Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll

Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll


Log-Analyse und Auswertung: Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 22.05.2014, 12:26   #1
ichmoechtauc
 
Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll - Standard

Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll


Hallo,

ich habe mal spaßeshalber einen vollständigen Scan mit MS Essentials gemacht und es wurde was gefunden.
Angeblich wurde der PC neu aufgesetzt, nachdem es mal Probleme gab. Ich habe diesen Rechner gerade ausgeborgt bekommen und bin selbst viel zu paranoid, um irgendwelche heruntergeladenen Sachen anzupacken. Firefox (bzw. jetzt Aurora, Beta) ist mittels Noscript und Adblockplus gesichert. Ich habe mir einen Nicht-Admin-Nutzer angelegt. Es muss also vorher darauf gewesen sein oder nach Neuaufsetzen doch wieder was neues passiert sein, was aber mehr als 1 Jahr her ist. Ich habe außerdem ...Windows/prefetch verschoben, um zu sehen, was dort nach dem nächsten Start wieder auftaucht. Die alten Dateien sind dort von 2010...
Achja, und die Firewallausnahmen hab ich noch reduziert, aber da schien a) nicht alles aufgeführt und b) nichts böses zu sein (habe Ditto und Spotify und Remoteunterstützung entfernt)

Bumat!rts -> Quarantäne
file:C:\Users\User\AppData\Roaming\5053\components\AcroFF6.dll

Bafi.A -> "gelöscht"
file:C:\Users\User\AppData\Roaming\5053\components\AcroFF.dll
file:C:\Users\User\AppData\Roaming\5053\components\AcroFF0.dll
file:C:\Users\User\AppData\Roaming\5053\components\AcroFF7.dll
file:C:\Users\User\AppData\Roaming\5053\components\AcroFF8.dll
file:C:\Users\User\AppData\Roaming\5054\components\AcroFF054.dll
file:C:\Users\User\AppData\Roaming\5054\components\AcroFF0540.dll
file:C:\Users\User\AppData\Roaming\5054\components\AcroFF0545.dll
file:C:\Users\User\AppData\Roaming\5054\components\AcroFF0546.dll
file:C:\Users\User\AppData\Roaming\5054\components\AcroFF0547.dll
file:C:\Users\User\AppData\Roaming\5054\components\AcroFF0548.dll

Bafi.D -> "gelöscht"
file:C:\Users\User\AppData\Roaming\AcroIEHelpe.dll

Brantall.C -> "gelöscht"
file:C:\$Recycle.Bin\...\ssk_claro.exe

Da ja das Löschen von Trojanern heute nicht mehr so einfach ist, ich mir aber den Ärger einer Neuinstallation sparen möchte, wende ich mich an euch.

OTL mit den Settings aus einem anderen Thread (AcroFF*.dll), also Minimal Output, Extra Registry Use Safelist. Zusätzlich habe ich Datei-Alter auf 360 Tage gesetzt und Scanne alle Benutzer ausgewählt. Meine Frage wäre, ob ich noch ein anderes Antivirusprogramm nutzen muss, weil in eurer Log-Liste M$ Essentials nicht auftaucht. Malwarebytes' Anti Malware wäre dann meine Wahl

OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.05.2014 13:10:45 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*Nutzer2-nonadmin*\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 44,25% Memory free
6,20 Gb Paging File | 4,79 Gb Available in Paging File | 77,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 295,79 Gb Total Space | 180,43 Gb Free Space | 61,00% Space Free | Partition Type: NTFS
 
