|
Log-Analyse und Auswertung: Spammails werden aus Netzwerk verschicktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.01.2014, 13:58 | #1 | |||
| Spammails werden aus Netzwerk verschickt Guten Tag, haben hier Post/Mails von der Telekom bekommen, dass von unserem Anschluss aus Spammails versendet wurde. Leider kommen zu den angegebenen Zeitpkt. vier Rechner im Netzwerk in Frage. Ich vermute aktuell, dass das der infizierte Rechner der war, der als einziger nur innerhalb eines kurzen Zeitraums (in den auch die Zeipkt. fallen) im Netzwerk war. Dennoch möchte ich sicher gehen, dass es nicht an einem anderen Rechner liegt. Habe jetzt erstmal auf den drei Rechnern mit MalwareBytes Anti-Malware einen Suchlauf gemacht. An Rechner1 hatte ich einen Fund. Die Log-Datei: Zitat:
Log vorher: Zitat:
Zitat:
Dann noch eine Frage: Denkt ihr, dass dieser PUP.BundleInstaller.DW dafür verantwortlich seien könnte, dass Spammails verschickt werden? Würde nachher auch gerne noch die LogFiles vom zweiten Rechner posten. Da hat er ein paar Funde mehr, die aber alle ähnliche Dinge zu sein scheinen. Den dritten Rechner werde ich sowieso platt machen. Vielen Dank im Vorraus |
08.01.2014, 14:09 | #2 |
/// the machine /// TB-Ausbilder | Spammails werden aus Netzwerk verschickt Auf allen REchnern:
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
08.01.2014, 14:19 | #3 |
| Spammails werden aus Netzwerk verschickt Danke schonmal.
__________________Hier zunächst die Datei für den Rechner, von dem auch die LOGs im Eingangspost stammen. FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014 Ran by BENUTZERNAME (administrator) on BENUTZERNAME-LAPTOP on 08-01-2014 14:12:01 Running from C:\Users\BENUTZERNAME\Downloads Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe () C:\Program Files\ShrewSoft\VPN Client\dtpd.exe () C:\Program Files\ShrewSoft\VPN Client\iked.exe () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] () HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.) HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [566184 2010-09-28] (TOSHIBA Corporation) HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-26] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2008-12-19] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7C3D5EF44E46CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{BDCE32B9-F302-494C-B66D-E11658640F72}: [NameServer]193.175.112.3,195.37.168.3 FireFox: ======== FF ProfilePath: C:\Users\BENUTZERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\v7gj7mwd.default FF NetworkProxy: "autoconfig_url", "hxxp://www.fh-bochum.de/dvz/proxy.pac" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG) R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [56592 2010-10-08] () R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [957712 2010-10-08] () R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [697616 2010-10-08] () R2 postgresql-x64-9.2; C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-x64-9.2" -D "C:/Program Files/PostgreSQL/9.2/data" -w [x] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG) R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] (Conexant Systems Inc.) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 Tosrfcom; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-08 14:12 - 2014-01-08 14:12 - 00010379 _____ C:\Users\BENUTZERNAME\Downloads\FRST.txt 2014-01-08 14:11 - 2014-01-08 14:11 - 00000000 ____D C:\FRST 2014-01-08 14:10 - 2014-01-08 14:11 - 01932624 _____ (Farbar) C:\Users\BENUTZERNAME\Downloads\FRST64.exe 2014-01-08 13:20 - 2014-01-08 13:22 - 00001169 _____ C:\Users\BENUTZERNAME\Desktop\AdwCleaner[R0].txt 2014-01-08 13:17 - 2014-01-08 13:37 - 00000000 ____D C:\AdwCleaner 2014-01-08 13:06 - 2014-01-08 13:06 - 01233962 _____ C:\Users\BENUTZERNAME\Downloads\adwcleaner_3.016.exe 2014-01-07 20:49 - 2014-01-07 20:49 - 00000000 ____D C:\Users\BENUTZERNAME\AppData\Roaming\Malwarebytes 2014-01-07 20:49 - 2014-01-07 20:49 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-07 20:49 - 2014-01-07 20:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-07 20:49 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-12-31 17:38 - 2013-12-31 17:39 - 00000000 ____D C:\Users\BENUTZERNAME\Documents\Outlook-Dateien 2013-12-21 17:44 - 2013-12-21 17:44 - 00000154 _____ C:\Users\BENUTZERNAME\.appletviewer 2013-12-20 20:58 - 2013-12-20 20:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-15 21:38 - 2013-12-15 21:38 - 00000000 ____D C:\Users\BENUTZERNAME\Downloads\Visual Studio Professional 2012 (x86) - DVD (German) 2013-12-15 19:44 - 2013-12-15 19:44 - 00000000 ____D C:\Users\BENUTZERNAME\Downloads\Visual Studio 2012 Update 2 2013-12-15 19:42 - 2013-12-15 19:42 - 00000183 _____ C:\Users\BENUTZERNAME\Downloads\100252126287.sdx 2013-12-15 19:42 - 2013-12-15 19:42 - 00000000 ____D C:\Users\BENUTZERNAME\AppData\Roaming\e-academy Inc 2013-12-15 19:42 - 2013-12-15 19:42 - 00000000 ____D C:\Users\BENUTZERNAME\AppData\Local\e-academy Inc 2013-12-15 19:42 - 2013-12-15 19:42 - 00000000 _____ C:\Users\BENUTZERNAME\Downloads\SecureDownloadManager.log 2013-12-15 19:40 - 2013-12-15 19:40 - 00719360 _____ C:\Users\BENUTZERNAME\Downloads\SDM_DE.msi 2013-12-13 00:29 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-13 00:29 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-13 00:29 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-13 00:29 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-13 00:28 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-13 00:28 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-13 00:28 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-12-13 00:28 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-13 00:28 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-13 00:28 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-13 00:28 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-13 00:28 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-13 00:28 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-13 00:28 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-13 00:28 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-13 00:28 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-13 00:28 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-13 00:28 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-13 00:28 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-13 00:28 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-13 00:28 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-13 00:28 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-13 00:28 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-13 00:28 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-13 00:28 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-13 00:28 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-13 00:28 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-13 00:28 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-13 00:27 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-13 00:27 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-13 00:27 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-13 00:27 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-13 00:27 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-13 00:27 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-13 00:27 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-12 08:38 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-12 08:38 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-12 08:38 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-12 08:38 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-12 08:38 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-12 08:38 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-12 08:38 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-12 08:38 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-12 08:38 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-12 08:38 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-12 08:38 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-12 08:38 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-12 08:38 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-12 08:38 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-12 08:38 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-12 08:38 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-12 08:38 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-12 08:38 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-12 08:38 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-11 22:10 - 2013-12-12 08:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-12-09 09:53 - 2013-12-15 21:45 - 00000000 ____D C:\Windows\system32\MRT 2013-12-09 09:53 - 2013-12-15 21:43 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== One Month Modified Files and Folders ======= 2014-01-08 14:12 - 2014-01-08 14:12 - 00010379 _____ C:\Users\BENUTZERNAME\Downloads\FRST.txt 2014-01-08 14:11 - 2014-01-08 14:11 - 00000000 ____D C:\FRST 2014-01-08 14:11 - 2014-01-08 14:10 - 01932624 _____ (Farbar) C:\Users\BENUTZERNAME\Downloads\FRST64.exe 2014-01-08 13:37 - 2014-01-08 13:17 - 00000000 ____D C:\AdwCleaner 2014-01-08 13:34 - 2009-07-14 05:45 - 00014944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-08 13:34 - 2009-07-14 05:45 - 00014944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-08 13:30 - 2013-04-16 14:39 - 01326084 _____ C:\Windows\WindowsUpdate.log 2014-01-08 13:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\spool 2014-01-08 13:26 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-08 13:26 - 2009-07-14 05:51 - 00081748 _____ C:\Windows\setupact.log 2014-01-08 13:22 - 2014-01-08 13:20 - 00001169 _____ C:\Users\BENUTZERNAME\Desktop\AdwCleaner[R0].txt 2014-01-08 13:06 - 2014-01-08 13:06 - 01233962 _____ C:\Users\BENUTZERNAME\Downloads\adwcleaner_3.016.exe 2014-01-08 13:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2014-01-08 12:33 - 2009-07-14 18:58 - 00697082 _____ C:\Windows\system32\perfh007.dat 2014-01-08 12:33 - 2009-07-14 18:58 - 00148346 _____ C:\Windows\system32\perfc007.dat 2014-01-08 12:33 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-08 10:26 - 2013-04-16 15:01 - 00051974 _____ C:\Windows\PFRO.log 2014-01-07 20:57 - 2013-04-16 17:26 - 00000000 ____D C:\Program Files (x86)\Steam 2014-01-07 20:49 - 2014-01-07 20:49 - 00000000 ____D C:\Users\BENUTZERNAME\AppData\Roaming\Malwarebytes 2014-01-07 20:49 - 2014-01-07 20:49 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-07 20:49 - 2014-01-07 20:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-06 12:43 - 2013-07-21 14:32 - 00000000 ____D C:\Users\BENUTZERNAME\Documents\Euro Truck Simulator 2 2014-01-05 11:12 - 2013-09-15 16:51 - 00000000 ____D C:\Users\BENUTZERNAME\AppData\Roaming\.minecraft 2014-01-03 17:25 - 2013-04-16 16:27 - 00000000 ____D C:\Users\BENUTZERNAME\Desktop\Fh 2013-12-31 17:39 - 2013-12-31 17:38 - 00000000 ____D C:\Users\BENUTZERNAME\Documents\Outlook-Dateien 2013-12-27 15:06 - 2013-09-26 12:54 - 00000000 ____D C:\Users\BENUTZERNAME\Documents\My Games 2013-12-26 18:40 - 2013-04-19 17:56 - 00000000 ____D C:\Users\BENUTZERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2013-12-24 16:08 - 2013-04-16 19:33 - 00000000 ____D C:\Users\BENUTZERNAME\AppData\Local\Eclipse 2013-12-22 11:55 - 2013-04-16 15:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-21 17:44 - 2013-12-21 17:44 - 00000154 _____ C:\Users\BENUTZERNAME\.appletviewer 2013-12-21 17:44 - 2013-04-16 14:47 - 00000000 ____D C:\Users\BENUTZERNAME 2013-12-21 11:09 - 2013-04-16 16:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-21 11:09 - 2013-04-16 16:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-20 20:58 - 2013-12-20 20:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-17 11:19 - 2013-05-07 09:25 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-12-17 11:19 - 2013-04-16 16:14 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-12-17 11:19 - 2013-04-16 16:14 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-12-15 21:45 - 2013-12-09 09:53 - 00000000 ____D C:\Windows\system32\MRT 2013-12-15 21:43 - 2013-12-09 09:53 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-12-15 21:38 - 2013-12-15 21:38 - 00000000 ____D C:\Users\BENUTZERNAME\Downloads\Visual Studio Professional 2012 (x86) - DVD (German) 2013-12-15 20:10 - 2013-04-17 14:38 - 00000000 ____D C:\Users\BENUTZERNAME\Desktop\zeug 2013-12-15 19:44 - 2013-12-15 19:44 - 00000000 ____D C:\Users\BENUTZERNAME\Downloads\Visual Studio 2012 Update 2 2013-12-15 19:42 - 2013-12-15 19:42 - 00000183 _____ C:\Users\BENUTZERNAME\Downloads\100252126287.sdx 2013-12-15 19:42 - 2013-12-15 19:42 - 00000000 ____D C:\Users\BENUTZERNAME\AppData\Roaming\e-academy Inc 2013-12-15 19:42 - 2013-12-15 19:42 - 00000000 ____D C:\Users\BENUTZERNAME\AppData\Local\e-academy Inc 2013-12-15 19:42 - 2013-12-15 19:42 - 00000000 _____ C:\Users\BENUTZERNAME\Downloads\SecureDownloadManager.log 2013-12-15 19:40 - 2013-12-15 19:40 - 00719360 _____ C:\Users\BENUTZERNAME\Downloads\SDM_DE.msi 2013-12-13 20:36 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2013-12-13 12:40 - 2009-07-14 05:45 - 00420704 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-13 00:29 - 2013-04-16 14:48 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-12-12 08:44 - 2013-12-11 22:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird Files to move or delete: ==================== C:\Users\BENUTZERNAME\postgis_2_0_pg92.exe Some content of TEMP: ==================== C:\Users\BENUTZERNAME\AppData\Local\Temp\AskSLib.dll C:\Users\BENUTZERNAME\AppData\Local\Temp\avgnt.exe C:\Users\BENUTZERNAME\AppData\Local\Temp\jna1537859726636252218.dll C:\Users\BENUTZERNAME\AppData\Local\Temp\jna4159170955275076622.dll C:\Users\BENUTZERNAME\AppData\Local\Temp\jna8354244755479578487.dll C:\Users\BENUTZERNAME\AppData\Local\Temp\jna8530581461871935512.dll C:\Users\BENUTZERNAME\AppData\Local\Temp\jna8589081280955582200.dll C:\Users\BENUTZERNAME\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\BENUTZERNAME\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\BENUTZERNAME\AppData\Local\Temp\npp.6.5.1.Installer.exe C:\Users\BENUTZERNAME\AppData\Local\Temp\ose00000.exe C:\Users\BENUTZERNAME\AppData\Local\Temp\vcredist_x64.exe C:\Users\BENUTZERNAME\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-04 11:37 ==================== End Of Log ============================ --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2014 Ran by BENUTZERNAME at 2014-01-08 14:12:45 Running from C:\Users\BENUTZERNAME\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Reader XI (11.0.02) - Deutsch (x32 Version: 11.0.02 - Adobe Systems Incorporated) Amnesia: The Dark Descent (x32 Version: - ) Apple Application Support (x32 Version: 2.3.4 - Apple Inc.) Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.26 - Atheros Communications Inc.) ATI Catalyst Install Manager (Version: 3.0.769.0 - ATI Technologies, Inc.) Audacity 2.0.3 (x32 Version: 2.0.3 - Audacity Team) Audio Conversion Wizard 2.0 (x32 Version: 2.0 - Audio Conversion Wizard) Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira) Bluetooth Stack for Windows by Toshiba (Version: v6.40.00(T) - TOSHIBA CORPORATION) Broadcom 802.11 Network Adapter (Version: 5.60.48.35 - Broadcom Corporation) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (x32 Version: 2010.0426.2136.36953 - ATI) Hidden Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0426.2136.36953 - ATI) Hidden Catalyst Control Center Graphics Full New (x32 Version: 2010.0426.2136.36953 - ATI) Hidden Catalyst Control Center Graphics Light (x32 Version: 2010.0426.2136.36953 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0426.2136.36953 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0426.2136.36953 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0426.2136.36953 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0426.2136.36953 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0426.2135.36953 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0426.2135.36953 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0426.2135.36953 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0426.2135.36953 - ATI) Hidden CCC Help English (x32 Version: 2010.0426.2135.36953 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden CCC Help French (x32 Version: 2010.0426.2135.36953 - ATI) Hidden CCC Help German (x32 Version: 2010.0426.2135.36953 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0426.2135.36953 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0426.2135.36953 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0426.2135.36953 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0426.2135.36953 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0426.2135.36953 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0426.2135.36953 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0426.2135.36953 - ATI) Hidden ccc-core-static (x32 Version: 2010.0426.2136.36953 - Ihr Firmenname) Hidden ccc-utility64 (Version: 2010.0426.2136.36953 - ATI) Hidden Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Conexant Audio Driver For AMD HDMI Codec (Version: 4.98.26.0 - Conexant) Conexant HD Audio (Version: 4.119.0.61 - Conexant) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft) EPSON SX218 Series Printer Uninstall (Version: - SEIKO EPSON Corporation) Euro Truck Simulator 2 (x32 Version: - SCS Software) EVEREST Home Edition v2.20 (x32 Version: 2.20 - Lavalys Inc) Fable - The Lost Chapters (x32 Version: - ) Frozen Synapse (x32 Version: - ) Hotline Miami (x32 Version: - ) ImageJ 1.46r (Version: - NIH) Inkscape 0.48.4 (x32 Version: 0.48.4 - ) Java 7 Update 17 (64-bit) (Version: 7.0.170 - Oracle) Java 7 Update 45 (x32 Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java SE Development Kit 7 Update 17 (64-bit) (Version: 1.7.0.170 - Oracle) LTspice IV (x32 Version: - ) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Age of Empires II (x32 Version: - ) Microsoft Mathematics (x32 Version: 4.0 - Microsoft Corporation) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla) Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla) Notepad++ (x32 Version: 6.5.1 - Notepad++ Team) OpenAL (x32 Version: - ) PostgreSQL 9.2 (Version: 9.2 - PostgreSQL Global Development Group) Quantum GIS Lisboa 1.8.0 Lisboa (x32 Version: 1.8.0-r${SVN_REVISION}-2 - QGIS Development Team) QuickTime (x32 Version: 7.74.80.86 - Apple Inc.) Retro City Rampage™ (x32 Version: - Vblank Entertainment, Inc.) Scribus 1.4.3 (64bit) (Version: 1.4.3 - The Scribus Team) Secure Download Manager (x32 Version: 3.1.40 - Kivuto Solutions Inc.