2014-05-23 01:07 - 16281600 _____ () C:\Users\*Nutzer2-nonadmin*\Downloads\python-2.7.6.msi
2014-05-23 00:57 - 2014-05-23 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Meld
2014-05-23 00:57 - 2014-05-23 00:57 - 00000000 ____D () C:\Program Files\Meld
2014-05-23 00:53 - 2014-05-23 00:54 - 40184344 _____ (Keegan Witt) C:\Users\*Nutzer2-nonadmin*\Downloads\meld-1.8.4.1.exe
2014-05-23 00:37 - 2014-05-26 14:04 - 00000000 ____D () C:\FRST
2014-05-23 00:33 - 2014-05-26 14:03 - 01056256 _____ (Farbar) C:\Users\*Nutzer2-nonadmin*\Desktop\FRST.exe
2014-05-22 12:53 - 2014-05-22 12:53 - 00004437 _____ () C:\Users\*Nutzer2-nonadmin*\AppData\Local\recently-used.xbel
2014-05-22 11:26 - 2014-05-22 12:53 - 00286140 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\viren.xcf
2014-05-19 21:50 - 2014-05-19 21:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Ditto
2014-05-19 14:40 - 2014-05-22 11:18 - 00000093 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise2.txt
2014-05-17 00:21 - 2014-05-17 00:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-17 00:18 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 00:18 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 00:18 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 00:09 - 2014-05-17 00:12 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder
2014-05-17 00:09 - 2014-05-17 00:09 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\phonostar GmbH
2014-05-15 14:44 - 2014-05-15 14:45 - 00000289 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise.txt
2014-05-15 14:06 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 02:12 - 2014-05-15 02:13 - 107708366 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Druna-CI-Workshop-Beispiel.mp4
2014-05-14 02:36 - 2014-05-14 02:36 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-05-13 16:03 - 2014-05-13 16:03 - 00000788 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.exe.lnk
2014-05-13 15:51 - 2014-05-13 15:52 - 00000000 ____D () C:\Program Files\Autohotkey
2014-05-13 15:49 - 2014-05-13 16:02 - 00002190 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.ahk
2014-05-13 15:46 - 2014-05-14 00:10 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Ditto
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\Program Files\Ditto
2014-05-12 12:39 - 2014-05-12 12:39 - 00152139 _____ () C:\Users\User\Documents\usbnormal
2014-05-12 12:25 - 2014-05-22 11:26 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gtk-2.0
2014-05-12 12:25 - 2014-05-12 12:25 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.thumbnails
2014-05-12 12:23 - 2014-05-22 12:53 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.gimp-2.8
2014-05-12 12:23 - 2014-05-12 12:23 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gegl-0.2
2014-05-12 12:19 - 2014-05-12 12:19 - 00000842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-12 12:15 - 2014-05-12 12:18 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-12 11:27 - 2014-05-12 11:27 - 00000812 _____ () C:\Users\User\Desktop\mp3DirectCut.lnk
2014-05-12 11:26 - 2014-05-12 11:27 - 00000000 ____D () C:\Program Files\mp3directcut
2014-05-12 01:52 - 2014-05-12 01:52 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Apps\2.0
2014-05-12 01:23 - 2014-05-12 01:28 - 25235372 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\futurama-brutale-Polizeigewalt.ogg
2014-05-10 10:17 - 2014-05-10 10:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Notepad++
2014-05-10 10:08 - 2014-05-10 10:11 - 00000000 ____D () C:\Program Files\Notepadpp
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Ahead
2014-05-06 00:28 - 2014-05-06 00:28 - 00000853 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Aurora.lnk
2014-05-05 23:57 - 2014-05-19 22:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-28 08:49 - 2014-05-26 00:50 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\Desktopordner
2014-04-28 08:15 - 2014-04-28 08:15 - 00000104 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Computer.lnk