Computer Name: pcname | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*Nutzer2-nonadmin*\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Notepadpp\notepad++.exe (Don HO don.h@free.fr)
PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder\phonostarTimer.exe ()
PRC - C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
PRC - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ce6c051500f9e64025b58921cc632f51\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fbf434299b068c463296945c12845734\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\73726634ae4a00a21279a6a66b081301\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d17ceca243fabda73eefb21d9bd072df\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f87e71868aedbc6c4e8fe7160d17c4ab\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\07d57714fff9db216537473f4a777f22\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d981bccab40fbbdc1d35bf2a58c947b7\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dll ()
MOD - C:\Program Files\Notepadpp\plugins\NppFTP.dll ()
MOD - C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder\phonostarTimer.exe ()
MOD - C:\Program Files\Notepadpp\plugins\NppExport.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TemproMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (huawei_ext_ctrl) -- system32\DRIVERS\ew_juextctrl.sys File not found
DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found
DRV - (huawei_cdcecm) -- system32\DRIVERS\ew_jucdcecm.sys File not found
DRV - (huawei_cdcacm) -- system32\DRIVERS\ew_jucdcacm.sys File not found
DRV - (ew_usbenumfilter) -- system32\DRIVERS\ew_usbenumfilter.sys File not found
DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found
DRV - (ENTECH) -- C:\Windows\system32\DRIVERS\ENTECH.sys File not found
DRV - (MpKsl44b073e6) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FAB0CEBA-40FA-42DE-A594-958068AC8094}\MpKsl44b073e6.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (QIOMem) -- C:\Windows\System32\drivers\QIOMem.sys (TOSHIBA)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 03 EB EC 9B 7E CD 01  [binary data]
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\..\SearchScopes\{9DF002E3-B996-4600-858A-B63E2D74FB66}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1001\..\SearchScopes,DefaultScope = {8E07EE6C-A3D4-4FAA-990C-FF532FE46153}
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1001\..\SearchScopes\{8E07EE6C-A3D4-4FAA-990C-FF532FE46153}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A010DE739&p={SearchTerms}
IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014.05.05 23:57:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.05.05 23:57:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\User\AppData\Roaming\5054 [2011.12.09 12:35:15 | 000,000,000 | ---D | M]
 
[2010.09.14 18:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2014.04.18 13:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\o3cx0grh.default-1397302169899\extensions
[2014.05.05 23:57:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.05.05 23:58:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.05.19 22:04:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2014.05.19 22:05:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: McAfee (Enabled)
CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: AT_AgathaRuizdelaPrada = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccdaldnlpmblnjpbboadeocpnclfcbm\2_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe ()
O4 - HKU\S-1-5-21-3063606764-1177351860-3295820248-1001..\Run: [dradio-RecorderTimer] C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder\phonostarTimer.exe ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F44477E-CBE7-4BEA-AEB0-4BA2C7E7641A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46223214-E621-41AA-94EE-F9CE6C03F984}: DhcpNameServer = 83.169.186.97 83.169.186.33
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{361b7cc1-2b22-11e3-ba03-001e685fb673}\Shell - "" = AutoRun
O33 - MountPoints2\{361b7cc1-2b22-11e3-ba03-001e685fb673}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7dec3415-bc19-11df-863f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7dec3415-bc19-11df-863f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{95a712e7-3a24-11e2-abc2-001e685fb673}\Shell - "" = AutoRun
O33 - MountPoints2\{95a712e7-3a24-11e2-abc2-001e685fb673}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{d24006bf-29ea-11e3-bc5b-001e685fb673}\Shell - "" = AutoRun
O33 - MountPoints2\{d24006bf-29ea-11e3-bc5b-001e685fb673}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d24006ec-29ea-11e3-bc5b-001e685fb673}\Shell - "" = AutoRun
O33 - MountPoints2\{d24006ec-29ea-11e3-bc5b-001e685fb673}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 360 Days ==========
 
[2014.05.22 11:47:26 | 000,000,000 | ---D | C] -- C:\oldprefetch
[2014.05.19 21:50:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Ditto
[2014.05.17 00:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014.05.17 00:18:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.05.14 02:36:09 | 017,352,880 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2014.05.13 15:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Autohotkey