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Shrew Soft VPN Client (Version: - ) Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.) Steam (x32 Version: 1.0.0.0 - Valve Corporation) System Shock 2 (x32 Version: - Irrational Games) Terraria (x32 Version: - Re-Logic) TOSHIBA Supervisor Password (x32 Version: 2.00.03PLV - ) TOSHIBA Value Added Package (Version: 1.3.19.64 - TOSHIBA Corporation) Hidden TOSHIBA Value Added Package (x32 Version: 1.3.19.64 - TOSHIBA Corporation) TOSHIBA Value Added Package (x32 Version: 1.3.19.64 - TOSHIBA Corporation) Hidden Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft) ==================== Restore Points ========================= 15-12-2013 20:43:25 Windows Update 20-12-2013 11:27:45 Windows Update 24-12-2013 16:01:20 Windows Update 31-12-2013 15:33:44 Windows Update 03-01-2014 15:40:57 Windows Update 07-01-2014 19:09:41 Windows Update 07-01-2014 20:49:20 Windows Modules Installer ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= ==================== Loaded Modules (whitelisted) ============= 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-04-07 15:07 - 2010-04-07 15:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2009-11-03 12:26 - 2009-11-03 12:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll 2010-03-03 13:15 - 2010-03-03 13:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll 2010-03-03 13:15 - 2010-03-03 13:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll 2009-03-12 18:08 - 2009-03-12 18:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll 2009-10-13 09:00 - 2009-10-13 09:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2013-04-16 15:49 - 2013-04-16 15:49 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2013-04-16 16:14 - 2013-04-16 16:13 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2013-12-20 20:58 - 2013-12-20 20:58 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2013-12-21 11:09 - 2013-12-21 11:09 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll 2013-12-11 22:10 - 2013-12-11 22:10 - 03017840 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2013-12-11 22:10 - 2013-12-11 22:10 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2013-12-11 22:10 - 2013-12-11 22:10 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Generic Bluetooth Adapter Description: Generic Bluetooth Adapter Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: GenericAdapter Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Shrew Soft Virtual Adapter Description: Shrew Soft Virtual Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Shrew Soft Service: vnet Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/08/2014 00:52:14 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/08/2014 00:52:12 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (01/08/2014 10:58:46 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/08/2014 10:58:29 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (01/06/2014 11:17:22 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/06/2014 11:17:03 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (01/05/2014 03:17:25 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/05/2014 03:17:06 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (01/04/2014 11:38:11 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/04/2014 11:37:49 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. System errors: ============= Error: (12/20/2013 07:17:16 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (12/20/2013 07:17:16 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Microsoft Office Sessions: ========================= Error: (01/08/2014 00:52:14 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\Tools\AVRCPTestTool.exe Error: (01/08/2014 00:52:12 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBt1st.exe Error: (01/08/2014 10:58:46 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\Tools\AVRCPTestTool.exe Error: (01/08/2014 10:58:29 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBt1st.exe Error: (01/06/2014 11:17:22 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\Tools\AVRCPTestTool.exe Error: (01/06/2014 11:17:03 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBt1st.exe Error: (01/05/2014 03:17:25 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\Tools\AVRCPTestTool.exe Error: (01/05/2014 03:17:06 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBt1st.exe Error: (01/04/2014 11:38:11 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\Tools\AVRCPTestTool.exe Error: (01/04/2014 11:37:49 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBt1st.exe CodeIntegrity Errors: =================================== Date: 2013-04-16 16:24:03.117 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\BENUTZERNAME\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-04-16 16:24:03.101 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\BENUTZERNAME\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-04-16 16:24:02.851 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-04-16 16:24:02.851 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 40% Total physical RAM: 3958.85 MB Available physical RAM: 2373.99 MB Total Pagefile: 7915.88 MB Available Pagefile: 5855.7 MB Total Virtual: 8192 MB Available Virtual: 8191.79 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.89 GB) (Free:69.84 GB) NTFS Drive d: () (Fixed) (Total:148.81 GB) (Free:148.72 GB) NTFS Drive f: (My ZEN) (Removable) (Total:7.67 GB) (Free:3.67 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 0CA8327F) Partition 1: (Active) - (Size=400 MB) - (Type=27) Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 8 GB) (Disk ID: 00000000) Partition 1: (Active) - (Size=8 GB) - (Type=0B) ==================== End Of Log ============================ Danke im Vorraus |
08.01.2014, 16:01 | #4 |
| Spammails werden aus Netzwerk verschickt So, nun die Files für den zweiten Rechner: Hier gab es wie bereits geschrieben einige Funde mehr. Anti-Malware Log Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.08.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 WIN7 :: WIN7-PC [Administrator] 08.01.2014 10:54:03 MBAM-log-2014-01-08 (13-29-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 359769 Laufzeit: 36 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 8 HKCR\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt. HKCU\Software\Datamngr (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt. HKCU\Software\Iminent (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 5 C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Keine Aktion durchgeführt. C:\Program Files (x86)\IminentToolbar (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Users\WIN7\AppData\Local\Temp\ct3312329 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\ProgramData\Conduit\IE\CT3312329 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 7 C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Keine Aktion durchgeführt. C:\Users\WIN7\AppData\Local\Temp\IminentSetup-1-.exe (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Users\WIN7\Downloads\SoftonicDownloader_fuer_wow-slider.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt. C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Keine Aktion durchgeführt. C:\Users\WIN7\AppData\Local\Temp\ct3312329\chromeid.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\WIN7\AppData\Local\Temp\ct3312329\setup.ini.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\ProgramData\Conduit\IE\CT3312329\configutaion.json (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. (Ende) vor: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 08/01/2014 um 13:33:04 # Aktualisiert 23/12/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : WIN7 - WIN7-PC # Gestartet von : C:\Users\WIN7\Downloads\adwcleaner_3.016.exe # Option : Suchen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Datei Gefunden : C:\END Datei Gefunden : C:\Users\WIN7\AppData\Local\Temp\Uninstall.exe Datei Gefunden : C:\Windows\System32\Tasks\NCH Software Ordner Gefunden C:\Program Files (x86)\Conduit Ordner Gefunden C:\Program Files (x86)\IminentToolbar Ordner Gefunden C:\Program Files (x86)\Searchprotect Ordner Gefunden C:\Program Files (x86)\SeeSimilar Ordner Gefunden C:\ProgramData\Conduit Ordner Gefunden C:\ProgramData\NCH Software Ordner Gefunden C:\Users\WIN7\AppData\Local\Conduit Ordner Gefunden C:\Users\WIN7\AppData\LocalLow\Conduit Ordner Gefunden C:\Users\WIN7\AppData\LocalLow\PriceGong Ordner Gefunden C:\Users\WIN7\AppData\Roaming\NCH Software Ordner Gefunden C:\Users\WIN7\AppData\Roaming\Searchprotect Ordner Gefunden C:\Users\WIN7\AppData\Roaming\SeeSimilar ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gefunden : HKCU\Software\Conduit Schlüssel Gefunden : HKCU\Software\DataMngr Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar Schlüssel Gefunden : HKCU\Software\Iminent Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gefunden : HKCU\Software\NCH Software Schlüssel Gefunden : HKCU\Software\SIEN SA Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : [x64] HKCU\Software\Conduit Schlüssel Gefunden : [x64] HKCU\Software\DataMngr Schlüssel Gefunden : [x64] HKCU\Software\DataMngr_Toolbar Schlüssel Gefunden : [x64] HKCU\Software\Iminent Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} Schlüssel Gefunden : [x64] HKCU\Software\NCH Software Schlüssel Gefunden : [x64] HKCU\Software\Softonic Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2704262 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3241949 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Schlüssel Gefunden : HKLM\Software\Conduit Schlüssel Gefunden : HKLM\Software\Iminent Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_sonicstage_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_sonicstage_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_audio-recorder-for-free_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_audio-recorder-for-free_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sonicstage_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sonicstage_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_streamwriter_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_streamwriter_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_wavepad_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_wavepad_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Schlüssel Gefunden : HKLM\Software\SearchquSRTB Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\DataMngr Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Google Chrome v31.0.1650.63 [ Datei : C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [16948 octets] - [08/01/2014 13:33:04] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [17009 octets] ########## nach: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 08/01/2014 um 15:47:04 # Aktualisiert 23/12/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : WIN7 - WIN7-PC # Gestartet von : C:\Users\WIN7\Downloads\adwcleaner_3.016.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Conduit Ordner Gelöscht : C:\ProgramData\NCH Software Ordner Gelöscht : C:\Program Files (x86)\Conduit Ordner Gelöscht : C:\Program Files (x86)\IminentToolbar Ordner Gelöscht : C:\Program Files (x86)\Searchprotect Ordner Gelöscht : C:\Program Files (x86)\SeeSimilar Ordner Gelöscht : C:\Users\WIN7\AppData\Local\Conduit Ordner Gelöscht : C:\Users\WIN7\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\WIN7\AppData\LocalLow\PriceGong Ordner Gelöscht : C:\Users\WIN7\AppData\Roaming\NCH Software Ordner Gelöscht : C:\Users\WIN7\AppData\Roaming\Searchprotect Ordner Gelöscht : C:\Users\WIN7\AppData\Roaming\SeeSimilar Datei Gelöscht : C:\END Datei Gelöscht : C:\Users\WIN7\AppData\Local\Temp\Uninstall.exe Datei Gelöscht : C:\Windows\System32\Tasks\NCH Software ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\SIEN SA Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2704262 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3241949 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_sonicstage_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_sonicstage_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_audio-recorder-for-free_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_audio-recorder-for-free_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sonicstage_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sonicstage_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_streamwriter_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_streamwriter_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_wavepad_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_wavepad_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\DataMngr Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\Iminent Schlüssel Gelöscht : HKCU\Software\NCH Software Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\Iminent Schlüssel Gelöscht : HKLM\Software\SearchquSRTB Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DataMngr ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Google Chrome v31.0.1650.63 [ Datei : C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [17314 octets] - [08/01/2014 13:33:04] AdwCleaner[R1].txt - [17375 octets] - [08/01/2014 15:46:33] AdwCleaner[S0].txt - [16685 octets] - [08/01/2014 15:47:04] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16746 octets] ########## FRST: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014 Ran by WIN7 (administrator) on WIN7-PC on 08-01-2014 15:50:37 Running from C:\Users\WIN7\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe () C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE.EXE (Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor) HKLM\...\Run: [WrtMon.exe] - C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] () HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM-x32\...\Run: [OpwareSE4] - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-08-30] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [dradio-RecorderTimer] - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [41472 2012-04-03] () HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE.EXE [283232 2012-11-04] (SEIKO EPSON CORPORATION) AppInit_DLLs: [ ] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/?rlz=1W4CHBB_deDE516 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC613C242FF5BCC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE URLSearchHook: HKCU - (No Name) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - No File SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = SearchScopes: HKCU - {A6CE9A91-FAAF-4C65-963F-B74B163B46EC} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3241949 BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Chrome: ======= CHR Extension: (Google Docs) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default\extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Google Wallet) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 CHR Extension: (Gmail) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) ==================== Drivers (Whitelisted) ==================== S3 FanatecWheelFilterUsb; C:\Windows\System32\DRIVERS\FWFilterUsb.sys [63728 2012-11-23] (Windows (R) Codename Longhorn DDK provider) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) S3 gdrv; \??\C:\Windows\gdrv.