==================== One Month Modified Files and Folders =======

2014-05-26 14:04 - 2014-05-26 14:04 - 00012075 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\FRST.txt
2014-05-26 14:04 - 2014-05-23 00:37 - 00000000 ____D () C:\FRST
2014-05-26 14:03 - 2014-05-26 14:03 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\FRST-OlderVersion
2014-05-26 14:03 - 2014-05-23 00:33 - 01056256 _____ (Farbar) C:\Users\*Nutzer2-nonadmin*\Desktop\FRST.exe
2014-05-26 14:00 - 2014-05-26 13:44 - 00000000 ____D () C:\ComboFix
2014-05-26 14:00 - 2014-05-23 17:41 - 00000000 ____D () C:\Qoobox
2014-05-26 13:59 - 2014-05-26 13:59 - 00074398 _____ () C:\ComboFix.txt
2014-05-26 13:57 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-05-26 13:50 - 2008-01-21 03:35 - 01642522 _____ () C:\Windows\WindowsUpdate.log
2014-05-26 13:44 - 2014-05-23 17:39 - 05200919 ____R (Swearware) C:\Users\*Nutzer2-nonadmin*\Desktop\ComboFix.exe
2014-05-26 13:37 - 2010-09-14 16:31 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-05-26 13:37 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-26 13:37 - 2006-11-02 14:47 - 00004160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-26 13:37 - 2006-11-02 14:47 - 00004160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-26 13:36 - 2012-05-04 22:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-26 13:36 - 2006-11-02 15:01 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-26 13:29 - 2010-11-08 17:13 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000UA.job
2014-05-26 13:29 - 2010-11-08 17:13 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000Core.job
2014-05-26 03:01 - 2014-05-26 03:00 - 00000818 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\JRT.txt
2014-05-26 02:51 - 2014-05-26 00:54 - 00000554 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\todo-viren.txt
2014-05-26 02:36 - 2014-05-26 02:36 - 00000000 ____D () C:\Windows\ERUNT
2014-05-26 02:33 - 2008-01-21 04:47 - 00124028 _____ () C:\Windows\PFRO.log
2014-05-26 02:31 - 2014-05-26 02:29 - 00000000 ____D () C:\AdwCleaner
2014-05-26 02:28 - 2014-05-26 02:28 - 00000546 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\bandscheiben.txt
2014-05-26 02:28 - 2014-04-13 18:19 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\vlc
2014-05-26 00:53 - 2014-05-26 00:53 - 01326389 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\adwcleaner_3.210.exe
2014-05-26 00:53 - 2014-05-26 00:53 - 01016261 _____ (Thisisu) C:\Users\*Nutzer2-nonadmin*\Desktop\JRT.exe
2014-05-26 00:50 - 2014-04-28 08:49 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\Desktopordner
2014-05-26 00:44 - 2014-05-26 00:43 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora
2014-05-26 00:43 - 2014-05-26 00:43 - 00002469 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\mbam.txt
2014-05-26 00:43 - 2014-05-26 00:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 00:28 - 2014-05-26 00:28 - 00000859 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-26 00:28 - 2014-05-26 00:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 00:28 - 2014-05-26 00:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-24 15:46 - 2014-05-23 13:20 - 00039524 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Desktop.rar
2014-05-24 15:27 - 2008-01-21 09:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-23 20:31 - 2014-05-23 14:54 - 00000000 ____D () C:\Program Files\NSS
2014-05-23 20:31 - 2010-09-15 00:32 - 00000000 ____D () C:\Program Files\QuickTime
2014-05-23 18:02 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-05-23 18:02 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-05-23 18:01 - 2014-05-23 17:41 - 00000000 ____D () C:\Windows\erdnt
2014-05-23 15:17 - 2014-05-23 15:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Nokia Suite
2014-05-23 15:17 - 2014-05-23 15:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Nokia
2014-05-23 15:15 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\PC Suite
2014-05-23 15:07 - 2014-05-23 15:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2014-05-23 15:07 - 2011-04-20 01:02 - 00000000 ____D () C:\ProgramData\PC Suite
2014-05-23 15:07 - 2006-11-02 14:52 - 00127970 _____ () C:\Windows\setupact.log
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ccdcmb_01009.Wdf
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\User\AppData\Local\Nokia
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\NokiaAccount
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Nokia
2014-05-23 15:04 - 2014-05-23 15:02 - 00000000 ____D () C:\ProgramData\Nokia
2014-05-23 15:03 - 2014-05-23 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2014-05-23 15:02 - 2014-05-23 15:02 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2014-05-23 15:02 - 2014-05-23 14:57 - 00000000 ____D () C:\Program Files\Nokia
2014-05-23 15:01 - 2014-05-23 15:01 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2014-05-23 15:01 - 2011-04-19 20:07 - 00000000 ____D () C:\Program Files\DIFX
2014-05-23 15:01 - 2010-09-13 10:07 - 00059642 _____ () C:\Windows\DPINST.LOG
2014-05-23 14:57 - 2014-05-23 14:57 - 00000000 ____D () C:\ProgramData\NokiaInstallerCache
2014-05-23 13:42 - 2014-04-13 14:53 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Adobe
2014-05-23 13:42 - 2010-09-11 13:00 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-05-23 13:37 - 2010-09-14 11:15 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-23 13:31 - 2010-09-14 11:11 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-05-23 13:29 - 2014-04-13 23:42 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Adobe
2014-05-23 13:16 - 2014-05-23 13:16 - 00000520 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Aufnahmen - DRadio.lnk
2014-05-23 13:16 - 2014-05-23 13:16 - 00000506 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\MediathekView.lnk