[2014.05.13 15:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto
[2014.05.13 15:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ditto
[2014.05.12 12:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2014.05.12 11:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\mp3directcut
[2014.05.10 10:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Notepadpp
[2014.05.05 23:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.04.18 13:42:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\vlc
[2014.04.16 11:14:03 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014.04.16 10:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014.04.16 10:08:22 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014.04.13 18:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014.04.13 18:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2014.04.13 16:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
[2014.04.13 16:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\LibreOffice 4
[2014.04.12 13:39:35 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014.04.12 13:35:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014.04.12 13:35:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.04.12 13:35:13 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.04.12 13:35:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.04.12 13:35:11 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.04.12 13:35:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014.04.12 13:35:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.04.12 13:29:40 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Alte Firefox-Daten
[2014.04.12 12:35:42 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014.04.12 12:35:38 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014.04.12 12:35:10 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2014.04.12 12:29:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014.03.31 22:46:48 | 001,070,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2014.03.31 22:46:48 | 000,130,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL
[2014.03.11 09:52:30 | 000,104,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys
[2014.01.16 02:40:14 | 000,487,016 | ---- | C] (McAfee, Inc.) -- C:\SecurityScanner.dll
[2013.12.11 22:24:09 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2013.12.11 22:24:09 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013.12.11 22:24:09 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013.12.11 22:24:05 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013.12.11 22:24:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2013.11.14 19:15:44 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013.10.24 23:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2013.10.18 14:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineUpdate
[2013.10.18 14:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\log
[2013.10.10 18:27:03 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.10.10 18:27:03 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.10.10 18:27:03 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.10.10 18:27:03 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.10.10 18:27:03 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.10.10 18:27:03 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.10.10 18:27:03 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.10.10 18:27:03 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.10.10 18:27:01 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.10.10 18:26:59 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013.10.10 18:26:46 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013.10.10 18:26:46 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013.10.10 18:26:41 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013.10.10 18:26:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.10.10 18:26:38 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013.09.30 18:17:21 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2013.09.30 18:17:21 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfCoInstaller01007.dll
[2013.09.30 18:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2013.09.29 16:07:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013.09.29 15:37:33 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.09.29 15:37:33 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.09.29 15:37:31 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013.09.29 15:28:50 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013.09.29 15:28:21 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013.09.29 15:28:21 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013.09.11 21:21:54 | 000,863,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr110_clr0400.dll
[2013.09.11 21:21:54 | 000,501,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp110_clr0400.dll
[2013.09.11 21:21:54 | 000,028,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aspnet_counters.dll
[2013.09.11 21:21:54 | 000,018,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100_clr0400.dll
[2013.06.27 21:52:00 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\User\AppData\Roaming\*.tmp files -> C:\Users\User\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 360 Days ==========
 