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-08 15:50 - 2014-01-08 15:51 - 00008171 _____ C:\Users\WIN7\Downloads\FRST.txt 2014-01-08 15:50 - 2014-01-08 15:50 - 00000000 ____D C:\FRST 2014-01-08 15:49 - 2014-01-08 15:50 - 01932624 _____ (Farbar) C:\Users\WIN7\Downloads\FRST64.exe 2014-01-08 13:33 - 2014-01-08 15:47 - 00000000 ____D C:\AdwCleaner 2014-01-08 13:32 - 2014-01-08 13:32 - 01233962 _____ C:\Users\WIN7\Downloads\adwcleaner_3.016.exe 2014-01-08 10:52 - 2014-01-08 10:52 - 00000000 ____D C:\Users\WIN7\AppData\Roaming\Malwarebytes 2014-01-08 10:52 - 2014-01-08 10:52 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-08 10:52 - 2014-01-08 10:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-08 10:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-01-08 10:51 - 2014-01-07 20:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\WIN7\Desktop\mbam-setup-1.75.0.1300.exe 2014-01-06 19:57 - 2014-01-06 19:57 - 00061297 _____ C:\Users\WIN7\AppData\Local\recently-used.xbel 2014-01-03 18:32 - 2014-01-03 18:32 - 00000000 ____D C:\Users\WIN7\AppData\Roaming\Canon_Inc_IC 2013-12-28 12:43 - 2013-12-28 12:44 - 00000000 ____D C:\Users\WIN7\AppData\Local\Deployment 2013-12-28 12:43 - 2013-12-28 12:43 - 00000000 ____D C:\Users\WIN7\AppData\Local\Apps\2.0 2013-12-27 23:53 - 2014-01-03 18:32 - 00000000 ____D C:\ProgramData\Canon_Inc_IC 2013-12-12 14:34 - 2013-12-12 18:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-12-12 12:36 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-12 12:36 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-12 12:36 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-12 12:36 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-12 12:35 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-12 12:35 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-12 12:35 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-12-12 12:35 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-12 12:35 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-12 12:35 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-12 12:35 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-12 12:35 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-12 12:35 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-12 12:35 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-12 12:35 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-12 12:35 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-12 12:35 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-12 12:35 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-12 12:35 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-12 12:35 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-12 12:35 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-12 12:35 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-12 12:35 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-12 12:35 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-12 12:35 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-12 12:35 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-12 12:35 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-12 12:35 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-12 12:35 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-12 12:35 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-12 12:35 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-12 12:35 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-12 12:35 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-12 12:35 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-12 12:35 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-12 10:33 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-12 10:33 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-12 10:33 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-12 10:33 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-12 10:33 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-12 10:33 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-12 10:33 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-12 10:33 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-12 10:33 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-12 10:33 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-12 10:33 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-12 10:33 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-12 10:33 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-12 10:33 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-12 10:33 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-12 10:33 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-12 10:33 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-12 10:33 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-12 10:33 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-10 19:46 - 2013-12-10 19:46 - 00000000 ____D C:\Users\WIN7\AppData\Local\FileMaker ==================== One Month Modified Files and Folders ======= 2014-01-08 15:51 - 2014-01-08 15:50 - 00008171 _____ C:\Users\WIN7\Downloads\FRST.txt 2014-01-08 15:51 - 2011-08-16 11:01 - 01819676 _____ C:\Windows\WindowsUpdate.log 2014-01-08 15:50 - 2014-01-08 15:50 - 00000000 ____D C:\FRST 2014-01-08 15:50 - 2014-01-08 15:49 - 01932624 _____ (Farbar) C:\Users\WIN7\Downloads\FRST64.exe 2014-01-08 15:49 - 2012-03-31 15:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-08 15:48 - 2012-03-11 18:37 - 00000000 ____D C:\Users\WIN7\Desktop\Arne 2014-01-08 15:48 - 2011-08-18 22:29 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-08 15:48 - 2011-08-18 22:29 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-08 15:47 - 2014-01-08 13:33 - 00000000 ____D C:\AdwCleaner 2014-01-08 15:47 - 2013-09-22 10:45 - 00038955 _____ C:\Windows\setupact.log 2014-01-08 15:47 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-08 15:05 - 2009-07-14 05:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-08 15:05 - 2009-07-14 05:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-08 13:32 - 2014-01-08 13:32 - 01233962 _____ C:\Users\WIN7\Downloads\adwcleaner_3.016.exe 2014-01-08 10:53 - 2011-04-12 08:43 - 00654150 _____ C:\Windows\system32\perfh007.dat 2014-01-08 10:53 - 2011-04-12 08:43 - 00130022 _____ C:\Windows\system32\perfc007.dat 2014-01-08 10:53 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-08 10:52 - 2014-01-08 10:52 - 00000000 ____D C:\Users\WIN7\AppData\Roaming\Malwarebytes 2014-01-08 10:52 - 2014-01-08 10:52 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-08 10:52 - 2014-01-08 10:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-07 20:48 - 2014-01-08 10:51 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\WIN7\Desktop\mbam-setup-1.75.0.1300.exe 2014-01-07 20:29 - 2012-12-23 16:43 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2B77CF0A-2812-45C1-B74D-DC0BD5A4D85A} 2014-01-07 08:19 - 2011-08-17 17:04 - 00000000 ____D C:\Users\WIN7\Desktop\Martin 6.12.13 2014-01-06 19:57 - 2014-01-06 19:57 - 00061297 _____ C:\Users\WIN7\AppData\Local\recently-used.xbel 2014-01-06 19:57 - 2013-10-06 15:44 - 00000000 ____D C:\Users\WIN7\.gimp-2.8 2014-01-06 19:55 - 2013-10-06 15:46 - 00000000 ____D C:\Users\WIN7\AppData\Local\gtk-2.0 2014-01-03 18:32 - 2014-01-03 18:32 - 00000000 ____D C:\Users\WIN7\AppData\Roaming\Canon_Inc_IC 2014-01-03 18:32 - 2013-12-27 23:53 - 00000000 ____D C:\ProgramData\Canon_Inc_IC 2013-12-28 15:13 - 2010-11-21 04:47 - 00029278 _____ C:\Windows\PFRO.log 2013-12-28 12:49 - 2011-08-18 22:29 - 00000000 ____D C:\Program Files (x86)\Google 2013-12-28 12:44 - 2013-12-28 12:43 - 00000000 ____D C:\Users\WIN7\AppData\Local\Deployment 2013-12-28 12:43 - 2013-12-28 12:43 - 00000000 ____D C:\Users\WIN7\AppData\Local\Apps\2.0 2013-12-27 23:55 - 2012-07-14 20:36 - 00001132 _____ C:\Users\Public\Desktop\Digital Photo Professional.lnk 2013-12-27 23:55 - 2011-08-30 17:07 - 00000000 ____D C:\Program Files (x86)\Canon 2013-12-27 23:54 - 2011-08-30 17:16 - 00000000 ____D C:\Users\WIN7\AppData\Roaming\Canon 2013-12-22 14:24 - 2012-03-01 16:06 - 00000000 ____D C:\Program Files (x86)\Namo 2013-12-21 17:57 - 2011-09-05 17:40 - 00000000 ____D C:\Windows\System32\Tasks\NCH Swift Sound 2013-12-20 20:22 - 2013-10-05 19:28 - 00000000 ____D C:\Users\WIN7\AppData\Roaming\Skype 2013-12-19 18:45 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-12-16 18:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-12-15 14:05 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2013-12-15 10:32 - 2013-08-14 11:12 - 00000000 ____D C:\Windows\system32\MRT 2013-12-15 10:31 - 2011-08-16 11:14 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-12-14 14:58 - 2012-08-07 20:38 - 00614400 ___SH C:\Users\WIN7\Desktop\Thumbs.db 2013-12-12 20:14 - 2012-10-26 14:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-12 18:06 - 2013-12-12 14:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-12-12 14:09 - 2009-07-14 05:45 - 00326504 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-11 13:49 - 2012-03-31 15:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-11 13:49 - 2012-03-31 15:25 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-11 13:49 - 2011-08-18 22:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-10 19:46 - 2013-12-10 19:46 - 00000000 ____D C:\Users\WIN7\AppData\Local\FileMaker Some content of TEMP: ==================== C:\Users\WIN7\AppData\Local\Temp\IminentSetup-1-.exe C:\Users\WIN7\AppData\Local\Temp\Quarantine.exe C:\Users\WIN7\AppData\Local\Temp\SkypeSetup.exe C:\Users\WIN7\AppData\Local\Temp\_is4CD8.exe C:\Users\WIN7\AppData\Local\Temp\_is59B3.exe C:\Users\WIN7\AppData\Local\Temp\_isADEA.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-03 19:24 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2014 Ran by WIN7 at 2014-01-08 15:51:30 Running from C:\Users\WIN7\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8 - Adobe Systems Incorporated) Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17 - Amazon Services LLC) ArcSoft PhotoStudio 5.5 (x32 Version: - ArcSoft) ARIA Engine v1.0.7.3 (Version: v1.0.7.3 - Garritan) Benutzerhandbuch EPSON SX130 Series (x32 Version: - ) Camera Support Core Library (x32 Version: 7.3.0.4 - Canon) Hidden Camera Window DS (x32 Version: 5.3.1 - Canon) Hidden Camera Window DVC (x32 Version: 5.4.4 - Canon) Hidden Camera Window MC (x32 Version: 5.4.3 - Canon) Hidden Canon Camera Support Core Library (x32 Version: 7.3.0.4 - Canon) Canon Camera WIA Driver (x32 Version: 5.6 - Canon) Hidden Canon Camera Window DC_DV 5 for ZoomBrowser EX (x32 Version: 5.4.4 - Canon) Canon Camera Window DSLR 5 for ZoomBrowser EX (x32 Version: 5.3.1 - Canon) Canon Camera Window MC 5 for ZoomBrowser EX (x32 Version: 5.4.3 - Canon) Canon EOS Kiss_N REBEL_XT 350D WIA-Treiber (x32 Version: 5.6 - Canon) CANON iMAGE GATEWAY Task (x32 Version: 1.0.0.23 - Canon) Hidden CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.0.0.23 - Canon) Canon Internet Library for ZoomBrowser EX (x32 Version: 1.4.0 - Canon Inc.) Canon MP Navigator EX 1.0 (x32 Version: - ) Canon PhotoRecord (x32 Version: 02.02.03002 - Cisra) Canon RAW Image Task for ZoomBrowser EX (x32 Version: 2.2 - Canon) Canon Utilities Digital Photo Professional (x32 Version: 3.13.10.0 - Canon Inc.) Canon Utilities EOS Capture 1.5 (x32 Version: 1.5 - Canon) Canon Utilities PhotoStitch (x32 Version: 3.1.22.46 - Canon Inc.) Canon ZoomBrowser EX (G) (x32 Version: 5.05.0000 - Canon) CanoScan LiDE 90 (Version: - ) Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Content Manager 2 (x32 Version: 3.10.0.52790 - NNG Llc.) dradio-Recorder Version 3.02.6 (x32 Version: - ) Druckerdeinstallation für EPSON SX130 Series (Version: - SEIKO EPSON Corporation) ElsterFormular (x32 Version: 14.0.0.10960 - Landesfinanzdirektion Thüringen) EOS Capture 1.5 (x32 Version: 1.5 - Canon) Hidden Epson Easy Photo Print 2 (x32 Version: 2.2.4.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000 - SEIKO EPSON CORPORATION) Epson Event Manager (x32 Version: 2.40.0009 - SEIKO EPSON CORPORATION) EPSON Scan (x32 Version: - Seiko Epson Corporation) Finale 2010 (x32 Version: 15.1.r2.0 - MakeMusic) Garritan Instrumente für Finale (Version: v1.0.1.1 - Garritan) GIMP 2.8.6 (Version: 2.8.6 - The GIMP Team) Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.) Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation) Intel(R) Processor Graphics (x32 Version: 8.15.10.2279 - Intel Corporation) Internet Library (x32 Version: 1.4.0 - Canon Inc.) Hidden J2SE Runtime Environment 5.0 Update 1 (x32 Version: 1.5.0.10 - Sun Microsystems, Inc.) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden Microsoft LifeCam (Version: 3.60.253.0 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office XP Media Content (x32 Version: 10.0.2619.0 - Microsoft Corporation) Microsoft Office XP Professional (x32 Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Maintenance Service (x32 Version: 24.2.0 - Mozilla) Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation) Namo WebEditor 9 (x32 Version: 8.00.000 - Namo Interactive, Inc.) Naviextras Toolbox Prerequesities (x32 Version: 1.0.0 - NNG Llc.) OpenMG Limited Patch 4.7-07-14-05-01 (x32 Version: - ) OpenMG Secure Module 4.7.00 (x32 Version: 4.7.00.12140 - Sony Corporation) OpenMG Secure Module 4.7.00 (x32 Version: 4.7.00.12140 - Sony Corporation) Hidden PixGEN v.2.8.4 (x32 Version: - Pixopolis KG) RAW Image Task 2.2 (x32 Version: 2.2 - Canon) Hidden Realtek Ethernet Controller Driver (x32 Version: 7.36.1224.2010 - Realtek) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6282 - Realtek Semiconductor Corp.) ScanSoft OmniPage SE 4 (x32 Version: 15.2.0020 - Nuance Communications, Inc.) Skype™ 6.10 (x32 Version: 6.10.104 - Skype Technologies S.A.) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden WavePad Audiobearbeitungs-Software (x32 Version: - NCH Software) WOW Slider (x32 Version: - ) ==================== Restore Points ========================= 18-12-2013 17:24:45 Windows Update 22-12-2013 18:00:17 Windows-Sicherung 23-12-2013 09:09:31 Windows Update 26-12-2013 11:49:03 Windows Update 29-12-2013 18:00:26 Windows-Sicherung 29-12-2013 18:45:55 Windows Update 03-01-2014 17:10:35 Windows Update 05-01-2014 18:00:17 Windows-Sicherung 06-01-2014 18:15:37 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {078304E4-4E02-4B03-B77D-7FDB6BBDC73A} - System32\Tasks\{716D9996-BDF7-4D84-857E-BECB8A4DFEA1} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe Task: {0B908EB6-541D-4EEF-82C4-BF999DB90ABE} - System32\Tasks\{4638454A-C2F2-4497-B3FF-7D7581C55139} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe Task: {269F73AC-1CED-4447-A431-49BAD6349DC2} - System32\Tasks\NCH Swift Sound\wavepadShakeIcon => C:\Program Files (x86)\NCH Swift Sound\WavePad\wavepad.exe [2011-09-05] (NCH Software) Task: {350004D0-C706-4305-8FC7-8A8DCE114B9B} - System32\Tasks\{18F0827F-AA61-4DFB-8C38-C71728E11290} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe Task: {40813DD0-B068-410A-895E-FC01AB494A7E} - System32\Tasks\{07A7B844-BC41-46CC-A210-C3F75C19C5AE} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.11.60.102/de/abandoninstall?page=tsProgressBar Task: {7A994A3B-C1CE-4D39-BA1D-24E8DE07580B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18] (Google Inc.) Task: {84BBD68A-B4E1-4ED0-AECE-C3B7F2E70EBC} - System32\Tasks\4474 => Wscript.exe C:\Users\WIN7\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {9A81F410-79A3-442E-909E-2A59C4A22857} - System32\Tasks\{3FC86BAD-997E-4DBA-88BC-D007AD8B7730} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe Task: {9BFB5659-0C68-4E37-AB7C-0EE5D0F0616B} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {ADA58064-CBFF-41FC-9B8B-DEB4EED5CAF5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated) Task: {C0D51CBD-AD6C-439C-A601-1FA68B7AC9B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18] (Google Inc.) Task: {D5203C7B-3F86-4743-ADC8-F0E0E953D707} - System32\Tasks\{4708BB7E-D44B-4613-93D6-27425C568366} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe Task: {DE5F1983-AC99-4986-A2CE-E7AF43AB08A9} - System32\Tasks\{225B1FCC-CA56-47D8-82A9-4128D9364669} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe Task: {EE74A66A-7C88-4F56-A846-70587C8AB55F} - System32\Tasks\{10C0A765-CF7F-4E8C-A903-294EB1D25AB2} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe Task: {F15A25CA-46E7-48AC-8395-B98E5B76E967} - System32\Tasks\{FA3CD9D9-3F7B-4AFC-B8DA-C9203D8CC1CC} => C:\Program Files (x86)\Microsoft Office\Office10\POWERPNT.EXE [2011-04-26] (Microsoft Corporation) Task: {F6131E00-728A-43D3-9D27-7BBD821B7661} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {F8921987-348D-4522-816E-27FCAFB18643} - System32\Tasks\{C1DF869D-673F-44E3-B80D-F199A235A3E7} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-08-16 11:05 - 2011-01-07 09:57 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/08/2014 03:49:43 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/08/2014 03:00:25 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/08/2014 01:47:41 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/08/2014 01:32:01 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/08/2014 00:04:28 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (01/08/2014 10:52:00 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/08/2014 09:24:43 AM) (Source: Microsoft Office 10) (User: ) Description: Accepted Safe Mode action : Microsoft PowerPoint. Error: (01/08/2014 09:24:06 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: POWERPNT.EXE, Version: 10.0.6872.0, Zeitstempel: 0x4db706c2 Name des fehlerhaften Moduls: mso.dll, Version: 10.0.6870.0, Zeitstempel: 0x4d602ee7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000ffb2 ID des fehlerhaften Prozesses: 0xb88 Startzeit der fehlerhaften Anwendung: 0xPOWERPNT.EXE0 Pfad der fehlerhaften Anwendung: POWERPNT.EXE1 Pfad des fehlerhaften Moduls: POWERPNT.EXE2 Berichtskennung: POWERPNT.EXE3 Error: (01/08/2014 08:52:32 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/07/2014 08:27:47 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (12/28/2013 07:56:35 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (12/28/2013 07:56:15 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (12/28/2013 07:39:09 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (12/28/2013 07:17:06 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (12/28/2013 07:12:32 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (12/28/2013 07:12:32 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (12/28/2013 00:42:08 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (12/28/2013 00:37:48 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (12/28/2013 00:37:48 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (12/28/2013 00:35:48 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Microsoft Office Sessions: ========================= Error: (01/08/2014 03:49:43 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/08/2014 03:00:25 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/08/2014 01:47:41 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/08/2014 01:32:01 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\WIN7\Downloads\SoftonicDownloader_fuer_wow-slider.exe Error: (01/08/2014 00:04:28 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\dradio-recorder\phonostar.exe Error: (01/08/2014 10:52:00 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/08/2014 09:24:43 AM) (Source: Microsoft Office 10)(User: ) Description: Microsoft PowerPointPowerPoint konnte zuletzt nicht korrekt gestartet werden. Das Starten von PowerPoint im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, so dass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein. Möchten Sie PowerPoint im abgesicherten Modus starten? Error: (01/08/2014 09:24:06 AM) (Source: Application Error)(User: ) Description: POWERPNT.EXE10.0.6872.04db706c2mso.dll10.0.6870.04d602ee7c00000050000ffb2b8801cf0c4aff4404b4C:\Program Files (x86)\Microsoft Office\Office10\POWERPNT.EXEC:\Program Files (x86)\Common Files\Microsoft Shared\office10\mso.dll3d1906f9-783e-11e3-b37e-50e5492808e1 Error: (01/08/2014 08:52:32 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/07/2014 08:27:47 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 34% Total physical RAM: 4013.42 MB Available physical RAM: 2642.42 MB Total Pagefile: 8025.02 MB Available Pagefile: 6520.42 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:153.16 GB) (Free:43.34 GB) NTFS Drive d: () (Fixed) (Total:312.5 GB) (Free:122.74 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C26F8388) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=153 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=312 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