2014-05-23 13:14 - 2014-05-23 13:14 - 00000044 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\filme.txt
2014-05-23 03:49 - 2014-05-23 03:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.6
2014-05-23 03:49 - 2014-05-23 03:48 - 00000000 ____D () C:\Program Files\Python26
2014-05-23 03:30 - 2014-05-23 03:07 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\MediathekView
2014-05-23 03:24 - 2014-05-23 03:05 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.mediathek3
2014-05-23 03:07 - 2014-04-13 14:45 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*
2014-05-23 03:00 - 2014-05-23 03:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-23 03:00 - 2014-05-23 03:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-23 02:59 - 2014-05-23 02:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-23 02:58 - 2014-05-23 02:59 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-23 02:58 - 2014-05-23 02:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-23 02:58 - 2014-05-23 02:59 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-23 02:58 - 2014-05-23 02:59 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-23 02:58 - 2010-11-16 09:30 - 00000000 ____D () C:\Program Files\java
2014-05-23 02:13 - 2014-05-23 02:12 - 00000000 ____D () C:\Program Files\mediathekview
2014-05-23 01:07 - 2014-05-23 01:07 - 16281600 _____ () C:\Users\*Nutzer2-nonadmin*\Downloads\python-2.7.6.msi
2014-05-23 00:57 - 2014-05-23 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Meld
2014-05-23 00:57 - 2014-05-23 00:57 - 00000000 ____D () C:\Program Files\Meld
2014-05-23 00:54 - 2014-05-23 00:53 - 40184344 _____ (Keegan Witt) C:\Users\*Nutzer2-nonadmin*\Downloads\meld-1.8.4.1.exe
2014-05-22 12:53 - 2014-05-22 12:53 - 00004437 _____ () C:\Users\*Nutzer2-nonadmin*\AppData\Local\recently-used.xbel
2014-05-22 12:53 - 2014-05-22 11:26 - 00286140 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\viren.xcf
2014-05-22 12:53 - 2014-05-12 12:23 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.gimp-2.8
2014-05-22 11:26 - 2014-05-12 12:25 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gtk-2.0
2014-05-22 11:18 - 2014-05-19 14:40 - 00000093 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise2.txt
2014-05-19 22:04 - 2014-05-05 23:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-19 21:50 - 2014-05-19 21:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Ditto
2014-05-17 01:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-17 00:25 - 2013-09-29 16:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 00:22 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-17 00:21 - 2014-05-17 00:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-17 00:21 - 2010-09-14 16:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-17 00:12 - 2014-05-17 00:09 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder
2014-05-17 00:09 - 2014-05-17 00:09 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\phonostar GmbH
2014-05-15 14:45 - 2014-05-15 14:44 - 00000289 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise.txt
2014-05-15 02:13 - 2014-05-15 02:12 - 107708366 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Druna-CI-Workshop-Beispiel.mp4
2014-05-14 02:36 - 2014-05-14 02:36 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-05-14 02:36 - 2012-05-04 22:15 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 02:36 - 2011-05-17 18:00 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 00:10 - 2014-05-13 15:46 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Ditto
2014-05-13 16:03 - 2014-05-13 16:03 - 00000788 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.exe.lnk
2014-05-13 16:02 - 2014-05-13 15:49 - 00002190 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.ahk
2014-05-13 15:52 - 2014-05-13 15:51 - 00000000 ____D () C:\Program Files\Autohotkey
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\Program Files\Ditto
2014-05-12 12:39 - 2014-05-12 12:39 - 00152139 _____ () C:\Users\User\Documents\usbnormal
2014-05-12 12:25 - 2014-05-12 12:25 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.thumbnails
2014-05-12 12:23 - 2014-05-12 12:23 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gegl-0.2
2014-05-12 12:19 - 2014-05-12 12:19 - 00000842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-12 12:18 - 2014-05-12 12:15 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-12 11:27 - 2014-05-12 11:27 - 00000812 _____ () C:\Users\User\Desktop\mp3DirectCut.lnk
2014-05-12 11:27 - 2014-05-12 11:26 - 00000000 ____D () C:\Program Files\mp3directcut
2014-05-12 07:26 - 2014-05-26 00:28 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-26 00:28 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-26 00:28 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-12 01:52 - 2014-05-12 01:52 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Apps\2.0
2014-05-12 01:28 - 2014-05-12 01:23 - 25235372 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\futurama-brutale-Polizeigewalt.ogg
2014-05-10 10:17 - 2014-05-10 10:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Notepad++
2014-05-10 10:11 - 2014-05-10 10:08 - 00000000 ____D () C:\Program Files\Notepadpp
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Ahead
2014-05-08 14:27 - 2012-05-23 19:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-06 01:32 - 2014-05-17 00:18 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 01:14 - 2014-05-17 00:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 01:14 - 2014-05-17 00:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 00:28 - 2014-05-06 00:28 - 00000853 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Aurora.lnk
2014-04-28 08:15 - 2014-04-28 08:15 - 00000104 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Computer.lnk