[2014.05.22 12:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.05.22 12:31:18 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000UA.job
[2014.05.22 12:31:18 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000Core.job
[2014.05.22 12:14:56 | 000,004,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014.05.22 12:14:56 | 000,004,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014.05.22 10:34:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.05.22 01:40:46 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2014.05.14 02:36:21 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.05.14 02:36:21 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014.05.14 02:36:11 | 017,352,880 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2014.05.12 12:39:48 | 000,152,139 | ---- | M] () -- C:\Users\User\Documents\usbnormal
[2014.05.12 11:27:34 | 000,000,812 | ---- | M] () -- C:\Users\User\Desktop\mp3DirectCut.lnk
[2014.05.12 11:24:25 | 000,674,274 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2014.05.12 11:24:25 | 000,634,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.05.12 11:24:25 | 000,146,254 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2014.05.12 11:24:25 | 000,120,050 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.05.06 01:14:12 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.04.16 10:10:28 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014.04.13 23:46:54 | 000,001,429 | ---- | M] () -- C:\Users\User\Desktop\DivX Movies.lnk
[2014.04.13 22:45:47 | 000,342,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.04.13 17:27:06 | 000,000,033 | ---- | M] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2014.04.13 16:48:06 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.2.lnk
[2014.04.12 13:38:19 | 000,001,626 | ---- | M] () -- C:\Windows\wininit.ini
[2014.04.12 13:27:02 | 000,000,314 | ---- | M] () -- C:\Windows\SIERRA.INI
[2014.04.12 12:42:49 | 000,002,065 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2014.04.12 12:18:06 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini
[2014.03.31 22:46:48 | 001,070,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2014.03.31 22:46:48 | 000,130,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL
[2014.03.11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys
[2014.03.08 01:12:00 | 001,806,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.03.08 01:02:19 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.03.08 01:00:41 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014.03.08 00:59:00 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.03.08 00:57:17 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.03.08 00:54:48 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.03.08 00:47:04 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014.02.07 12:38:44 | 002,050,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014.01.30 09:46:58 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2014.01.19 09:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014.01.16 02:40:14 | 000,487,016 | ---- | M] (McAfee, Inc.) -- C:\SecurityScanner.dll
[2013.12.21 21:49:18 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.12.21 21:49:18 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.12.10 21:59:40 | 000,043,008 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2013.12.10 14:12:00 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2013.12.10 14:11:29 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2013.11.27 19:15:57 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.11.13 02:30:19 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013.10.30 04:13:01 | 001,304,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMALFXGFXDSP.dll
[2013.10.30 04:12:54 | 000,335,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2013.10.30 03:43:04 | 000,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013.10.30 02:43:06 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013.10.24 23:47:11 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.10.11 04:08:55 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2013.10.11 04:07:57 | 000,596,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013.10.11 02:39:37 | 000,218,228 | ---- | M] () -- C:\Windows\System32\WFP.TMF
[2013.10.11 02:35:42 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013.09.30 18:24:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
[2013.09.30 18:24:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf
[2013.09.30 18:24:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2013.09.30 18:19:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013.09.11 21:21:54 | 000,863,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr110_clr0400.dll
[2013.09.11 21:21:54 | 000,501,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp110_clr0400.dll
[2013.09.11 21:21:54 | 000,028,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aspnet_counters.dll
[2013.09.11 21:21:54 | 000,018,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr100_clr0400.dll
[2013.08.27 04:47:50 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.08.27 04:47:50 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.08.27 04:47:50 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.08.27 04:47:50 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.08.27 03:52:08 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.08.27 03:50:40 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.08.27 03:32:20 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.08.27 03:28:36 | 001,069,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.08.02 06:09:35 | 001,548,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013.08.01 04:49:15 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.07.20 12:44:53 | 000,102,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013.07.08 06:55:51 | 003,603,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.07.08 06:55:51 | 003,551,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.07.03 04:10:50 | 000,025,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013.06.29 04:07:01 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013.06.29 04:06:53 | 000,006,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013.06.04 06:16:35 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.06.04 03:49:59 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\User\AppData\Roaming\*.tmp files -> C:\Users\User\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.05.12 12:39:36 | 000,152,139 | ---- | C] () -- C:\Users\User\Documents\usbnormal
[2014.05.12 12:19:20 | 000,000,842 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2014.05.12 11:27:34 | 000,000,812 | ---- | C] () -- C:\Users\User\Desktop\mp3DirectCut.lnk
[2014.04.18 13:33:58 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2014.04.16 10:10:56 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014.04.16 10:10:28 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014.04.16 10:10:04 | 000,001,786 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014.04.13 23:46:54 | 000,001,429 | ---- | C] () -- C:\Users\User\Desktop\DivX Movies.lnk
[2014.04.13 17:27:06 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2014.04.13 16:48:06 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.2.lnk
[2013.12.10 14:12:00 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2013.12.10 14:11:29 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2013.11.14 19:15:44 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2013.10.24 23:47:11 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.09.30 18:24:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
[2013.09.30 18:24:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf
[2013.09.30 18:24:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2013.09.30 18:19:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013.02.11 21:47:51 | 001,962,048 | ---- | C] () -- C:\Users\User\thomashinzer_tiere_frolleinmotte2.pdf
[2013.02.06 17:46:37 | 001,134,012 | ---- | C] () -- C:\Users\User\Scan_Einladung.pdf
[2013.01.30 18:26:05 | 000,240,821 | ---- | C] () -- C:\Users\User\652_1359563058.pdf
[2012.11.12 21:32:54 | 019,018,640 | ---- | C] () -- C:\Users\User\Mohammed_Bouazizi.avi
[2012.11.06 20:37:38 | 001,198,648 | ---- | C] () -- C:\Users\User\betterads_local.exe.quarantaene
[2011.12.08 19:28:40 | 000,000,054 | ---- | C] () -- C:\Users\User\AppData\Roaming\blckdom.res
[2011.01.11 20:59:49 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.09.14 16:42:55 | 000,015,360 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.09 16:00:52 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 15:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---