09.01.2014, 11:05 | #5 |
/// the machine /// TB-Ausbilder | Spammails werden aus Netzwerk verschickt Auf beiden nochmal ein Update von MBAM machen und einen Quickscan. Passwort des Mail Accounts geändert? Seitdem noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
10.01.2014, 00:04 | #6 |
| Spammails werden aus Netzwerk verschickt Bei Rechner 1(wo nur der eine Fund war) hab ich MBAM bereits nochmal drüber laufen lassen. Hatte keine Funde mehr. Zum zweiten Rechner hab ich erst am Wochenende wieder Zugriff. Ich werde dort dann MBAM auch nochmal scannen lassen. Ja. Habe alle wichtigen Passwörter von einem anderen Rechner, in einem anderen Netzwerk geändert. Allerdings ist es wohl auch nicht so, dass die Emails von einer Adresse von einem der Netzerwerk-Nutzer versendet worden. Sonder eher so, dass irgendeine Malware den infizierten Rechner nutzt um Spammails mit irgendeiner Fake-Adresse zuversenden. Das Problem ist, dass die Telekom jetzt Port 25 gesperrt hat. Bevor ich diesen wieder freischalten lassen, sollte man halt sicherstellen die Ursache behoben zu haben. In der Nachricht waren zwar auch zwei Zeitpunkte angegeben, allerdings hilft mir das nicht, den infizierten Rechner auszumachen, weil eben 4 Rechner zu den Zeitpunkte in Frage kommen. Die Rechner von denen ich die Logs gepostet habe werden reltiv häufig genutzt. Rechner 3 hatte zwar wirklich schlecht gepflegt, allerdings wird der auch so gut wie gar nicht mehr genutzt. Meine Vermutung ist Rechner4. Dieser war nur für ca. 2 Wochen im Netzwerk und in diesen Zeitraum fallen beide von der Telekom gennanten Zeitpunkte. Da vorher wohl noch keine derartigen Fälle aufgetreten sind, ist es wohl am wahrscheinlichsten. dass dieser Rechner infiziert ist. Auf den Rechner (Laptop) hab ich jetzt aber auch kein Zugriff mehr. Bevor ich den Port wieder freischalten lasse, möchte ich natürlich aber erstmal sicherstellen, dass nicht doch Rechner 1 oder 2 die Übeltäter sind. Daher auch die Frage, ob es möglich ist, dass einer der Funde solche Spammails versenden könnte. Guten Abend |
10.01.2014, 14:34 | #7 |
/// the machine /// TB-Ausbilder | Spammails werden aus Netzwerk verschickt Die beiden wo Du die Logs gepostet hast sind es definitiv nicht. FRST logs von den andren Rechnern bitte
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
11.01.2014, 18:14 | #8 |
| Spammails werden aus Netzwerk verschickt Hallo, danke für die Hilfe. Hier nochmal die Ergebnisse des erneutem Scan von Rechner2 Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.08.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 WIN7 :: WIN7-PC [Administrator] 11.01.2014 11:55:45 MBAM-log-2014-01-11 (13-00-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 360069 Laufzeit: 37 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\WIN7\AppData\Local\Temp\ct3312329 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 5 C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> Keine Aktion durchgeführt. C:\Users\WIN7\AppData\Local\Temp\IminentSetup-1-.exe (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Users\WIN7\Downloads\SoftonicDownloader_fuer_wow-slider.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt. C:\Users\WIN7\AppData\Local\Temp\ct3312329\chromeid.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\WIN7\AppData\Local\Temp\ct3312329\setup.ini.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.08.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 WIN7 :: WIN7-PC [Administrator] 11.01.2014 13:02:08 mbam-log-2014-01-11 (13-02-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 212357 Laufzeit: 3 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Hat wie gesagt sehr viele Funde gehabt. Werde den Rechner aber eh platt machen und neu aufsetzten. Interessieren würde es mich aber schon, ob der Rechner der Verursacher war. Deshalb eben nochmal die Logs von Rechner 3. (Bitte nur durchschauen, wenn das nicht zuviel Arbeit ist, wird wie gesagt eh neuaufgesetzt) MBAM vom Tag als ich den Thread eröffnet habe: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.08.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 BENUTZERNAME :: NAME-46E1A3ACCA [Administrator] 08.01.2014 11:12:48 MBAM-log-2014-01-08 (13-22-15).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 336439 Laufzeit: 1 Stunde(n), 51 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 4 C:\Programme\Web Assistant\ExtensionUpdaterService.exe (PUP.Optional.SweetPacks.A) -> 156 -> Keine Aktion durchgeführt. C:\Programme\Web Assistant\ExtensionUpdaterService.exe (PUP.Optional.SweetPacks.A) -> 212 -> Keine Aktion durchgeführt. C:\WINDOWS\system32\jmdp\stij.exe (PUP.Optional.InstallBrain.A) -> 2548 -> Keine Aktion durchgeführt. C:\WINDOWS\system32\dmwu.exe (Adware.InstallBrain) -> 1856 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 1 C:\WINDOWS\system32\jmdp\lmrn.dll (PUP.Optional.Sweetpacks) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 31 HKLM\SYSTEM\CurrentControlSet\Services\Web Assistant (PUP.Optional.SweetPacks.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. HKCR\Incredibar.IncredibarHlpr.1 (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. HKCR\Incredibar.IncredibarHlpr (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. HKCR\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77} (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. HKCR\Incredibar.dskBnd.1 (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. HKCR\Incredibar.dskBnd (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77} (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77} (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\WNLT (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\WNLT (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (Adware.InstallBrain) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E} (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. HKCR\IncredibarApp.appCore.1 (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. HKCR\IncredibarApp.appCore (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. HKCR\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE} (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. HKCR\I (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. HKCR\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2} (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Keine Aktion durchgeführt. HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Keine Aktion durchgeführt. HKCR\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Keine Aktion durchgeführt. HKCR\Interface\{7558E739-8E7C-44BB-BCE7-1BF0D72B7026} (Trojan.BHO) -> Keine Aktion durchgeführt. HKCR\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Keine Aktion durchgeführt. HKCR\ToolBand.XTTBPos00 (Trojan.BHO) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 6 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{F9639E4A-801B-4843-AEE3-03D9DA199E77} (PUP.Optional.Incredibar) -> Daten: Incredibar Toolbar -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F9639E4A-801B-4843-AEE3-03D9DA199E77} (PUP.Optional.Incredibar) -> Daten: -> Keine Aktion durchgeführt. HKCU\SOFTWARE\WNLT|URL (PUP.Optional.InstallBrain.A) -> Daten: MYSTART -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Mozilla\Firefox\extensions|{336D0C35-8A85-403a-B9D2-65C292C39087} (PUP.Optional.Incredibar) -> Daten: C:\Programme\Web Assistant\Firefox -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Mozilla\Firefox\extensions|{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} (PUP.Optional.Incredibar) -> Daten: C:\Programme\Web Assistant\Firefox -> Keine Aktion durchgeführt. HKLM\SOFTWARE\WNLT|PDV (PUP.Optional.InstallBrain.A) -> Daten: [TAILUPGRADECAPTURE] [UPGRADEONIDLE] [BLACKLIST=1] -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 5 C:\WINDOWS\system32\WNLT\Installation (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt. C:\Programme\Incredibar.com (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. C:\Programme\Incredibar.com\incredibar (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. C:\Programme\Incredibar.com\incredibar\1.5.11.14 (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. Infizierte Dateien: 23 C:\Programme\Web Assistant\ExtensionUpdaterService.exe (PUP.Optional.SweetPacks.A) -> Keine Aktion durchgeführt. C:\WINDOWS\system32\jmdp\stij.exe (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt. C:\WINDOWS\system32\jmdp\lmrn.dll (PUP.Optional.Sweetpacks) -> Keine Aktion durchgeführt. C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\All Users\Dokumente\install.exe (Virus.Tenga) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\BENUTZERNAME\Lokale Einstellungen\Temp\bundlesweetimsetup.exe (PUP.Optional.SweetIM) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{F4590F1F-1C65-4C31-BF92-A80ED054E26A}\RP629\A0177329.exe (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{F4590F1F-1C65-4C31-BF92-A80ED054E26A}\RP635\A0179482.exe (PUP.Optional.SweetPacks.A) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{F4590F1F-1C65-4C31-BF92-A80ED054E26A}\RP635\snapshot\MFEX-2.DAT (PUP.Optional.SweetPacks.A) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{F4590F1F-1C65-4C31-BF92-A80ED054E26A}\RP639\A0180736.dll (PUP.Optional.Sweetpacks) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{F4590F1F-1C65-4C31-BF92-A80ED054E26A}\RP639\A0180737.exe (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt. C:\WINDOWS\system32\ARFC\wrtc.exe (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt. C:\WINDOWS\system32\WNLT\Installation\SKSetup.exe (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt. C:\WINDOWS\system32\WNLT\Installation\WSSetup.exe (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt. C:\WINDOWS\system32\dmwu.exe (Adware.InstallBrain) -> Keine Aktion durchgeführt. C:\WINDOWS\system32\WNLT\Installation\Config.bin (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt. C:\WINDOWS\system32\WNLT\Installation\uninstaller.exe (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt. C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. C:\Programme\Incredibar.com\incredibar\1.5.11.14\uninstall.exe (PUP.Optional.Incredibar) -> Keine Aktion durchgeführt. C:\Programme\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Keine Aktion durchgeführt. (Ende) Hier der Log soweit er gekommen ist: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-01-2014 02 Ran by BENUTZERNAME (administrator) on NAME-46E1A3ACCA on 11-01-2014 14:05:55 Running from C:\Dokumente und Einstellungen\BENUTZERNAME\Desktop Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== () C:\WINDOWS\system32\acs.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avguard.exe () C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe (Cyberlink) C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE (Agere Systems) C:\WINDOWS\AGRSMMSG.exe (Cyberlink Corp.) C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe (CyberLink Corp.) C:\Programme\Home Cinema\PowerCinema\PCMService.exe (Apple Computer, Inc.) C:\Programme\QuickTime\qttask.exe (Microsoft Corporation) C:\Programme\Microsoft IntelliPoint\ipoint.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Programme\Messenger\msmsgs.exe (Cyberlink) C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (Juniper Networks) C:\Programme\Juniper Networks\Common Files\dsNcService.exe () C:\Programme\ICQ6Toolbar\ICQ Service.exe (T-Online International AG, Marmiko IT-Solutions GmbH) C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe () C:\Programme\Web Assistant\ExtensionUpdaterService.exe () C:\Programme\Web Assistant\ExtensionUpdaterService.exe () C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avshadow.exe (X10) C:\Programme\Common Files\X10\Common\X10nets.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SoundMan] - C:\WINDOWS\SOUNDMAN.EXE [77824 2005-03-24] (Realtek Semiconductor Corp.) HKLM\...\Run: [AGRSMMSG] - C:\WINDOWS\AGRSMMSG.exe [88363 2004-10-08] (Agere Systems) HKLM\...\Run: [AntivirusRegistration] - C:\Programme\CA\Etrust Antivirus\Register.exe [458752 2005-01-31] () HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [RemoteControl] - C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.) HKLM\...\Run: [PCMService] - C:\Programme\Home Cinema\PowerCinema\PCMService.exe [127118 2005-07-12] (CyberLink Corp.) HKLM\...\Run: [NWEReboot] - [x] HKLM\...\Run: [QuickTime Task] - C:\Programme\QuickTime\qttask.exe [98304 2005-07-25] (Apple Computer, Inc.) HKLM\...\Run: [IntelliPoint] - C:\Programme\Microsoft IntelliPoint\ipoint.exe [461584 2005-12-05] (Microsoft Corporation) HKLM\...\Run: [avgnt] - C:\Programme\Avira\AntiVir Desktop\avgnt.exe [348664 2012-07-18] (Avira Operations GmbH & Co. KG) HKCU\...\Run: [AOLMIcon] - C:\Programme\Gemeinsame Dateien\aolshare\AolMIcon.exe [701440 2004-05-28] (AOL Deutschland) HKCU\...\Run: [T-Online_Software_6\WLAN-Access Finder] - C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe [626740 2005-08-12] (T-Online International AG, Marmiko IT-Solutions GmbH) HKCU\...\Run: [MSMSGS] - C:\Programme\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKCU\...\Run: [updateMgr] - C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated) HKCU\...\Run: [ICQ] - "C:\Programme\ICQ6\ICQ.exe" silent HKU\Default User\...\Run: [AOLMIcon] - C:\Programme\Gemeinsame Dateien\aolshare\AolMIcon.exe [ 2004-05-28] (AOL Deutschland) HKU\BENUTZERNAME.NAME-46E1A3ACCA\...\Run: [AOLMIcon] - C:\Programme\Gemeinsame Dateien\aolshare\AolMIcon.exe [ 2004-05-28] (AOL Deutschland) HKU\BENUTZERNAME.NAME-46E1A3ACCA\...\Run: [T-Online_Software_6\WLAN-Access Finder] - C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe [ 2005-08-12] (T-Online International AG, Marmiko IT-Solutions GmbH) HKU\BENUTZERNAME.NAME-46E1A3ACCA\...\Run: [InfoCockpit] - C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE /nosplash Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk ShortcutTarget: Adobe Reader - Schnellstart.lnk -> C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://www.medion.com HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1106131526\ICQToolBar.dll (ICQ) SearchScopes: HKCU - DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb178/?a=6OyMwHymPD&loc=skw&search={searchTerms} SearchScopes: HKCU - {41F2BB15-BDF6-4939-977D-A4ADF0CBA98B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms} SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb178/?a=6OyMwHymPD&loc=skw&search={searchTerms} BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) Toolbar: HKLM - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1106131526\ICQToolBar.dll (ICQ) Toolbar: HKLM - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) Toolbar: HKCU - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1106131526\ICQToolBar.dll (ICQ) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122288696609 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://vpn.kit.edu/dana-cached/setup/JuniperSetupSP1.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.kit.edu/dana-cached/sc/JuniperSetupClient.cab Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) ========================== Services (Whitelisted) ================= R2 ACS; C:\WINDOWS\system32\acs.exe [36864 2004-07-12] () R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [86224 2012-07-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [110032 2012-07-18] (Avira Operations GmbH & Co. KG) R2 CLCapSvc; C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe [221281 2005-06-20] () R2 CLSched; C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe [110687 2005-06-20] () R2 CyberLink Media Library Service; C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [61440 2005-06-20] (Cyberlink) R2 dsNcService; C:\Programme\Juniper Networks\Common Files\dsNcService.exe [615720 2009-12-09] (Juniper Networks) R2 ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [247608 2010-11-21] () R2 MZCCntrl; C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [65536 2005-04-23] (T-Online International AG, Marmiko IT-Solutions GmbH) R2 Web Assistant; C:\Programme\Web Assistant\ExtensionUpdaterService.exe [188760 2013-06-30] () R2 Web Assistant Updater; C:\Programme\Web Assistant\ExtensionUpdaterService.exe [188760 2013-06-30] () S3 WmcCds; c:\programme\windows media connect\mswmccds.exe [483328 2004-08-10] (Microsoft Corporation) S3 WmcCdsLs; C:\Programme\Windows Media Connect\mswmcls.exe [28160 2004-08-10] (Microsoft Corporation) R3 x10nets; C:\Programme\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) ==================== Drivers (Whitelisted) ==================== R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [799744 2005-06-08] (Philips Semiconductors GmbH) R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [2314560 2005-03-25] (Realtek Semiconductor Corp.) R3 AR5211; C:\Windows\System32\DRIVERS\ar5211.sys [411680 2005-01-21] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-07-18] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-07-18] (Avira GmbH) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2012-07-18] (Avira GmbH) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2009-12-09] (Juniper Networks) S3 MACNDIS5; C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys [16896 2004-03-01] (Marmiko IT-Solutions GmbH) R2 MDC8021X; C:\Windows\System32\DRIVERS\mdc8021x.sys [15781 2006-02-05] (Meetinghouse Data Communications) S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 PCANDIS5; C:\T-Online\BSW4\T-DSL Treiber\PCANDIS5.SYS [16068 2000-10-15] (Printing Communications Assoc., Inc. (PCAUSA)) R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [53920 2004-08-09] (Protection Technology) R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [114016 2004-08-09] (Protection Technology) R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH) R3 TDSLAdapter; C:\Windows\System32\DRIVERS\TDSLAdap.sys [47616 2001-02-12] (T-Online International AG) S3 TDSLProtocol; C:\Windows\System32\DRIVERS\TDSLProt.sys [6688 2001-02-12] (T-Online International AG) S3 X10UIF; C:\Windows\System32\Drivers\x10uif.sys [10761 2001-11-14] (X10 Wireless Technology, Inc.) S3 FanatecWheelFilterUsb; system32\DRIVERS\FWFilterUsb.sys [x] U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 wanatw; system32\DRIVERS\wanatw4.