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-26 13:52

==================== End Of Log ============================
         
--- --- ---



So, jetzt konnte ich es editieren. Sollte alles drin sein

Geändert von ichmoechtauc (26.05.2014 um 01:50 Uhr)

Alt 28.05.2014, 09:33   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll - Standard

Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.05.2014, 09:22   #9
ichmoechtauc
 
Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll - Standard

Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll



Scheint alles weg zu sein, vielen Dank für deine Hilfe!


ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c1bbad0314bf2d41ab73b0861efab1d1
# engine=18441
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-28 10:53:23
# local_time=2014-05-28 12:53:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 3638967 238807131 0 0
# scanned=172599
# found=0
# cleaned=0
# scan_time=3981
         
SecurityCheck
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.83  
 Windows Vista Service Pack 2 x86   
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Adobe Flash Player 	13.0.0.214  
 Mozilla Firefox (29.0.1) 
 Google Chrome 31.0.1650.63  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by User (administrator) on pcname on 29-05-2014 01:45:52
Running from C:\Users\User\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Ditto\Ditto.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1050072 2010-08-27] (Toshiba Europe GmbH)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [1433200 2012-11-08] ()
HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-11-08] (Google Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE003EBEC9B7ECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {9DF002E3-B996-4600-858A-B63E2D74FB66} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o3cx0grh.default-1397302169899
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o3cx0grh.default-1397302169899\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll No File
CHR Plugin: (ScorchPlugin) - C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (SiteAdvisor) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-09-12]
CHR Extension: (AT_AgathaRuizdelaPrada) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccdaldnlpmblnjpbboadeocpnclfcbm [2010-11-08]