Extras:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.05.2014 13:10:45 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*Nutzer2-nonadmin*\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 44,25% Memory free
6,20 Gb Paging File | 4,79 Gb Available in Paging File | 77,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 295,79 Gb Total Space | 180,43 Gb Free Space | 61,00% Space Free | Partition Type: NTFS
 
Computer Name: pcname | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C5DE29F-79AF-4570-8BC2-FC6867506A92}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0D1F9EE8-7F4B-4366-94C5-2E033205A002}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{19633041-0D6D-4C18-A79C-86057B5D415C}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{19F0A652-CBBB-41D5-BEFA-78BD59C54F4F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{24E1A939-7BC9-4B16-A4C7-AF663BBB67B8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{33DDD471-9808-4F7F-8984-FE99AC8272A2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{3C9C8BF2-20F5-4B07-9B05-F46C9D7C9121}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{57A8E1D8-0AF4-4ADC-9AD3-712459492B9D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5B1D9701-4E6C-4CF6-9DE6-A72C6600FEC1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{63B9F6B1-7942-425B-9595-D34CA989CD33}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7DCE1CDD-7828-4CAD-8A20-0FC459AB91D9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{889917A7-7DFA-4E3E-9E79-7929461C1937}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B55E8332-6BE6-44A2-A530-0D9DB1B771BE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C7372943-83C8-4122-92D9-F765080900B3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EF06CBED-7619-400F-9B50-7844CD38A26A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F5322A0E-31A2-4328-B028-EA470BCE90AD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3416FE92-9112-4632-A9CC-210078E5B5B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{48B1C531-6E42-4791-93D0-9450A72E5C61}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{84CF93BE-9B4B-4669-B097-E1EB2B2B5249}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9AD1A2B5-AC78-45C1-B727-DE0830F931CD}" = protocol=6 | dir=in | app=d:\alicesetup.exe | 
"{A652F757-F69D-47D7-AE66-EC5D3DAFFC15}" = protocol=17 | dir=in | app=d:\alicesetup.exe | 
"{A65B63E8-4C0B-4DA6-B825-9BE35EE8D5D2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{DB0CCD4C-16F0-41A8-9CE5-2BA4841918E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{ED43CBDB-31A3-4EB0-ADAB-1D9F41A98C9F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{41627B4E-8D09-42E9-808C-E28423B60281}C:\program files\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files\yworks\yed\yed.exe | 
"TCP Query User{623E661E-ED3F-4EAC-B069-AE7ABBBD9DD4}C:\program files\ditto\ditto.exe" = protocol=6 | dir=in | app=c:\program files\ditto\ditto.exe | 
"TCP Query User{822A2EA3-E04F-4F94-A9F3-C6668B93F648}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{9EEB226F-E90D-4B2F-A3B9-9566F5A0C58A}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{DBC96856-12D5-4782-BE2F-DF24A9DA048F}C:\program files\libreoffice 4\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files\libreoffice 4\program\soffice.bin | 
"UDP Query User{0102041F-EED0-4159-8D62-B20B61870192}C:\program files\libreoffice 4\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files\libreoffice 4\program\soffice.bin | 
"UDP Query User{4E280A72-A64C-44ED-88F9-45F5526AA110}C:\program files\ditto\ditto.exe" = protocol=17 | dir=in | app=c:\program files\ditto\ditto.exe | 
"UDP Query User{9F8D2E98-C265-498B-B9E5-D445134C2F08}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{E51C47CF-74FD-4FD3-89ED-3C08BB3876EB}C:\program files\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files\yworks\yed\yed.exe | 
"UDP Query User{FE68CACB-589D-4BA5-A622-0DCD6E744735}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1A5A851C-B8B4-CD8E-920B-EE21B9E4FE31}" = Catalyst Control Center Graphics Full Existing
"{2BA8A909-F17C-4AE5-85C1-9107B7A60D26}" = Toshiba TEMPRO
"{2D7D6A0E-A6A7-1080-980C-67FB8E20D93D}" = ccc-utility
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{4117DF3C-6677-4A22-90B7-FF06923417E9}" = LibreOffice 4.2.3.3
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{502DBACB-D72F-276E-9B51-1CC980633BDC}" = CCC Help German
"{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6275D380-371D-6D6E-32AF-97009138EBE3}" = Skins
"{67905A54-F074-6F13-3C61-DA40552079BB}" = Catalyst Control Center Graphics Light
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E4F5172-7A60-E18C-D1F2-C8D783197A7C}" = Catalyst Control Center Localization German
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Premium
"{9E871D09-064D-3BC9-963B-3AB8ABE1273D}" = Microsoft .NET Framework 4.5.1 (DEU)
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.9) - Deutsch
"{C6DCC59B-48D8-5092-2F69-8C423BFAB27F}" = Catalyst Control Center Graphics Previews Vista
"{C970757C-FD82-ED94-66C4-AF7C0266699E}" = ATI Catalyst Install Manager
"{CB22A47C-EFEA-2400-DB68-8F9B1D24BF43}" = Catalyst Control Center Graphics Full New
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE8B9F6B-7D9E-3C56-7B27-1E484CD41D78}" = ccc-core-static
"{D00EAB9D-C698-D4F6-214F-6FFC496B7F71}" = Catalyst Control Center Core Implementation
"{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}" = Catalyst Control Center - Branding
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2130
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"Ditto_is1" = Ditto
"GIMP-2_is1" = GIMP 2.8.10
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 29.0 (x86 de)" = Mozilla Firefox 29.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProInst" = Intel(R) PROSet/Wireless Software
"S3" = Die Siedler III Gold Edition
"VLC media player" = VLC media player 2.1.3
"WinRAR archiver" = WinRAR
"yEd Graph Editor 3.6" = yEd Graph Editor 3.6
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Aurora 31.0a2 (x86 de)" = Aurora 31.0a2 (x86 de)
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.6
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.03.2012 01:04:18 | Computer Name = pcname | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.03.2012 06:43:15 | Computer Name = pcname | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.03.2012 09:06:48 | Computer Name = pcname | Source = EventSystem | ID = 4621
Description = 
 