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-11 13:28 - 2014-01-11 17:16 - 00013088 _____ C:\Dokumente und Einstellungen\BENUTZERNAME\Desktop\FRST.txt 2014-01-11 13:26 - 2014-01-11 13:26 - 00000000 ____D C:\FRST 2014-01-11 13:24 - 2014-01-11 13:24 - 01220096 _____ (Farbar) C:\Dokumente und Einstellungen\BENUTZERNAME\Desktop\FRST.exe 2014-01-11 13:17 - 2014-01-11 13:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$ 2014-01-11 13:10 - 2014-01-11 13:24 - 00003629 _____ C:\WINDOWS\KB2893294.log 2014-01-11 13:09 - 2014-01-11 13:25 - 00004167 _____ C:\WINDOWS\KB2904266.log 2014-01-11 13:09 - 2014-01-11 13:09 - 00002761 _____ C:\WINDOWS\KB2898715.log 2014-01-11 13:09 - 2014-01-11 13:09 - 00000000 ____D C:\WINDOWS\LastGood 2014-01-08 13:31 - 2014-01-11 13:10 - 00004209 _____ C:\WINDOWS\KB2893984.log 2014-01-08 13:26 - 2014-01-11 13:10 - 00003695 _____ C:\WINDOWS\KB2892075.log 2014-01-08 11:00 - 2014-01-08 11:00 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware 2014-01-08 11:00 - 2014-01-08 11:00 - 00000000 ____D C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\Malwarebytes 2014-01-08 11:00 - 2014-01-08 11:00 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware 2014-01-08 11:00 - 2014-01-08 11:00 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2014-01-08 11:00 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-01-08 10:57 - 2014-01-07 20:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Dokumente und Einstellungen\BENUTZERNAME\Desktop\mbam-setup-1.75.0.1300.exe 2013-12-21 20:40 - 2013-12-21 20:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$ 2013-12-21 20:40 - 2013-12-21 20:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$ 2013-12-21 20:39 - 2013-12-21 20:40 - 00006360 _____ C:\WINDOWS\KB2900986.log 2013-12-21 20:37 - 2013-12-21 20:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$ 2013-12-21 20:29 - 2013-12-21 20:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$ 2013-12-19 21:27 - 2013-12-21 20:40 - 00012030 _____ C:\WINDOWS\KB2868626.log 2013-12-19 21:24 - 2013-12-21 20:39 - 00011150 _____ C:\WINDOWS\KB2862152.log 2013-12-19 21:23 - 2013-12-21 20:31 - 00010965 _____ C:\WINDOWS\KB2876331.log ==================== One Month Modified Files and Folders ======= 2014-01-11 17:16 - 2014-01-11 13:28 - 00013088 _____ C:\Dokumente und Einstellungen\BENUTZERNAME\Desktop\FRST.txt 2014-01-11 15:59 - 2005-07-25 09:50 - 01745568 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-11 13:26 - 2014-01-11 13:26 - 00000000 ____D C:\FRST 2014-01-11 13:25 - 2014-01-11 13:09 - 00004167 _____ C:\WINDOWS\KB2904266.log 2014-01-11 13:25 - 2007-02-19 13:06 - 00894422 _____ C:\WINDOWS\system32\TZLog.log 2014-01-11 13:25 - 2005-07-25 10:44 - 03184886 _____ C:\WINDOWS\FaxSetup.log 2014-01-11 13:25 - 2005-07-25 10:44 - 01528365 _____ C:\WINDOWS\ocgen.log 2014-01-11 13:25 - 2005-07-25 10:44 - 01224142 _____ C:\WINDOWS\tsoc.log 2014-01-11 13:25 - 2005-07-25 10:44 - 01003537 _____ C:\WINDOWS\comsetup.log 2014-01-11 13:25 - 2005-07-25 10:44 - 00608181 _____ C:\WINDOWS\ntdtcsetup.log 2014-01-11 13:25 - 2005-07-25 10:44 - 00509303 _____ C:\WINDOWS\iis6.log 2014-01-11 13:25 - 2005-07-25 10:44 - 00165749 _____ C:\WINDOWS\ocmsn.log 2014-01-11 13:25 - 2005-07-25 10:44 - 00159182 _____ C:\WINDOWS\msgsocm.log 2014-01-11 13:25 - 2005-07-25 10:44 - 00001374 _____ C:\WINDOWS\imsins.log 2014-01-11 13:24 - 2014-01-11 13:24 - 01220096 _____ (Farbar) C:\Dokumente und Einstellungen\BENUTZERNAME\Desktop\FRST.exe 2014-01-11 13:24 - 2014-01-11 13:10 - 00003629 _____ C:\WINDOWS\KB2893294.log 2014-01-11 13:24 - 2013-08-10 15:44 - 00058212 _____ C:\WINDOWS\setupapi.log 2014-01-11 13:17 - 2014-01-11 13:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$ 2014-01-11 13:12 - 2009-12-29 15:10 - 00000422 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{5C81DEF5-A358-49FD-A9DB-75A19050A12A}.job 2014-01-11 13:10 - 2014-01-08 13:31 - 00004209 _____ C:\WINDOWS\KB2893984.log 2014-01-11 13:10 - 2014-01-08 13:26 - 00003695 _____ C:\WINDOWS\KB2892075.log 2014-01-11 13:09 - 2014-01-11 13:09 - 00002761 _____ C:\WINDOWS\KB2898715.log 2014-01-11 13:09 - 2014-01-11 13:09 - 00000000 ____D C:\WINDOWS\LastGood 2014-01-11 13:07 - 2005-07-25 18:33 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2014-01-11 13:07 - 2005-07-25 10:47 - 00000159 _____ C:\WINDOWS\wiadebug.log 2014-01-11 13:07 - 2005-07-25 10:47 - 00000050 _____ C:\WINDOWS\wiaservc.log 2014-01-11 13:07 - 2005-07-25 09:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-08 15:14 - 2005-09-20 13:42 - 00000190 ___SH C:\Dokumente und Einstellungen\BENUTZERNAME\ntuser.ini 2014-01-08 15:14 - 2005-09-20 13:42 - 00000000 ____D C:\Dokumente und Einstellungen\BENUTZERNAME 2014-01-08 15:14 - 2005-07-25 09:55 - 00032622 _____ C:\WINDOWS\SchedLgU.Txt 2014-01-08 13:24 - 2006-08-11 12:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB921883$ 2014-01-08 13:22 - 2006-02-16 15:11 - 00000000 ____D C:\Programme\ICQToolbar 2014-01-08 13:22 - 2005-07-25 10:44 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Dokumente 2014-01-08 11:41 - 2005-07-25 12:07 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2014-01-08 11:23 - 2005-07-25 09:55 - 00000000 __SHD C:\Dokumente und Einstellungen\LocalService 2014-01-08 11:00 - 2014-01-08 11:00 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware 2014-01-08 11:00 - 2014-01-08 11:00 - 00000000 ____D C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\Malwarebytes 2014-01-08 11:00 - 2014-01-08 11:00 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware 2014-01-08 11:00 - 2014-01-08 11:00 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2014-01-08 11:00 - 2005-07-25 10:44 - 00000000 ___RD C:\Programme 2014-01-08 11:00 - 2005-07-25 10:44 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme 2014-01-07 20:48 - 2014-01-08 10:57 - 10285040 _____ (Malwarebytes Corporation ) C:\Dokumente und Einstellungen\BENUTZERNAME\Desktop\mbam-setup-1.75.0.1300.exe 2013-12-21 20:40 - 2013-12-21 20:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$ 2013-12-21 20:40 - 2013-12-21 20:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$ 2013-12-21 20:40 - 2013-12-21 20:39 - 00006360 _____ C:\WINDOWS\KB2900986.log 2013-12-21 20:40 - 2013-12-19 21:27 - 00012030 _____ C:\WINDOWS\KB2868626.log 2013-12-21 20:40 - 2005-07-25 11:59 - 00444454 _____ C:\WINDOWS\updspapi.log 2013-12-21 20:40 - 2005-07-25 10:44 - 00001393 _____ C:\WINDOWS\imsins.BAK 2013-12-21 20:39 - 2013-12-19 21:24 - 00011150 _____ C:\WINDOWS\KB2862152.log 2013-12-21 20:37 - 2013-12-21 20:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$ 2013-12-21 20:31 - 2013-12-19 21:23 - 00010965 _____ C:\WINDOWS\KB2876331.log 2013-12-21 20:29 - 2013-12-21 20:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$ 2013-12-21 20:14 - 2013-08-16 07:57 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-12-21 19:55 - 2005-07-25 09:49 - 00345693 _____ C:\WINDOWS\wmsetup.log 2013-12-21 19:47 - 2005-07-25 12:00 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe Zu Rechner 4 hab ich keinen Zugang mehr. War eben nur ein Laptop. Hab den Besitzer schon mal gewarnt, dass der Rechner infiziert sein könnte. Vielen Dank für die Hilfe |
12.01.2014, 08:45 | #9 |
/// the machine /// TB-Ausbilder | Spammails werden aus Netzwerk verschickt Ja, Rechner 3 kann da schon mehr
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
12.01.2014, 21:29 | #10 |
| Spammails werden aus Netzwerk verschickt Okay, danke für die Einschätzung. Hab mir jetzt doch mal die LogFiles von Rechner 4 zuschicken lassen. Code:
ATTFilter 12.01.2014 18:17:45 MBAM-log-2014-01-12 (18-30-54).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 197153 Laufzeit: 12 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 14 c:\users\BENUTZERNAME\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\windows\serviceprofiles\localservice\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\windows\temp\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\BENUTZERNAME\appdata\local\syshost.exe (Exploit.Drop.GSLAD) -> Keine Aktion durchgeführt. c:\windows\serviceprofiles\localservice\appdata\local\syshost.exe (Exploit.Drop.GSLAD) -> Keine Aktion durchgeführt. c:\windows\serviceprofiles\networkservice\appdata\local\syshost.exe (Exploit.Drop.GSLAD) -> Keine Aktion durchgeführt. c:\windows\system32\config\systemprofile\appdata\local\syshost.exe (Exploit.Drop.GSLAD) -> Keine Aktion durchgeführt. c:\users\BENUTZERNAME\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\public\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\windows\serviceprofiles\localservice\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\windows\serviceprofiles\networkservice\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\windows\system32\config\systemprofile\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\windows\syshost.exe (Trojan.Downloader) -> Keine Aktion durchgeführt. (Ende) FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2014 01 Ran by BENUTZERNAME (administrator) on VOGT-NB on 12-01-2014 18:38:36 Running from C:\Users\BENUTZERNAME\Downloads Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Farbar) C:\Users\BENUTZERNAME\Downloads\FRST(1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-02-14] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) HKCU\...\Run: [syshost32] - C:\Users\BENUTZERNAME\AppData\Local\{0D5CCA6C-BE5C-6826-A097-1F118034549F}\syshost.exe [86528 2014-01-03] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7BA96E347B03CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jre-6u7-windows-i586-p-s.exe?AuthParam=1360180396_2ceeabeffd890e19f85ed5b2aa8d944a&GroupName=JSC&FilePath=/ESD44/JSCDL/jdk/6u7/jre-6u7-windows-i586-p-s.exe&File=jre-6u7-windows-i586-p-s.exe&BHost=javadl.sun.com DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\..\Interfaces\{3745AD6A-3B2F-4B51-A280-F2776C8ECB82}: [NameServer]195.34.133.21,195.34.133.22 FireFox: ======== FF ProfilePath: C:\Users\BENUTZERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\s9u30li6.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml ========================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-02-14] (Advanced Micro Devices, Inc.) R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1320120 2013-11-01] (Microsoft Corporation) U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{a720026c-7071-a2b7-bfac-0968e20b2e78}\ \...\???\{a720026c-7071-a2b7-bfac-0968e20b2e78}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70784 2011-12-13] (Advanced Micro Devices) R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34944 2011-12-13] (Advanced Micro Devices) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [46720 2012-02-01] (Advanced Micro Devices) R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.) R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [19024 2009-07-14] () R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [31232 2010-11-20] () S4 crcdisk; C:\Windows\system32\drivers\crcdisk.sys [22096 2009-07-14] () R1 CSC; C:\Windows\System32\drivers\csc.sys [388096 2010-11-20] () R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2010-11-20] () R1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-14] () R0 Disk; C:\Windows\System32\drivers\disk.sys [57424 2009-07-14] () S3 dmvsc; C:\Windows\system32\drivers\dmvsc.sys [62464 2010-11-20] () S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5120 2009-07-14] () R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [728424 2013-04-10] () S3 ebdrv; C:\Windows\system32\drivers\evbdx.sys [3100160 2009-07-13] () S3 elxstor; C:\Windows\system32\drivers\elxstor.sys [453712 2009-07-14] () S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [7168 2009-07-14] () S3 exfat; C:\Windows\System32\Drivers\exfat.sys [142336 2009-07-14] () R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [148480 2009-07-14] () S3 fdc; C:\Windows\system32\drivers\fdc.sys [25088 2009-07-14] () R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58448 2009-07-14] () S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-14] () S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [19968 2009-07-14] () R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [198208 2009-07-14] () S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [46160 2009-07-14] () U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [19824 2012-03-01] () R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [196328 2013-01-24] () S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [57936 2009-07-14] () S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-13] () R3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [304128 2010-11-20] () R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [108544 2010-11-20] () S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [21504 2009-07-14] () S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [91136 2009-07-14] () S3 HidIr; C:\Windows\system32\drivers\hidir.sys [37888 2009-07-14] () S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [24064 2010-11-20] () S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [67152 2009-07-14] () R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513536 2010-11-20] () R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14208 2010-11-20] () R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [80896 2009-07-14] () S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [332160 2011-03-11] () S3 iirsp; C:\Windows\system32\drivers\iirsp.sys [41040 2009-07-14] () S3 intelide; C:\Windows\system32\drivers\intelide.sys [15424 2009-07-14] () S3 intelppm; C:\Windows\system32\drivers\intelppm.sys [53760 2009-07-14] () S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] () S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [65536 2010-11-20] () S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-14] () S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-14] () S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [46656 2009-07-14] () S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [233344 2010-11-20] () R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [42576 2009-07-14] () S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [28160 2010-11-20] () R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [67440 2012-06-02] () R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [134000 2012-06-02] () R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] () S3 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [95824 2009-07-14] () S3 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [89168 2009-07-14] () S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [54864 2009-07-14] () S3 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [96848 2009-07-14] () R2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-14] () S3 megasas; C:\Windows\system32\drivers\megasas.sys [30800 2009-07-14] () S3 MegaSR; C:\Windows\system32\drivers\MegaSR.sys [235584 2009-07-14] () S3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-14] () R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] () R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [41552 2009-07-14] () S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [26112 2009-07-14] () R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78208 2010-11-20] () S3 mpio; C:\Windows\system32\drivers\mpio.sys [130432 2010-11-20] () S3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] () S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2010-11-20] () R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123904 2011-04-27] () R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [223744 2011-07-09] () R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [96768 2011-04-27] () R0 msahci; C:\Windows\System32\drivers\msahci.sys [28032 2010-11-20] () S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [116096 2010-11-20] () R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [22528 2009-07-14] () S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] () R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [13888 2009-07-14] () S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] () S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] () S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-14] () S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [162896 2009-07-14] () R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [28240 2009-07-14] () S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-14] () S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [12288 2009-07-14] () R0 Mup; C:\Windows\System32\Drivers\mup.sys [49728 2009-07-14] () R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] () R0 NDIS; C:\Windows\System32\drivers\ndis.sys [712048 2012-08-22] () S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] () R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] () R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [46080 2010-11-20] () R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2010-11-20] () R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [48640 2010-11-20] () R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] () R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2010-11-20] () S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [44624 2009-07-14] () R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [35328 2009-07-14] () R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] () R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1211752 2013-04-12] () R1 Null; C:\Windows\System32\Drivers\Null.sys [4608 2009-07-14] () S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [117120 2011-03-11] () S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [143744 2011-03-11] () S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [105024 2009-07-14] () S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62464 2009-07-14] () S3 