========================== Services (Whitelisted) =================

S4 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [124368 2010-08-27] (Toshiba Europe GmbH)
S2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [X]
S2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [X]
S2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-10] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S3 ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-29 01:45 - 2014-05-29 01:45 - 00012459 _____ () C:\Users\User\Desktop\FRST.txt
2014-05-29 01:45 - 2014-05-26 14:03 - 01056256 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2014-05-29 01:44 - 2014-05-29 01:44 - 00000913 _____ () C:\Users\Public\Documents\checkup.txt
2014-05-29 01:39 - 2014-05-28 11:34 - 00854367 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-05-29 01:29 - 2014-05-29 01:30 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\Weitere Programme
2014-05-29 01:16 - 2014-05-29 01:16 - 00013257 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\Probandenüberblick.ods
2014-05-28 22:43 - 2014-05-29 01:27 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\Nokia
2014-05-28 13:09 - 2014-05-28 13:09 - 00000524 _____ () C:\Users\User\Desktop\Öffentliche Dokumente - Verknüpfung.lnk
2014-05-28 12:22 - 2014-05-28 12:23 - 00000000 ____D () C:\Users\User\Downloads\toshiba
2014-05-28 12:03 - 2014-05-28 13:09 - 00000655 _____ () C:\Users\Public\Documents\todo-viren2.txt
2014-05-28 11:55 - 2014-05-28 11:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Notepad++
2014-05-28 11:44 - 2014-05-28 11:44 - 00000000 ____D () C:\Program Files\ESET
2014-05-28 11:34 - 2014-05-28 11:34 - 00854367 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\SecurityCheck.exe
2014-05-28 00:17 - 2014-05-29 01:18 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora
2014-05-26 13:59 - 2014-05-26 13:59 - 00074398 _____ () C:\Users\Public\Documents\ComboFix.txt
2014-05-26 02:36 - 2014-05-26 02:36 - 00000000 ____D () C:\Windows\ERUNT
2014-05-26 02:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-26 02:29 - 2014-05-26 02:31 - 00000000 ____D () C:\AdwCleaner
2014-05-26 02:28 - 2014-05-26 02:28 - 00000546 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\bandscheiben.txt
2014-05-26 00:54 - 2014-05-26 02:51 - 00000554 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\todo-viren.txt
2014-05-26 00:53 - 2014-05-26 00:53 - 01326389 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\adwcleaner_3.210.exe
2014-05-26 00:53 - 2014-05-26 00:53 - 01016261 _____ (Thisisu) C:\Users\*Nutzer2-nonadmin*\Desktop\JRT.exe
2014-05-26 00:28 - 2014-05-26 00:43 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 00:28 - 2014-05-26 00:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 00:28 - 2014-05-26 00:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-26 00:28 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-26 00:28 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-26 00:28 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-23 17:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-23 17:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-23 17:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-23 17:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-23 17:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-23 17:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-23 17:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-23 17:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-23 17:41 - 2014-05-26 14:00 - 00000000 ____D () C:\Qoobox
2014-05-23 17:41 - 2014-05-23 18:01 - 00000000 ____D () C:\Windows\erdnt
2014-05-23 17:39 - 2014-05-26 13:44 - 05200919 ____R (Swearware) C:\Users\*Nutzer2-nonadmin*\Desktop\ComboFix.exe
2014-05-23 15:17 - 2014-05-23 15:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Nokia Suite
2014-05-23 15:17 - 2014-05-23 15:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Nokia
2014-05-23 15:07 - 2014-05-23 15:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2014-05-23 15:04 - 2014-05-23 15:15 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\PC Suite
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ccdcmb_01009.Wdf
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\User\AppData\Local\Nokia
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\NokiaAccount
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Nokia
2014-05-23 15:03 - 2014-05-23 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2014-05-23 15:02 - 2014-05-23 15:04 - 00000000 ____D () C:\ProgramData\Nokia
2014-05-23 15:02 - 2014-05-23 15:02 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2014-05-23 15:01 - 2014-05-23 15:01 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2014-05-23 15:01 - 2012-10-17 14:53 - 00019072 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfd.sys
2014-05-23 14:57 - 2014-05-23 15:02 - 00000000 ____D () C:\Program Files\Nokia
2014-05-23 14:57 - 2014-05-23 14:57 - 00000000 ____D () C:\ProgramData\NokiaInstallerCache
2014-05-23 14:54 - 2014-05-23 20:31 - 00000000 ____D () C:\Program Files\NSS
2014-05-23 14:54 - 2006-08-29 16:56 - 00032377 _____ (B-phreaks) C:\Windows\system32\Drivers\prodigy.sys
2014-05-23 13:16 - 2014-05-23 13:16 - 00000520 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Aufnahmen - DRadio.lnk
2014-05-23 13:16 - 2014-05-23 13:16 - 00000506 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\MediathekView.lnk
2014-05-23 13:14 - 2014-05-23 13:14 - 00000044 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\filme.txt
2014-05-23 03:49 - 2014-05-23 03:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.6
2014-05-23 03:48 - 2014-05-23 03:49 - 00000000 ____D () C:\Program Files\Python26
2014-05-23 03:07 - 2014-05-23 03:30 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\MediathekView
2014-05-23 03:05 - 2014-05-23 03:24 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.mediathek3
2014-05-23 03:00 - 2014-05-23 03:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-23 03:00 - 2014-05-23 03:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-23 02:59 - 2014-05-23 02:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-23 02:59 - 2014-05-23 02:58 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-23 02:59 - 2014-05-23 02:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-23 02:59 - 2014-05-23 02:58 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-23 02:59 - 2014-05-23 02:58 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-23 02:12 - 2014-05-23 02:13 - 00000000 ____D () C:\Program Files\mediathekview
2014-05-23 01:07 - 2014-05-23 01:07 - 16281600 _____ () C:\Users\*Nutzer2-nonadmin*\Downloads\python-2.7.6.msi
2014-05-23 00:57 - 2014-05-23 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Meld
2014-05-23 00:57 - 2014-05-23 00:57 - 00000000 ____D () C:\Program Files\Meld
2014-05-23 00:53 - 2014-05-23 00:54 - 40184344 _____ (Keegan Witt) C:\Users\*Nutzer2-nonadmin*\Downloads\meld-1.8.4.1.exe
2014-05-23 00:37 - 2014-05-29 01:45 - 00000000 ____D () C:\FRST
2014-05-23 00:33 - 2014-05-26 14:03 - 01056256 _____ (Farbar) C:\Users\*Nutzer2-nonadmin*\Desktop\FRST.exe
2014-05-22 12:53 - 2014-05-22 12:53 - 00004437 _____ () C:\Users\*Nutzer2-nonadmin*\AppData\Local\recently-used.xbel
2014-05-19 22:04 - 2014-05-19 22:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-19 21:50 - 2014-05-29 01:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\Ditto
2014-05-19 14:40 - 2014-05-22 11:18 - 00000093 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise2.txt
2014-05-17 00:21 - 2014-05-17 00:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-17 00:18 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 00:18 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 00:18 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 00:09 - 2014-05-17 00:12 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder
2014-05-17 00:09 - 2014-05-17 00:09 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\phonostar GmbH
2014-05-15 14:44 - 2014-05-15 14:45 - 00000289 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise.txt
2014-05-15 14:06 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 02:12 - 2014-05-15 02:13 - 107708366 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Druna-CI-Workshop-Beispiel.mp4
2014-05-14 02:36 - 2014-05-14 02:36 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-05-13 16:03 - 2014-05-13 16:03 - 00000788 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.exe.lnk
2014-05-13 15:51 - 2014-05-13 15:52 - 00000000 ____D () C:\Program Files\Autohotkey
2014-05-13 15:49 - 2014-05-13 16:02 - 00002190 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.ahk
2014-05-13 15:46 - 2014-05-14 00:10 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Ditto
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\Program Files\Ditto
2014-05-12 12:39 - 2014-05-12 12:39 - 00152139 _____ () C:\Users\User\Documents\usbnormal
2014-05-12 12:25 - 2014-05-22 11:26 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gtk-2.0
2014-05-12 12:25 - 2014-05-12 12:25 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.thumbnails
2014-05-12 12:23 - 2014-05-22 12:53 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.gimp-2.8
2014-05-12 12:23 - 2014-05-12 12:23 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gegl-0.2
2014-05-12 12:19 - 2014-05-12 12:19 - 00000842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-12 12:15 - 2014-05-12 12:18 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-12 11:27 - 2014-05-12 11:27 - 00000812 _____ () C:\Users\User\Desktop\mp3DirectCut.lnk
2014-05-12 11:26 - 2014-05-12 11:27 - 00000000 ____D () C:\Program Files\mp3directcut
2014-05-12 01:52 - 2014-05-12 01:52 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Apps\2.0
2014-05-12 01:23 - 2014-05-12 01:28 - 25235372 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\futurama-brutale-Polizeigewalt.ogg
2014-05-10 10:17 - 2014-05-10 10:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Notepad++
2014-05-10 10:08 - 2014-05-10 10:11 - 00000000 ____D () C:\Program Files\Notepadpp
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Ahead
2014-05-06 00:28 - 2014-05-06 00:28 - 00000853 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Aurora.lnk