Error - 30.03.2012 15:34:28 | Computer Name = pcname | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.03.2012 16:20:50 | Computer Name = pcname | Source = EventSystem | ID = 4621
Description = 
 
Error - 30.03.2012 20:14:28 | Computer Name = pcname | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.03.2012 20:24:35 | Computer Name = pcname | Source = EventSystem | ID = 4621
Description = 
 
Error - 31.03.2012 05:40:02 | Computer Name = pcname | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.03.2012 07:34:08 | Computer Name = pcname | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.03.2012 11:42:54 | Computer Name = pcname | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 16.08.2011 11:51:45 | Computer Name = pcname | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 19.05.2014 16:25:20 | Computer Name = pcname | Source = DCOM | ID = 10010
Description = 
 
Error - 21.05.2014 19:41:14 | Computer Name = pcname | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 21.05.2014 19:41:14 | Computer Name = pcname | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.1.100 deaktiviert,
 da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
 die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
 IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
 dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 21.05.2014 19:41:18 | Computer Name = pcname | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 21.05.2014 19:42:14 | Computer Name = pcname | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.05.2014 19:42:14 | Computer Name = pcname | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.05.2014 19:42:14 | Computer Name = pcname | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.05.2014 19:42:14 | Computer Name = pcname | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 22.05.2014 04:15:01 | Computer Name = pcname | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 22.05.2014 04:35:03 | Computer Name = pcname | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
 
< End of report >
--- --- ---
 

Themen zu Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll
adware.installbrain, install.exe, pup.optional.bundleinstaller.a, pup.optional.crossrider.a, pup.optional.pricegong.a, pup.optional.softonic.a, trojan.agent, ändern


« WIN7: Malwarebytes meldet POP.Optional | Windows 7: mitb Trojaner - Onlinebanking wurde von Bank gesperrt »


Ähnliche Themen: Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll


  1. W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSI
    Log-Analyse und Auswertung - 21.05.2015 (33)
  2. AVSCAN TR/Dldr.Brantall.A.16 und BHO.BProtector.1.2 gefunden
    Log-Analyse und Auswertung - 18.11.2014 (19)
  3. Windows 7: Microsoft Security Essentials durch Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 09.09.2014 (13)
  4. Windows 7 Security Essentials durch Gruppenrichtlinie blockiert.
    Log-Analyse und Auswertung - 14.05.2014 (9)
  5. Virenfund Trojan Downloader: Win32/Brantall.B
    Plagegeister aller Art und deren Bekämpfung - 08.05.2014 (16)
  6. Vista - Security Essentials findet Zbot und Sirefef
    Log-Analyse und Auswertung - 22.10.2012 (17)
  7. SQLLite verhindert Windows Essentials 2012
    Alles rund um Windows - 12.08.2012 (0)
  8. Polizei Trojaner Österreich (Bafi.G & Banker.AGE)
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (10)
  9. Bafi.H / acroFF.dll - trotz Löschens immer wieder neuer Befall
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (1)
  10. Wind/32 bafi.F
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (3)
  11. Sirefef Windows Security Essentials bereinigt nicht
    Plagegeister aller Art und deren Bekämpfung - 08.07.2012 (7)
  12. Trojaner - Onlinebanking gesperrt TR/bafi.A.X
    Plagegeister aller Art und deren Bekämpfung - 12.01.2012 (9)
  13. Trojaner "TR/bafi.A.2 Im Windows System32 Ordner
    Plagegeister aller Art und deren Bekämpfung - 30.12.2011 (1)
  14. Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM)
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (4)
  15. Wie entferne ich den Acro.dll-Virus
    Log-Analyse und Auswertung - 03.12.2011 (8)
  16. Antivir und Windows Security Essentials gleichzeitig?
    Antiviren-, Firewall- und andere Schutzprogramme - 13.09.2011 (19)
  17. Trojaner Win32/Bumat!rts, wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 11.02.2011 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll - Hallo, ich habe mal spaßeshalber einen vollständigen Scan mit MS Essentials gemacht und es wurde was gefunden. Angeblich wurde der PC neu aufgesetzt, nachdem es mal Probleme gab. Ich habe - Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll...
Archiv
Du betrachtest: Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58