Parport; C:\Windows\system32\drivers\parport.sys [79360 2009-07-14] () R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [56176 2012-03-17] () S2 Parvdm; C:\Windows\system32\drivers\parvdm.sys [8704 2009-07-14] () R0 pci; C:\Windows\System32\drivers\pci.sys [153984 2010-11-20] () S3 pciide; C:\Windows\system32\drivers\pciide.sys [12368 2009-07-14] () S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [180288 2009-07-14] () R0 pcw; C:\Windows\System32\drivers\pcw.sys [43088 2009-07-14] () R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-14] () R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] () S3 Processor; C:\Windows\system32\drivers\processr.sys [52224 2009-07-14] () R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] () S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1383488 2009-07-14] () S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [106064 2009-07-14] () S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] () S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] () R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] () R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] () R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] () R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] () R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [242688 2010-11-20] () R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [18944 2009-07-14] () R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2010-11-20] () S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [133632 2010-11-20] () R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] () R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] () S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [183808 2012-04-28] () R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173440 2010-11-20] () R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [197224 2012-04-12] () R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] () R3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [521320 2012-04-06] () S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [5632 2010-11-20] () S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [85376 2010-11-20] () S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2010-11-20] () R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [20480 2009-07-13] () S3 Serenum; C:\Windows\system32\drivers\serenum.sys [17920 2009-07-14] () S3 Serial; C:\Windows\system32\drivers\serial.sys [83456 2009-07-14] () S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [19968 2009-07-14] () S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [11264 2009-07-14] () S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2009-07-14] () S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2010-11-20] () S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [13824 2009-07-14] () S3 sisagp; C:\Windows\system32\drivers\sisagp.sys [52304 2009-07-14] () S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [40016 2009-07-14] () S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [77888 2009-07-14] () S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] () R0 spldr; C:\Windows\System32\Drivers\spldr.sys [17472 2009-07-14] () R3 srv; C:\Windows\System32\DRIVERS\srv.sys [311808 2011-04-29] () R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [310272 2011-04-29] () R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114688 2011-04-29] () S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [21072 2009-07-14] () R0 storflt; C:\Windows\System32\drivers\vmstorfl.sys [40704 2010-11-20] () S3 storvsc; C:\Windows\system32\drivers\storvsc.sys [28032 2010-11-20] () R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12240 2009-07-14] () R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1293760 2013-07-06] () S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1293760 2013-07-06] () R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [35328 2012-10-03] () S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [18432 2010-11-20] () S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24576 2012-02-17] () R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2010-11-20] () R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [53120 2010-11-20] () S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2013-06-15] () S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [52224 2010-11-20] () S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [27264 2010-11-20] () R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2010-11-20] () S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [55888 2009-07-14] () S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2010-11-20] () S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [57424 2009-07-14] () R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [39936 2010-11-20] () S3 UmPass; C:\Windows\system32\drivers\umpass.sys [8192 2009-07-14] () R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [75776 2011-03-25] () S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2009-07-14] () R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [43008 2011-03-25] () R3 usbfilter; C:\Windows\System32\DRIVERS\usbfilter.sys [44160 2011-12-14] () R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2011-03-25] () R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [20480 2011-03-25] () S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-14] () S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [35840 2009-07-14] () S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [76288 2011-03-11] () S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [24064 2011-03-25] () R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [146432 2010-11-20] () R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [32832 2009-07-14] () S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] () R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] () S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [160128 2010-11-20] () S3 viaagp; C:\Windows\system32\drivers\viaagp.sys [53328 2009-07-14] () S3 ViaC7; C:\Windows\system32\drivers\viac7.sys [52736 2009-07-14] () S3 viaide; C:\Windows\system32\drivers\viaide.sys [16976 2009-07-14] () S3 vmbus; C:\Windows\system32\drivers\vmbus.sys [175360 2010-11-20] () S3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [17920 2010-11-20] () R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [53120 2010-11-20] () R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] () R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [245632 2010-11-20] () S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [141904 2009-07-14] () R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-14] () R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-14] () S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [21632 2009-07-14] () S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] () R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] () S3 Wd; C:\Windows\system32\drivers\wd.sys [19024 2009-07-14] () R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [526952 2012-07-26] () R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] () S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [19008 2009-07-14] () R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [11264 2009-07-14] () S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] () S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-26] () S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-26] () U5 7029c455ca8a987e; C:\Windows\System32\Drivers\7029c455ca8a987e.sys [61184 2013-08-19] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-12 18:38 - 2014-01-12 18:38 - 00022343 _____ C:\Users\BENUTZERNAME\Downloads\FRST.txt 2014-01-12 18:37 - 2014-01-12 18:38 - 01219584 _____ (Farbar) C:\Users\BENUTZERNAME\Downloads\FRST(1).exe 2014-01-12 18:26 - 2014-01-12 18:26 - 01219584 _____ (Farbar) C:\Users\BENUTZERNAME\Downloads\FRST.exe 2014-01-12 18:26 - 2014-01-12 18:26 - 00000000 ____D C:\FRST 2014-01-12 18:21 - 2014-01-12 18:21 - 02075136 _____ (Farbar) C:\Users\BENUTZERNAME\Downloads\FRST64.exe 2013-12-23 08:29 - 2013-12-23 08:30 - 00000000 ____D C:\Program Files\Microsoft Office 15 2013-12-23 08:28 - 2013-12-23 08:28 - 00575168 _____ (Microsoft Corporation) C:\Users\BENUTZERNAME\Downloads\Setup.X86.de-de_O365ProPlusRetail_9074592d-cf43-4b02-b0cc-23e43fdf7f6f_TX_PR_.exe 2013-12-20 15:34 - 2013-12-20 15:34 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-12-13 20:54 - 2013-12-13 20:54 - 00000000 ____D C:\Users\BENUTZERNAME\AppData\Roaming\Juniper Networks 2013-12-13 20:54 - 2013-12-13 20:54 - 00000000 ____D C:\Users\BENUTZERNAME\AppData\Local\Juniper Networks 2013-12-13 20:53 - 2013-12-13 20:53 - 01791800 _____ (Juniper Networks, Inc.) C:\Users\BENUTZERNAME\Downloads\JuniperSetupClientInstaller.exe ==================== One Month Modified Files and Folders ======= 2014-01-12 18:38 - 2014-01-12 18:38 - 00022343 _____ C:\Users\BENUTZERNAME\Downloads\FRST.txt 2014-01-12 18:38 - 2014-01-12 18:37 - 01219584 _____ (Farbar) C:\Users\BENUTZERNAME\Downloads\FRST(1).exe 2014-01-12 18:36 - 2013-10-05 20:14 - 00000000 ____D C:\Users\BENUTZERNAME\AppData\Roaming\Skype 2014-01-12 18:34 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-12 18:34 - 2009-07-14 05:39 - 00080410 _____ C:\Windows\setupact.log 2014-01-12 18:34 - 2009-07-14 05:34 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-12 18:34 - 2009-07-14 05:34 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-12 18:34 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Help 2014-01-12 18:26 - 2014-01-12 18:26 - 01219584 _____ (Farbar) C:\Users\BENUTZERNAME\Downloads\FRST.exe 2014-01-12 18:26 - 2014-01-12 18:26 - 00000000 ____D C:\FRST 2014-01-12 18:23 - 2013-02-05 09:34 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-12 18:21 - 2014-01-12 18:21 - 02075136 _____ (Farbar) C:\Users\BENUTZERNAME\Downloads\FRST64.exe 2014-01-12 11:49 - 2013-02-04 15:22 - 01735051 _____ C:\Windows\WindowsUpdate.log 2014-01-08 17:24 - 2013-02-05 10:13 - 00000000 ____D C:\Users\BENUTZERNAME\Desktop\Schach 2014-01-03 17:56 - 2013-08-19 20:00 - 00000000 ____D C:\Users\BENUTZERNAME\AppData\Local\{0D5CCA6C-BE5C-6826-A097-1F118034549F} 2013-12-26 18:50 - 2013-02-05 10:13 - 00000000 ____D C:\Users\BENUTZERNAME\Desktop\Jusos 2013-12-25 22:55 - 2010-11-20 22:01 - 01526758 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-23 13:14 - 2010-11-20 22:48 - 00015242 _____ C:\Windows\PFRO.log 2013-12-23 13:14 - 2009-07-14 05:33 - 00436088 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-23 11:18 - 2013-02-04 16:20 - 00110568 _____ C:\Users\BENUTZERNAME\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-23 10:59 - 2013-02-06 11:13 - 00000000 ____D C:\Program Files\Microsoft Office 2013-12-23 10:59 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-12-23 10:58 - 2013-02-06 11:24 - 00000000 ____D C:\Program Files\Common Files\Designer 2013-12-23 10:58 - 2011-04-12 02:39 - 00000000 ____D C:\Windows\ShellNew 2013-12-23 10:58 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\System 2013-12-23 09:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-12-23 09:38 - 2013-02-05 09:06 - 00000000 ____D C:\Program Files\Microsoft.NET 2013-12-23 08:30 - 2013-12-23 08:29 - 00000000 ____D C:\Program Files\Microsoft Office 15 2013-12-23 08:28 - 2013-12-23 08:28 - 00575168 _____ (Microsoft Corporation) C:\Users\BENUTZERNAME\Downloads\Setup.X86.de-de_O365ProPlusRetail_9074592d-cf43-4b02-b0cc-23e43fdf7f6f_TX_PR_.exe 2013-12-22 13:23 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF 2013-12-20 19:29 - 2013-02-05 09:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-12-20 15:34 - 2013-12-20 15:34 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-12-13 20:54 - 2013-12-13 20:54 - 00000000 ____D C:\Users\BENUTZERNAME\AppData\Roaming\Juniper Networks 2013-12-13 20:54 - 2013-12-13 20:54 - 00000000 ____D C:\Users\BENUTZERNAME\AppData\Local\Juniper Networks 2013-12-13 20:53 - 2013-12-13 20:53 - 01791800 _____ (Juniper Networks, Inc.) C:\Users\BENUTZERNAME\Downloads\JuniperSetupClientInstaller.exe ZeroAccess: C:\Users\BENUTZERNAME\AppData\Local\Google\Desktop\Install ZeroAccess: C:\Program Files\Google\Desktop\Install Some content of TEMP: ==================== C:\Users\BENUTZERNAME\AppData\Local\Temp\InstallFlashPlayer.exe C:\Users\BENUTZERNAME\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\BENUTZERNAME\AppData\Local\Temp\OfficeSetup.exe C:\Users\BENUTZERNAME\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2010-11-20 22:29] - [2010-11-20 22:29] - 0245632 ____A () D41D8CD98F00B204E9800998ECF8427E C:\Windows\System32\Drivers\volsnap.sys IS INFECTED. <===== ATTENTION! ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender LastRegBack: 2014-01-07 19:59 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2014 01 Ran by BENUTZERNAME at 2014-01-12 18:39:47 Running from C:\Users\BENUTZERNAME\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 7-Zip 9.20 (Version: - ) Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05 - Adobe Systems Incorporated) AMD APP SDK Runtime (Version: 10.0.898.1 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (Version: 3.0.868.0 - Advanced Micro Devices, Inc.) AMD Fuel (Version: 2012.0214.2218.39913 - Ihr Firmenname) Hidden AMD Media Foundation Decoders (Version: 1.0.70214.2220 - Advanced Micro Devices, Inc.) Hidden AMD Steady Video Plug-In (Version: 2.04.0000 - AMD) Hidden AMD VISION Engine Control Center (Version: 2012.0214.2218.39913 - Ihr Firmenname) Hidden Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (Version: 2012.0214.2218.39913 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (Version: 2012.0214.2218.39913 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (Version: 2012.0214.2218.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help English (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help French (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help German (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden ccc-utility (Version: 2012.0214.2218.39913 - Advanced Micro Devices, Inc.) Hidden Free YouTube to MP3 Converter version 3.12.11.812 (Version: 3.12.11.812 - DVDVideoSoft Ltd.) IrfanView (remove only) (Version: 4.35 - Irfan Skiljan) Java 7 Update 25 (Version: 7.0.250 - Oracle) Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden Juniper Networks, Inc. Setup Client (Version: 7.4.6.40675 - Juniper Networks, Inc.) Juniper Networks, Inc. Setup Client Activex Control (Version: 2.1.1.1 - Juniper Networks, Inc.) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Office 365 ProPlus - de-de (Version: 15.0.4551.1011 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla) Mozilla Maintenance Service (Version: 26.0 - Mozilla) Office 15 Click-to-Run Extensibility Component (Version: 15.0.4551.1011 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1011 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (Version: 15.0.4551.1011 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (Version: 7.54.309.2012 - Realtek) Realtek PCIE Card Reader (Version: 6.1.7601.29018 - Realtek Semiconductor Corp.) Skype(tm) 6.9 (Version: 6.9.106 - Skype Technologies S.A.) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {13B875DE-B183-42AB-8042-642A2CE84A49} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] () Task: {37C2F42F-57E4-447B-8BA4-2B4BC6BB0186} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] () Task: {43526F1C-1990-4A63-8F2A-B73FCDD0BB54} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-12-23] (Microsoft Corporation) Task: {4A04A8CA-7283-486C-9F7D-89F40835D4AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-12-23] (Microsoft Corporation) Task: {889EAD67-6FF1-446E-987A-374EBEFD6629} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated) Task: {95123784-0D48-4F9A-ABE6-BEEEAA763C7A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [2013-11-01] (Microsoft Corporation) Task: {E62D7802-AF2E-42F7-A9F2-36F20C927A5E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-12-23] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-12-20 15:34 - 2013-12-20 15:34 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2013-12-10 20:23 - 2013-12-10 20:23 - 16242056 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/12/2014 06:36:34 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/12/2014 03:59:31 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/12/2014 11:25:33 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2014 04:43:10 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2014 00:00:38 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/10/2014 05:02:34 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/09/2014 05:07:42 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/08/2014 08:02:08 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/08/2014 05:12:40 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/07/2014 07:10:34 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (01/12/2014 06:17:31 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht gestartet: %%31 Error: (01/12/2014 06:17:08 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht gestartet: %%31 Error: (01/09/2014 06:22:24 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsr?ckmeldung von Dienst lmhosts erreicht. Error: (01/06/2014 11:16:13 AM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT-AUTORIT?T) Description: 0xc00000a3E:0x0 Error: (01/06/2014 11:16:11 AM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (01/05/2014 05:01:50 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT-AUTORIT?T) Description: 0xc00000a3E:0x0 Error: (01/05/2014 05:01:48 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (12/29/2013 03:59:18 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (12/29/2013 03:59:17 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (12/29/2013 03:59:16 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Microsoft Office Sessions: ========================= Error: (01/12/2014 06:36:34 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/12/2014 03:59:31 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/12/2014 11:25:33 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2014 04:43:10 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2014 00:00:38 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/10/2014 05:02:34 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/09/2014 05:07:42 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/08/2014 08:02:08 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/08/2014 05:12:40 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/07/2014 07:10:34 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 49% Total physical RAM: 1641.37 MB Available physical RAM: 828.01 MB Total Pagefile: 3282.73 MB Available Pagefile: 2175.86 MB Total Virtual: 2047.88 MB Available Virtual: 1925.72 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:287.99 GB) (Free:247.23 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 3B99AC7F) Partition 1: (Not Active) - (Size=10 GB) - (Type=12) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=288 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