==================== One Month Modified Files and Folders =======

2014-05-29 01:46 - 2014-05-29 01:45 - 00012459 _____ () C:\Users\User\Desktop\FRST.txt
2014-05-29 01:45 - 2014-05-23 00:37 - 00000000 ____D () C:\FRST
2014-05-29 01:44 - 2014-05-29 01:44 - 00000913 _____ () C:\Users\Public\Documents\checkup.txt
2014-05-29 01:36 - 2012-05-04 22:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 01:30 - 2014-05-29 01:29 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\Weitere Programme
2014-05-29 01:30 - 2014-05-19 21:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Ditto
2014-05-29 01:27 - 2014-05-28 22:43 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\Nokia
2014-05-29 01:18 - 2014-05-28 00:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora
2014-05-29 01:16 - 2014-05-29 01:16 - 00013257 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\Probandenüberblick.ods
2014-05-29 00:57 - 2010-11-08 17:13 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000UA.job
2014-05-29 00:25 - 2006-11-02 14:47 - 00004160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-29 00:25 - 2006-11-02 14:47 - 00004160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 22:47 - 2008-01-21 03:35 - 01734667 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 22:25 - 2012-05-23 19:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-28 22:25 - 2010-09-14 16:31 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-05-28 22:25 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 15:11 - 2006-11-02 15:01 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-28 13:09 - 2014-05-28 13:09 - 00000524 _____ () C:\Users\User\Desktop\Öffentliche Dokumente - Verknüpfung.lnk
2014-05-28 13:09 - 2014-05-28 12:03 - 00000655 _____ () C:\Users\Public\Documents\todo-viren2.txt
2014-05-28 12:58 - 2010-11-08 17:13 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000Core.job
2014-05-28 12:45 - 2010-10-17 23:19 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 12:23 - 2014-05-28 12:22 - 00000000 ____D () C:\Users\User\Downloads\toshiba
2014-05-28 12:06 - 2014-04-18 13:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-05-28 11:55 - 2014-05-28 11:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Notepad++
2014-05-28 11:44 - 2014-05-28 11:44 - 00000000 ____D () C:\Program Files\ESET
2014-05-28 11:34 - 2014-05-29 01:39 - 00854367 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-05-28 11:34 - 2014-05-28 11:34 - 00854367 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\SecurityCheck.exe
2014-05-27 12:50 - 2008-01-21 04:47 - 00124828 _____ () C:\Windows\PFRO.log
2014-05-26 14:03 - 2014-05-29 01:45 - 01056256 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2014-05-26 14:03 - 2014-05-23 00:33 - 01056256 _____ (Farbar) C:\Users\*Nutzer2-nonadmin*\Desktop\FRST.exe
2014-05-26 14:00 - 2014-05-23 17:41 - 00000000 ____D () C:\Qoobox
2014-05-26 13:59 - 2014-05-26 13:59 - 00074398 _____ () C:\Users\Public\Documents\ComboFix.txt
2014-05-26 13:57 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-05-26 13:44 - 2014-05-23 17:39 - 05200919 ____R (Swearware) C:\Users\*Nutzer2-nonadmin*\Desktop\ComboFix.exe
2014-05-26 02:51 - 2014-05-26 00:54 - 00000554 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\todo-viren.txt
2014-05-26 02:36 - 2014-05-26 02:36 - 00000000 ____D () C:\Windows\ERUNT
2014-05-26 02:31 - 2014-05-26 02:29 - 00000000 ____D () C:\AdwCleaner
2014-05-26 02:28 - 2014-05-26 02:28 - 00000546 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\bandscheiben.txt
2014-05-26 02:28 - 2014-04-13 18:19 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\vlc
2014-05-26 00:53 - 2014-05-26 00:53 - 01326389 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\adwcleaner_3.210.exe
2014-05-26 00:53 - 2014-05-26 00:53 - 01016261 _____ (Thisisu) C:\Users\*Nutzer2-nonadmin*\Desktop\JRT.exe
2014-05-26 00:50 - 2014-04-28 08:49 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\Desktopordner
2014-05-26 00:43 - 2014-05-26 00:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 00:28 - 2014-05-26 00:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 00:28 - 2014-05-26 00:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-24 15:27 - 2008-01-21 09:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-23 20:31 - 2014-05-23 14:54 - 00000000 ____D () C:\Program Files\NSS
2014-05-23 20:31 - 2010-09-15 00:32 - 00000000 ____D () C:\Program Files\QuickTime
2014-05-23 18:02 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-05-23 18:02 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-05-23 18:01 - 2014-05-23 17:41 - 00000000 ____D () C:\Windows\erdnt
2014-05-23 15:17 - 2014-05-23 15:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Nokia Suite
2014-05-23 15:17 - 2014-05-23 15:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Nokia
2014-05-23 15:15 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\PC Suite
2014-05-23 15:07 - 2014-05-23 15:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2014-05-23 15:07 - 2011-04-20 01:02 - 00000000 ____D () C:\ProgramData\PC Suite
2014-05-23 15:07 - 2006-11-02 14:52 - 00127970 _____ () C:\Windows\setupact.log
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ccdcmb_01009.Wdf
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\User\AppData\Local\Nokia
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\NokiaAccount
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Nokia
2014-05-23 15:04 - 2014-05-23 15:02 - 00000000 ____D () C:\ProgramData\Nokia
2014-05-23 15:03 - 2014-05-23 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2014-05-23 15:02 - 2014-05-23 15:02 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2014-05-23 15:02 - 2014-05-23 14:57 - 00000000 ____D () C:\Program Files\Nokia
2014-05-23 15:01 - 2014-05-23 15:01 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2014-05-23 15:01 - 2011-04-19 20:07 - 00000000 ____D () C:\Program Files\DIFX
2014-05-23 15:01 - 2010-09-13 10:07 - 00059642 _____ () C:\Windows\DPINST.LOG
2014-05-23 14:57 - 2014-05-23 14:57 - 00000000 ____D () C:\ProgramData\NokiaInstallerCache
2014-05-23 13:42 - 2014-04-13 14:53 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Adobe
2014-05-23 13:42 - 2010-09-11 13:00 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-05-23 13:37 - 2010-09-14 11:15 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-23 13:31 - 2010-09-14 11:11 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-05-23 13:29 - 2014-04-13 23:42 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Adobe
2014-05-23 13:16 - 2014-05-23 13:16 - 00000520 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Aufnahmen - DRadio.lnk
2014-05-23 13:16 - 2014-05-23 13:16 - 00000506 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\MediathekView.lnk
2014-05-23 13:14 - 2014-05-23 13:14 - 00000044 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\filme.txt
2014-05-23 03:49 - 2014-05-23 03:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.6
2014-05-23 03:49 - 2014-05-23 03:48 - 00000000 ____D () C:\Program Files\Python26
2014-05-23 03:30 - 2014-05-23 03:07 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\MediathekView
2014-05-23 03:24 - 2014-05-23 03:05 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.mediathek3
2014-05-23 03:07 - 2014-04-13 14:45 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*
2014-05-23 03:00 - 2014-05-23 03:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-23 03:00 - 2014-05-23 03:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-23 02:59 - 2014-05-23 02:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-23 02:58 - 2014-05-23 02:59 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-23 02:58 - 2014-05-23 02:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-23 02:58 - 2014-05-23 02:59 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-23 02:58 - 2014-05-23 02:59 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-23 02:58 - 2010-11-16 09:30 - 00000000 ____D () C:\Program Files\java
2014-05-23 02:13 - 2014-05-23 02:12 - 00000000 ____D () C:\Program Files\mediathekview
2014-05-23 01:07 - 2014-05-23 01:07 - 16281600 _____ () C:\Users\*Nutzer2-nonadmin*\Downloads\python-2.7.6.msi
2014-05-23 00:57 - 2014-05-23 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Meld
2014-05-23 00:57 - 2014-05-23 00:57 - 00000000 ____D () C:\Program Files\Meld
2014-05-23 00:54 - 2014-05-23 00:53 - 40184344 _____ (Keegan Witt) C:\Users\*Nutzer2-nonadmin*\Downloads\meld-1.8.4.1.exe
2014-05-22 12:53 - 2014-05-22 12:53 - 00004437 _____ () C:\Users\*Nutzer2-nonadmin*\AppData\Local\recently-used.xbel
2014-05-22 12:53 - 2014-05-12 12:23 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.gimp-2.8
2014-05-22 11:26 - 2014-05-12 12:25 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gtk-2.0
2014-05-22 11:18 - 2014-05-19 14:40 - 00000093 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise2.txt
2014-05-19 22:05 - 2014-05-19 22:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-17 01:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-17 00:25 - 2013-09-29 16:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 00:22 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-17 00:21 - 2014-05-17 00:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-17 00:21 - 2010-09-14 16:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-17 00:12 - 2014-05-17 00:09 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder
2014-05-17 00:09 - 2014-05-17 00:09 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\phonostar GmbH
2014-05-15 14:45 - 2014-05-15 14:44 - 00000289 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise.txt
2014-05-15 02:13 - 2014-05-15 02:12 - 107708366 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Druna-CI-Workshop-Beispiel.mp4
2014-05-14 02:36 - 2014-05-14 02:36 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-05-14 02:36 - 2012-05-04 22:15 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 02:36 - 2011-05-17 18:00 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 00:10 - 2014-05-13 15:46 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Ditto
2014-05-13 16:03 - 2014-05-13 16:03 - 00000788 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.exe.lnk
2014-05-13 16:02 - 2014-05-13 15:49 - 00002190 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.ahk
2014-05-13 15:52 - 2014-05-13 15:51 - 00000000 ____D () C:\Program Files\Autohotkey
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\Program Files\Ditto
2014-05-12 12:39 - 2014-05-12 12:39 - 00152139 _____ () C:\Users\User\Documents\usbnormal
2014-05-12 12:25 - 2014-05-12 12:25 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.thumbnails
2014-05-12 12:23 - 2014-05-12 12:23 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gegl-0.2
2014-05-12 12:19 - 2014-05-12 12:19 - 00000842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-12 12:18 - 2014-05-12 12:15 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-12 11:27 - 2014-05-12 11:27 - 00000812 _____ () C:\Users\User\Desktop\mp3DirectCut.lnk
2014-05-12 11:27 - 2014-05-12 11:26 - 00000000 ____D () C:\Program Files\mp3directcut
2014-05-12 07:26 - 2014-05-26 00:28 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-26 00:28 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-26 00:28 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-12 01:52 - 2014-05-12 01:52 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Apps\2.0
2014-05-12 01:28 - 2014-05-12 01:23 - 25235372 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\futurama-brutale-Polizeigewalt.ogg
2014-05-10 10:17 - 2014-05-10 10:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Notepad++
2014-05-10 10:11 - 2014-05-10 10:08 - 00000000 ____D () C:\Program Files\Notepadpp
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Ahead
2014-05-06 01:32 - 2014-05-17 00:18 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 01:14 - 2014-05-17 00:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 01:14 - 2014-05-17 00:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 00:28 - 2014-05-06 00:28 - 00000853 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Aurora.lnk