13.01.2014, 16:16 | #11 |
/// the machine /// TB-Ausbilder | Spammails werden aus Netzwerk verschickt Jaaa, der ist nett Zugriff auf diesen Rechner?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.01.2014, 20:14 | #12 |
| Spammails werden aus Netzwerk verschickt Ja, mehr oder weniger. Kann es zur Not immer auch an den Besitzer weiterleiten. |
14.01.2014, 10:19 | #13 |
/// the machine /// TB-Ausbilder | Spammails werden aus Netzwerk verschickt Und ab geht die Lutzi: Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.01.2014, 22:46 | #14 |
| Spammails werden aus Netzwerk verschickt Combofix Logfile: Code:
ATTFilter ComboFix 14-01-14.02 - BENUTZER 15.01.2014 20:07:43.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1641.823 [GMT 1:00] ausgeführt von:: c:\users\BENUTZER\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Google\Desktop\Install c:\program files\Google\Desktop\Install\{a720026c-7071-a2b7-bfac-0968e20b2e78}\9519~1\A535~1\E628~1\{a720026c-7071-a2b7-bfac-0968e20b2e78}\@ c:\program files\Google\Desktop\Install\{a720026c-7071-a2b7-bfac-0968e20b2e78}\9519~1\A535~1\E628~1\{a720026c-7071-a2b7-bfac-0968e20b2e78}\U\80000001.@ c:\users\BENUTZER\AppData\Local\Google\Desktop\Install c:\users\BENUTZER\AppData\Local\Google\Desktop\Install\{a720026c-7071-a2b7-bfac-0968e20b2e78}\2E2F~1\28F0~1\E628~1\{a720026c-7071-a2b7-bfac-0968e20b2e78}\@ c:\windows\PFRO.log c:\windows\system32\drivers\7029c455ca8a987e.sys . . . . Nicht in der Lage zu löschen . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_7029c455ca8a987e -------\Service_7029c455ca8a987e . . ((((((((((((((((((((((( Dateien erstellt von 2013-12-15 bis 2014-01-15 )))))))))))))))))))))))))))))) . . 2014-01-12 17:26 . 2014-01-12 17:26 -------- d-----w- C:\FRST 2013-12-23 07:57 . 2013-12-23 07:42 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2013-12-23 07:43 . 2013-12-23 08:38 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft 2013-12-23 07:29 . 2013-12-23 07:30 -------- d-----w- c:\program files\Microsoft Office 15 . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-01-15 19:19 . 2013-08-19 19:23 61184 ----a-w- c:\windows\system32\drivers\7029c455ca8a987e.sys 2013-12-10 19:23 . 2013-02-05 08:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-12-10 19:23 . 2013-02-05 08:34 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-12-23 08:02 1727176 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-12-23 08:02 1727176 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-12-23 08:02 1727176 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "syshost32"="c:\users\BENUTZER\AppData\Local\{0D5CCA6C-BE5C-6826-A097-1F118034549F}\syshost.exe" [2014-01-15 69120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - CFCATCHME *NewlyCreated* - WS2IFSL *Deregistered* - CFcatchme . Inhalt des "geplante Tasks" Ordners . 2014-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-05 19:23] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ TCP: Interfaces\{3745AD6A-3B2F-4B51-A280-F2776C8ECB82}: NameServer = 195.34.133.21,195.34.133.22 FF - ProfilePath - c:\users\BENUTZER\AppData\Roaming\Mozilla\Firefox\Profiles\s9u30li6.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.0_03" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.0_04" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.0_05" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1_01" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.3.1_01" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1_02" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.3.1_02" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1_03" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.3.1_03" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1_04" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.3.1_04" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1_05" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.3.1_05" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1_06" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.3.1_06" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1_07" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.3.1_07" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1_08" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.3.1_08" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1_09" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.3.1_09" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1_10" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.3.1_10" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1_11" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.3.1_11" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1_12" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.3.1_12" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1_13" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.3.1_13" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1_14" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.3.1_14" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1_15" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.3.1_15" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1_16" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.3.1_16" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1_17" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.3.1_17" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1_18" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.3.1_18" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1_19" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.3.1_19" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1_20" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.3.1_20" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.3.1_21" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.3.1_21" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.0" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.0" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.0_01" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.0_01" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.0_02" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.0_02" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.0_03" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.0_03" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.0_04" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.0_04" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.1" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.1" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.1_01" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.1_01" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.1_02" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.1_02" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.1_03" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.1_03" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.1_04" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.1_04" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.1_05" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.1_05" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.1_06" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.1_06" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.1_07" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.1_07" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_01" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_01" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_02" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_02" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_03" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_03" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_04" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_04" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_05" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_05" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_06" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_06" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_07" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_07" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_08" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_08" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_09" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_09" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_10" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_10" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_11" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_11" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_12" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_12" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_13" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_13" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_14" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_14" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_15" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_15" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_16" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_16" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_17" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_17" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_18" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_18" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_19" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_19" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_20" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_20" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_21" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_21" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_22" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_22" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_23" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_23" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_24" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_24" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_25" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_25" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_26" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_26" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_27" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_27" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_28" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_28" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_29" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_29" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_30" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_30" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_31" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_31" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_32" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_32" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_33" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_33" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_34" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_34" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_35" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_35" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_36" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_36" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_37" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_37" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_38" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_38" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_39" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_39" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_40" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_40" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_41" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_41" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_42" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_42" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0043-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2_43" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0043-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.4.2_43" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.4.2" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_01" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_01" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_01" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_02" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_02" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_02" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_03" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_03" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_03" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_04" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_04" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_04" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_05" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_05" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_05" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_06" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_06" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_06" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_07" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_07" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_07" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_08" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_08" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_08" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_09" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_09" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_09" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_10" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_10" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_10" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_11" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_11" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_11" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_12" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_12" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_12" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_13" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_13" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_13" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_14" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_14" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_14" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_15" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_15" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_15" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_16" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_16" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_16" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_17" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_17" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_17" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_18" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_18" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_18" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_19" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_19" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_19" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_20" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_20" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_20" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_21" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_21" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_21" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_22" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_22" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_22" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_23" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_23" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_23" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_24" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_24" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_24" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_25" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_25" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_25" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_26" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_26" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_26" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_27" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_27" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_27" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_28" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_28" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