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-28 22:50

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Geändert von ichmoechtauc (29.05.2014 um 09:44 Uhr)

Alt 30.05.2014, 09:37   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll - Standard

Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.06.2014, 01:09   #11
ichmoechtauc
 
Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll - Standard

Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll



Das letzte Log, sieht gut aus. Vielen Dank für alles. Kannst das Abo dann löschen, denk ich

Code:
ATTFilter
# DelFix v10.7 - Datei am 04/06/2014 um 01:58:50 erstellt
# Aktualisiert am 27/04/2014 von Xplode
# Benutzer : 2.non-admin-nutzer - pcname
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : \32788R22FWJFW
Gelöscht : \FRST
Gelöscht : \AdwCleaner
Gelöscht : HKLM\SOFTWARE\OldTimer Tools
Gelöscht : HKLM\SOFTWARE\AdwCleaner
Gelöscht : HKLM\SOFTWARE\Swearware

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #796 [Geplanter Prüfpunkt | 05/27/2014 22:35:28]
Gelöscht : RP #797 [Geplanter Prüfpunkt | 05/28/2014 13:02:18]
Gelöscht : RP #798 [Windows Update | 05/28/2014 20:38:57]
Gelöscht : RP #799 [Windows Update | 06/01/2014 00:39:34]
Gelöscht : RP #800 [ComboFix created restore point | 06/03/2014 23:33:24]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########
         

Alt 04.06.2014, 19:04   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll - Standard

Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll
adware.installbrain, install.exe, pup.optional.bundleinstaller.a, pup.optional.crossrider.a, pup.optional.pricegong.a, pup.optional.softonic.a, trojan.agent, ändern



Ähnliche Themen: Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll


  1. W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSI
    Log-Analyse und Auswertung - 21.05.2015 (33)
  2. AVSCAN TR/Dldr.Brantall.A.16 und BHO.BProtector.1.2 gefunden
    Log-Analyse und Auswertung - 18.11.2014 (19)
  3. Windows 7: Microsoft Security Essentials durch Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 09.09.2014 (13)
  4. Windows 7 Security Essentials durch Gruppenrichtlinie blockiert.
    Log-Analyse und Auswertung - 14.05.2014 (9)
  5. Virenfund Trojan Downloader: Win32/Brantall.B
    Plagegeister aller Art und deren Bekämpfung - 08.05.2014 (16)
  6. Vista - Security Essentials findet Zbot und Sirefef
    Log-Analyse und Auswertung - 22.10.2012 (17)
  7. SQLLite verhindert Windows Essentials 2012
    Alles rund um Windows - 12.08.2012 (0)
  8. Polizei Trojaner Österreich (Bafi.G & Banker.AGE)
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (10)
  9. Bafi.H / acroFF.dll - trotz Löschens immer wieder neuer Befall
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (1)
  10. Wind/32 bafi.F
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (3)
  11. Sirefef Windows Security Essentials bereinigt nicht
    Plagegeister aller Art und deren Bekämpfung - 08.07.2012 (7)
  12. Trojaner - Onlinebanking gesperrt TR/bafi.A.X
    Plagegeister aller Art und deren Bekämpfung - 12.01.2012 (9)
  13. Trojaner "TR/bafi.A.2 Im Windows System32 Ordner
    Plagegeister aller Art und deren Bekämpfung - 30.12.2011 (1)
  14. Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM)
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (4)
  15. Wie entferne ich den Acro.dll-Virus
    Log-Analyse und Auswertung - 03.12.2011 (8)
  16. Antivir und Windows Security Essentials gleichzeitig?
    Antiviren-, Firewall- und andere Schutzprogramme - 13.09.2011 (19)
  17. Trojaner Win32/Bumat!rts, wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 11.02.2011 (8)

Zum Thema Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll - Hallo, ich habe mal spaßeshalber einen vollständigen Scan mit MS Essentials gemacht und es wurde was gefunden. Angeblich wurde der PC neu aufgesetzt, nachdem es mal Probleme gab. Ich habe - Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll...
Archiv
Du betrachtest: Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.