_28" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_29" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_29" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_29" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_30" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_30" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_30" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_31" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_31" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_31" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_32" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_32" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_32" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_33" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_33" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_33" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_34" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_34" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_34" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_35" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_35" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_35" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_36" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_36" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_36" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_37" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_37" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_37" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_38" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_38" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_38" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_39" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_39" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_39" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_40" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_40" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_40" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_41" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_41" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_41" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_42" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_42" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_42" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_43" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_43" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_43" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_44" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_44" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_44" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_45" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_45" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_45" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_46" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_46" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_46" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_47" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_47" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_47" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_48" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_48" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_48" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_49" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_49" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_49" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_50" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_50" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_50" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0_51" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.5.0_51" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.5.0_51" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.5.0" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_01" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_01" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_01" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_02" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_02" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_02" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_03" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_03" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_03" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_04" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_04" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_04" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_05" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_05" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_05" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_06" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_06" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_06" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_07" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_07" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_07" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_08" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_08" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_08" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_09" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_09" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_09" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_10" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_10" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_10" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_11" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_11" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_11" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_12" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_12" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_12" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_13" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_13" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_13" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_14" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_14" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_14" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_15" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_15" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_15" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_16" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_16" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_16" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_17" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_17" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_17" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_18" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_18" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_18" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_19" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_19" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_19" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_20" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_20" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_20" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_21" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_21" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_21" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_22" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_22" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_22" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_23" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_23" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_23" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_24" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_24" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_24" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_25" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_25" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_25" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_26" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_26" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_26" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_27" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_27" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_27" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_28" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_28" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_28" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_29" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_29" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_29" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_30" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_30" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_30" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_31" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_31" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_31" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_32" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_32" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_32" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_33" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_33" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_33" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_34" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_34" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_34" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_35" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_35" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_35" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_36" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_36" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_36" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_37" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_37" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_37" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_38" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_38" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_38" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_39" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_39" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_39" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_40" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_40" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_40" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_41" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_41" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_41" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_42" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_42" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_42" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_43" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_43" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_43" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_44" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_44" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_44" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_45" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_45" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_45" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_46" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_46" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_46" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_47" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_47" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_47" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_48" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_48" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_48" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_49" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_49" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_49" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_50" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_50" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_50" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0_51" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.6.0_51" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.6.0_51" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.6.0" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_01" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_01" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_01" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_02" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_02" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_02" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_03" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_03" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_03" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_04" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_04" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_04" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_05" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_05" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_05" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_06" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_06" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_06" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_07" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_07" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_07" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_08" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_08" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_08" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_09" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_09" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_09" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_10" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_10" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_10" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_11" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_11" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_11" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_12" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_12" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_12" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_13" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_13" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_13" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_14" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_14" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_14" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_15" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_15" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_15" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_16" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_16" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_16" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_17" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_17" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_17" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_18" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_18" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_18" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_19" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_19" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_19" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_20" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_20" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_20" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_21" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_21" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_21" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_22" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_22" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_22" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_23" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_23" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_23" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_24" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_24" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_24" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0_25" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBB}] @DACL=(02 0000) @="Java Plug-in 1.7.0_25" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBC}] @DACL=(02 0000) @="Java Plug-in 1.7.0_25" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}] @DACL=(02 0000) @="Java Plug-in 1.7.0" . [HKEY_USERS\S-1-5-21-1264551392-41845043-988687413-1000_Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}] @DACL=(02 0000) @="Java Plug-in 1.3.0_02" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\atiesrxx.exe c:\windows\system32\atieclxx.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe c:\program files\Microsoft Office 15\ClientX86\integratedoffice.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Zeit der Fertigstellung: 2014-01-15 20:24:42 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2014-01-15 19:24 . Vor Suchlauf: 7 Verzeichnis(se), 266.982.178.816 Bytes frei Nach Suchlauf: 10 Verzeichnis(se), 266.941.956.096 Bytes frei . - - End Of File - - A5D30B29159ABA820C7615B45393A4C4 --- --- --- A36C5E4F47E84449FF07ED3517B43A31 |
16.01.2014, 16:20 | #15 |
/// the machine /// TB-Ausbilder | Spammails werden aus Netzwerk verschickt Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |