| |
| |||||||
Log-Analyse und Auswertung: Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dllWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.05.2014, 12:26
| #1 |
| |  Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll Hallo, ich habe mal spaßeshalber einen vollständigen Scan mit MS Essentials gemacht und es wurde was gefunden. Angeblich wurde der PC neu aufgesetzt, nachdem es mal Probleme gab. Ich habe diesen Rechner gerade ausgeborgt bekommen und bin selbst viel zu paranoid, um irgendwelche heruntergeladenen Sachen anzupacken. Firefox (bzw. jetzt Aurora, Beta) ist mittels Noscript und Adblockplus gesichert. Ich habe mir einen Nicht-Admin-Nutzer angelegt. Es muss also vorher darauf gewesen sein oder nach Neuaufsetzen doch wieder was neues passiert sein, was aber mehr als 1 Jahr her ist. Ich habe außerdem ...Windows/prefetch verschoben, um zu sehen, was dort nach dem nächsten Start wieder auftaucht. Die alten Dateien sind dort von 2010... Achja, und die Firewallausnahmen hab ich noch reduziert, aber da schien a) nicht alles aufgeführt und b) nichts böses zu sein (habe Ditto und Spotify und Remoteunterstützung entfernt) Bumat!rts -> Quarantäne file:C:\Users\User\AppData\Roaming\5053\components\AcroFF6.dll Bafi.A -> "gelöscht" file:C:\Users\User\AppData\Roaming\5053\components\AcroFF.dll file:C:\Users\User\AppData\Roaming\5053\components\AcroFF0.dll file:C:\Users\User\AppData\Roaming\5053\components\AcroFF7.dll file:C:\Users\User\AppData\Roaming\5053\components\AcroFF8.dll file:C:\Users\User\AppData\Roaming\5054\components\AcroFF054.dll file:C:\Users\User\AppData\Roaming\5054\components\AcroFF0540.dll file:C:\Users\User\AppData\Roaming\5054\components\AcroFF0545.dll file:C:\Users\User\AppData\Roaming\5054\components\AcroFF0546.dll file:C:\Users\User\AppData\Roaming\5054\components\AcroFF0547.dll file:C:\Users\User\AppData\Roaming\5054\components\AcroFF0548.dll Bafi.D -> "gelöscht" file:C:\Users\User\AppData\Roaming\AcroIEHelpe.dll Brantall.C -> "gelöscht" file:C:\$Recycle.Bin\...\ssk_claro.exe Da ja das Löschen von Trojanern heute nicht mehr so einfach ist, ich mir aber den Ärger einer Neuinstallation sparen möchte, wende ich mich an euch. OTL mit den Settings aus einem anderen Thread (AcroFF*.dll), also Minimal Output, Extra Registry Use Safelist. Zusätzlich habe ich Datei-Alter auf 360 Tage gesetzt und Scanne alle Benutzer ausgewählt. Meine Frage wäre, ob ich noch ein anderes Antivirusprogramm nutzen muss, weil in eurer Log-Liste M$ Essentials nicht auftaucht. Malwarebytes' Anti Malware wäre dann meine Wahl OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.05.2014 13:10:45 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*Nutzer2-nonadmin*\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 44,25% Memory free 6,20 Gb Paging File | 4,79 Gb Available in Paging File | 77,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 295,79 Gb Total Space | 180,43 Gb Free Space | 61,00% Space Free | Partition Type: NTFS Computer Name: pcname | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days ========== Processes (SafeList) ========== PRC - C:\Users\*Nutzer2-nonadmin*\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Notepadpp\notepad++.exe (Don HO don.h@free.fr) PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder\phonostarTimer.exe () PRC - C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) PRC - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ce6c051500f9e64025b58921cc632f51\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fbf434299b068c463296945c12845734\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\73726634ae4a00a21279a6a66b081301\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d17ceca243fabda73eefb21d9bd072df\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f87e71868aedbc6c4e8fe7160d17c4ab\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\07d57714fff9db216537473f4a777f22\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d981bccab40fbbdc1d35bf2a58c947b7\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dll () MOD - C:\Program Files\Notepadpp\plugins\NppFTP.dll () MOD - C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder\phonostarTimer.exe () MOD - C:\Program Files\Notepadpp\plugins\NppExport.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll () ========== Services (SafeList) ========== SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe File not found SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TemproMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (huawei_ext_ctrl) -- system32\DRIVERS\ew_juextctrl.sys File not found DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found DRV - (huawei_cdcecm) -- system32\DRIVERS\ew_jucdcecm.sys File not found DRV - (huawei_cdcacm) -- system32\DRIVERS\ew_jucdcacm.sys File not found DRV - (ew_usbenumfilter) -- system32\DRIVERS\ew_usbenumfilter.sys File not found DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found DRV - (ENTECH) -- C:\Windows\system32\DRIVERS\ENTECH.sys File not found DRV - (MpKsl44b073e6) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FAB0CEBA-40FA-42DE-A594-958068AC8094}\MpKsl44b073e6.sys (Microsoft Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (QIOMem) -- C:\Windows\System32\drivers\QIOMem.sys (TOSHIBA) DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 03 EB EC 9B 7E CD 01 [binary data] IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\..\SearchScopes\{9DF002E3-B996-4600-858A-B63E2D74FB66}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1001\..\SearchScopes,DefaultScope = {8E07EE6C-A3D4-4FAA-990C-FF532FE46153} IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1001\..\SearchScopes\{8E07EE6C-A3D4-4FAA-990C-FF532FE46153}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A010DE739&p={SearchTerms} IE - HKU\S-1-5-21-3063606764-1177351860-3295820248-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014.05.05 23:57:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.05.05 23:57:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\User\AppData\Roaming\5054 [2011.12.09 12:35:15 | 000,000,000 | ---D | M] [2010.09.14 18:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2014.04.18 13:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\o3cx0grh.default-1397302169899\extensions [2014.05.05 23:57:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2014.05.05 23:58:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2014.05.19 22:04:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions [2014.05.19 22:05:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll ========== Chrome ========== CHR - default_search_provider: McAfee (Enabled) CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: SiteAdvisor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\ CHR - Extension: AT_AgathaRuizdelaPrada = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccdaldnlpmblnjpbboadeocpnclfcbm\2_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O3 - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File not found O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3063606764-1177351860-3295820248-1000..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe () O4 - HKU\S-1-5-21-3063606764-1177351860-3295820248-1001..\Run: [dradio-RecorderTimer] C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder\phonostarTimer.exe () O8 - Extra context menu item: Free YouTube Download - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O13 - gopher Prefix: missing O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F44477E-CBE7-4BEA-AEB0-4BA2C7E7641A}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46223214-E621-41AA-94EE-F9CE6C03F984}: DhcpNameServer = 83.169.186.97 83.169.186.33 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{361b7cc1-2b22-11e3-ba03-001e685fb673}\Shell - "" = AutoRun O33 - MountPoints2\{361b7cc1-2b22-11e3-ba03-001e685fb673}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{7dec3415-bc19-11df-863f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7dec3415-bc19-11df-863f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe O33 - MountPoints2\{95a712e7-3a24-11e2-abc2-001e685fb673}\Shell - "" = AutoRun O33 - MountPoints2\{95a712e7-3a24-11e2-abc2-001e685fb673}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{d24006bf-29ea-11e3-bc5b-001e685fb673}\Shell - "" = AutoRun O33 - MountPoints2\{d24006bf-29ea-11e3-bc5b-001e685fb673}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d24006ec-29ea-11e3-bc5b-001e685fb673}\Shell - "" = AutoRun O33 - MountPoints2\{d24006ec-29ea-11e3-bc5b-001e685fb673}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 360 Days ========== [2014.05.22 11:47:26 | 000,000,000 | ---D | C] -- C:\oldprefetch [2014.05.19 21:50:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Ditto [2014.05.17 00:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2014.05.17 00:18:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2014.05.14 02:36:09 | 017,352,880 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2014.05.13 15:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Autohotkey [2014.05.13 15:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto [2014.05.13 15:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ditto [2014.05.12 12:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2014.05.12 11:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\mp3directcut [2014.05.10 10:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Notepadpp [2014.05.05 23:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2014.04.18 13:42:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\vlc [2014.04.16 11:14:03 | 000,000,000 | ---D | C] -- C:\Windows\pss [2014.04.16 10:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2014.04.16 10:08:22 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2014.04.13 18:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2014.04.13 18:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2014.04.13 16:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2 [2014.04.13 16:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\LibreOffice 4 [2014.04.12 13:39:35 | 000,000,000 | ---D | C] -- C:\Windows\Migration [2014.04.12 13:35:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2014.04.12 13:35:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2014.04.12 13:35:13 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2014.04.12 13:35:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2014.04.12 13:35:11 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2014.04.12 13:35:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2014.04.12 13:35:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2014.04.12 13:29:40 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Alte Firefox-Daten [2014.04.12 12:35:42 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2014.04.12 12:35:38 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2014.04.12 12:35:10 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll [2014.04.12 12:29:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2014.03.31 22:46:48 | 001,070,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX [2014.03.31 22:46:48 | 000,130,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL [2014.03.11 09:52:30 | 000,104,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys [2014.01.16 02:40:14 | 000,487,016 | ---- | C] (McAfee, Inc.) -- C:\SecurityScanner.dll [2013.12.11 22:24:09 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll [2013.12.11 22:24:09 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys [2013.12.11 22:24:09 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys [2013.12.11 22:24:05 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe [2013.12.11 22:24:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll [2013.11.14 19:15:44 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL [2013.10.24 23:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2013.10.18 14:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineUpdate [2013.10.18 14:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\log [2013.10.10 18:27:03 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.10.10 18:27:03 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.10.10 18:27:03 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.10.10 18:27:03 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.10.10 18:27:03 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.10.10 18:27:03 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.10.10 18:27:03 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.10.10 18:27:03 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.10.10 18:27:01 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2013.10.10 18:26:59 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2013.10.10 18:26:46 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2013.10.10 18:26:46 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys [2013.10.10 18:26:41 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2013.10.10 18:26:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2013.10.10 18:26:38 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys [2013.09.30 18:17:21 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll [2013.09.30 18:17:21 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfCoInstaller01007.dll [2013.09.30 18:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService [2013.09.29 16:07:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT [2013.09.29 15:37:33 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.09.29 15:37:33 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.09.29 15:37:31 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2013.09.29 15:28:50 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll [2013.09.29 15:28:21 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe [2013.09.29 15:28:21 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll [2013.09.11 21:21:54 | 000,863,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr110_clr0400.dll [2013.09.11 21:21:54 | 000,501,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp110_clr0400.dll [2013.09.11 21:21:54 | 000,028,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aspnet_counters.dll [2013.09.11 21:21:54 | 000,018,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100_clr0400.dll [2013.06.27 21:52:00 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\User\AppData\Roaming\*.tmp files -> C:\Users\User\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 360 Days ========== [2014.05.22 12:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.05.22 12:31:18 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000UA.job [2014.05.22 12:31:18 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000Core.job [2014.05.22 12:14:56 | 000,004,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2014.05.22 12:14:56 | 000,004,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2014.05.22 10:34:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.05.22 01:40:46 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2014.05.14 02:36:21 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2014.05.14 02:36:21 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2014.05.14 02:36:11 | 017,352,880 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2014.05.12 12:39:48 | 000,152,139 | ---- | M] () -- C:\Users\User\Documents\usbnormal [2014.05.12 11:27:34 | 000,000,812 | ---- | M] () -- C:\Users\User\Desktop\mp3DirectCut.lnk [2014.05.12 11:24:25 | 000,674,274 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2014.05.12 11:24:25 | 000,634,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014.05.12 11:24:25 | 000,146,254 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2014.05.12 11:24:25 | 000,120,050 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014.05.06 01:14:12 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2014.04.16 10:10:28 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif [2014.04.13 23:46:54 | 000,001,429 | ---- | M] () -- C:\Users\User\Desktop\DivX Movies.lnk [2014.04.13 22:45:47 | 000,342,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2014.04.13 17:27:06 | 000,000,033 | ---- | M] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini [2014.04.13 16:48:06 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.2.lnk [2014.04.12 13:38:19 | 000,001,626 | ---- | M] () -- C:\Windows\wininit.ini [2014.04.12 13:27:02 | 000,000,314 | ---- | M] () -- C:\Windows\SIERRA.INI [2014.04.12 12:42:49 | 000,002,065 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk [2014.04.12 12:18:06 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini [2014.03.31 22:46:48 | 001,070,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX [2014.03.31 22:46:48 | 000,130,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL [2014.03.11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys [2014.03.08 01:12:00 | 001,806,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2014.03.08 01:02:19 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2014.03.08 01:00:41 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2014.03.08 00:59:00 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2014.03.08 00:57:17 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2014.03.08 00:54:48 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2014.03.08 00:47:04 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2014.02.07 12:38:44 | 002,050,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2014.01.30 09:46:58 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wer.dll [2014.01.19 09:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2014.01.16 02:40:14 | 000,487,016 | ---- | M] (McAfee, Inc.) -- C:\SecurityScanner.dll [2013.12.21 21:49:18 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.12.21 21:49:18 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.12.10 21:59:40 | 000,043,008 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe [2013.12.10 14:12:00 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll [2013.12.10 14:11:29 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe [2013.11.27 19:15:57 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.11.13 02:30:19 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2013.10.30 04:13:01 | 001,304,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMALFXGFXDSP.dll [2013.10.30 04:12:54 | 000,335,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll [2013.10.30 03:43:04 | 000,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys [2013.10.30 02:43:06 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys [2013.10.24 23:47:11 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2013.10.11 04:08:55 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll [2013.10.11 04:07:57 | 000,596,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL [2013.10.11 02:39:37 | 000,218,228 | ---- | M] () -- C:\Windows\System32\WFP.TMF [2013.10.11 02:35:42 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe [2013.09.30 18:24:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf [2013.09.30 18:24:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf [2013.09.30 18:24:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf [2013.09.30 18:19:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf [2013.09.11 21:21:54 | 000,863,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr110_clr0400.dll [2013.09.11 21:21:54 | 000,501,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp110_clr0400.dll [2013.09.11 21:21:54 | 000,028,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aspnet_counters.dll [2013.09.11 21:21:54 | 000,018,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr100_clr0400.dll [2013.08.27 04:47:50 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.08.27 04:47:50 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.08.27 04:47:50 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.08.27 04:47:50 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.08.27 03:52:08 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.08.27 03:50:40 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.08.27 03:32:20 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.08.27 03:28:36 | 001,069,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.08.02 06:09:35 | 001,548,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2013.08.01 04:49:15 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2013.07.20 12:44:53 | 000,102,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2013.07.08 06:55:51 | 003,603,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.07.08 06:55:51 | 003,551,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.07.03 04:10:50 | 000,025,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys [2013.06.29 04:07:01 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2013.06.29 04:06:53 | 000,006,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys [2013.06.04 06:16:35 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2013.06.04 03:49:59 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\User\AppData\Roaming\*.tmp files -> C:\Users\User\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.05.12 12:39:36 | 000,152,139 | ---- | C] () -- C:\Users\User\Documents\usbnormal [2014.05.12 12:19:20 | 000,000,842 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2014.05.12 11:27:34 | 000,000,812 | ---- | C] () -- C:\Users\User\Desktop\mp3DirectCut.lnk [2014.04.18 13:33:58 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys [2014.04.16 10:10:56 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini [2014.04.16 10:10:28 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif [2014.04.16 10:10:04 | 000,001,786 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2014.04.13 23:46:54 | 000,001,429 | ---- | C] () -- C:\Users\User\Desktop\DivX Movies.lnk [2014.04.13 17:27:06 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini [2014.04.13 16:48:06 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.2.lnk [2013.12.10 14:12:00 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll [2013.12.10 14:11:29 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe [2013.11.14 19:15:44 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF [2013.10.24 23:47:11 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2013.09.30 18:24:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf [2013.09.30 18:24:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf [2013.09.30 18:24:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf [2013.09.30 18:19:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf [2013.02.11 21:47:51 | 001,962,048 | ---- | C] () -- C:\Users\User\thomashinzer_tiere_frolleinmotte2.pdf [2013.02.06 17:46:37 | 001,134,012 | ---- | C] () -- C:\Users\User\Scan_Einladung.pdf [2013.01.30 18:26:05 | 000,240,821 | ---- | C] () -- C:\Users\User\652_1359563058.pdf [2012.11.12 21:32:54 | 019,018,640 | ---- | C] () -- C:\Users\User\Mohammed_Bouazizi.avi [2012.11.06 20:37:38 | 001,198,648 | ---- | C] () -- C:\Users\User\betterads_local.exe.quarantaene [2011.12.08 19:28:40 | 000,000,054 | ---- | C] () -- C:\Users\User\AppData\Roaming\blckdom.res [2011.01.11 20:59:49 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini [2010.09.14 16:42:55 | 000,015,360 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.09 16:00:52 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 15:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.05.2014 13:10:45 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*Nutzer2-nonadmin*\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 44,25% Memory free
6,20 Gb Paging File | 4,79 Gb Available in Paging File | 77,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 295,79 Gb Total Space | 180,43 Gb Free Space | 61,00% Space Free | Partition Type: NTFS
Computer Name: pcname | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C5DE29F-79AF-4570-8BC2-FC6867506A92}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0D1F9EE8-7F4B-4366-94C5-2E033205A002}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{19633041-0D6D-4C18-A79C-86057B5D415C}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{19F0A652-CBBB-41D5-BEFA-78BD59C54F4F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{24E1A939-7BC9-4B16-A4C7-AF663BBB67B8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{33DDD471-9808-4F7F-8984-FE99AC8272A2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3C9C8BF2-20F5-4B07-9B05-F46C9D7C9121}" = rport=2869 | protocol=6 | dir=out | app=system |
"{57A8E1D8-0AF4-4ADC-9AD3-712459492B9D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5B1D9701-4E6C-4CF6-9DE6-A72C6600FEC1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{63B9F6B1-7942-425B-9595-D34CA989CD33}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7DCE1CDD-7828-4CAD-8A20-0FC459AB91D9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{889917A7-7DFA-4E3E-9E79-7929461C1937}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B55E8332-6BE6-44A2-A530-0D9DB1B771BE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C7372943-83C8-4122-92D9-F765080900B3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EF06CBED-7619-400F-9B50-7844CD38A26A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F5322A0E-31A2-4328-B028-EA470BCE90AD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3416FE92-9112-4632-A9CC-210078E5B5B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{48B1C531-6E42-4791-93D0-9450A72E5C61}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{84CF93BE-9B4B-4669-B097-E1EB2B2B5249}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9AD1A2B5-AC78-45C1-B727-DE0830F931CD}" = protocol=6 | dir=in | app=d:\alicesetup.exe |
"{A652F757-F69D-47D7-AE66-EC5D3DAFFC15}" = protocol=17 | dir=in | app=d:\alicesetup.exe |
"{A65B63E8-4C0B-4DA6-B825-9BE35EE8D5D2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DB0CCD4C-16F0-41A8-9CE5-2BA4841918E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ED43CBDB-31A3-4EB0-ADAB-1D9F41A98C9F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{41627B4E-8D09-42E9-808C-E28423B60281}C:\program files\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"TCP Query User{623E661E-ED3F-4EAC-B069-AE7ABBBD9DD4}C:\program files\ditto\ditto.exe" = protocol=6 | dir=in | app=c:\program files\ditto\ditto.exe |
"TCP Query User{822A2EA3-E04F-4F94-A9F3-C6668B93F648}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{9EEB226F-E90D-4B2F-A3B9-9566F5A0C58A}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{DBC96856-12D5-4782-BE2F-DF24A9DA048F}C:\program files\libreoffice 4\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files\libreoffice 4\program\soffice.bin |
"UDP Query User{0102041F-EED0-4159-8D62-B20B61870192}C:\program files\libreoffice 4\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files\libreoffice 4\program\soffice.bin |
"UDP Query User{4E280A72-A64C-44ED-88F9-45F5526AA110}C:\program files\ditto\ditto.exe" = protocol=17 | dir=in | app=c:\program files\ditto\ditto.exe |
"UDP Query User{9F8D2E98-C265-498B-B9E5-D445134C2F08}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{E51C47CF-74FD-4FD3-89ED-3C08BB3876EB}C:\program files\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"UDP Query User{FE68CACB-589D-4BA5-A622-0DCD6E744735}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1A5A851C-B8B4-CD8E-920B-EE21B9E4FE31}" = Catalyst Control Center Graphics Full Existing
"{2BA8A909-F17C-4AE5-85C1-9107B7A60D26}" = Toshiba TEMPRO
"{2D7D6A0E-A6A7-1080-980C-67FB8E20D93D}" = ccc-utility
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{4117DF3C-6677-4A22-90B7-FF06923417E9}" = LibreOffice 4.2.3.3
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{502DBACB-D72F-276E-9B51-1CC980633BDC}" = CCC Help German
"{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6275D380-371D-6D6E-32AF-97009138EBE3}" = Skins
"{67905A54-F074-6F13-3C61-DA40552079BB}" = Catalyst Control Center Graphics Light
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E4F5172-7A60-E18C-D1F2-C8D783197A7C}" = Catalyst Control Center Localization German
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Premium
"{9E871D09-064D-3BC9-963B-3AB8ABE1273D}" = Microsoft .NET Framework 4.5.1 (DEU)
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.9) - Deutsch
"{C6DCC59B-48D8-5092-2F69-8C423BFAB27F}" = Catalyst Control Center Graphics Previews Vista
"{C970757C-FD82-ED94-66C4-AF7C0266699E}" = ATI Catalyst Install Manager
"{CB22A47C-EFEA-2400-DB68-8F9B1D24BF43}" = Catalyst Control Center Graphics Full New
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE8B9F6B-7D9E-3C56-7B27-1E484CD41D78}" = ccc-core-static
"{D00EAB9D-C698-D4F6-214F-6FFC496B7F71}" = Catalyst Control Center Core Implementation
"{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}" = Catalyst Control Center - Branding
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2130
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"Ditto_is1" = Ditto
"GIMP-2_is1" = GIMP 2.8.10
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 29.0 (x86 de)" = Mozilla Firefox 29.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProInst" = Intel(R) PROSet/Wireless Software
"S3" = Die Siedler III Gold Edition
"VLC media player" = VLC media player 2.1.3
"WinRAR archiver" = WinRAR
"yEd Graph Editor 3.6" = yEd Graph Editor 3.6
"YTdetect" = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Aurora 31.0a2 (x86 de)" = Aurora 31.0a2 (x86 de)
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.6
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.03.2012 01:04:18 | Computer Name = pcname | Source = WinMgmt | ID = 10
Description =
Error - 30.03.2012 06:43:15 | Computer Name = pcname | Source = WinMgmt | ID = 10
Description =
Error - 30.03.2012 09:06:48 | Computer Name = pcname | Source = EventSystem | ID = 4621
Description =
Error - 30.03.2012 15:34:28 | Computer Name = pcname | Source = WinMgmt | ID = 10
Description =
Error - 30.03.2012 16:20:50 | Computer Name = pcname | Source = EventSystem | ID = 4621
Description =
Error - 30.03.2012 20:14:28 | Computer Name = pcname | Source = WinMgmt | ID = 10
Description =
Error - 30.03.2012 20:24:35 | Computer Name = pcname | Source = EventSystem | ID = 4621
Description =
Error - 31.03.2012 05:40:02 | Computer Name = pcname | Source = WinMgmt | ID = 10
Description =
Error - 31.03.2012 07:34:08 | Computer Name = pcname | Source = WinMgmt | ID = 10
Description =
Error - 31.03.2012 11:42:54 | Computer Name = pcname | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 16.08.2011 11:51:45 | Computer Name = pcname | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 9 seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 19.05.2014 16:25:20 | Computer Name = pcname | Source = DCOM | ID = 10010
Description =
Error - 21.05.2014 19:41:14 | Computer Name = pcname | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error - 21.05.2014 19:41:14 | Computer Name = pcname | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.1.100 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error - 21.05.2014 19:41:18 | Computer Name = pcname | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 21.05.2014 19:42:14 | Computer Name = pcname | Source = Service Control Manager | ID = 7000
Description =
Error - 21.05.2014 19:42:14 | Computer Name = pcname | Source = Service Control Manager | ID = 7000
Description =
Error - 21.05.2014 19:42:14 | Computer Name = pcname | Source = Service Control Manager | ID = 7000
Description =
Error - 21.05.2014 19:42:14 | Computer Name = pcname | Source = Service Control Manager | ID = 7000
Description =
Error - 22.05.2014 04:15:01 | Computer Name = pcname | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 22.05.2014 04:35:03 | Computer Name = pcname | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
< End of report >
|
|
22.05.2014, 12:34
| #2 |
| /// the machine /// TB-Ausbilder    | Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
22.05.2014, 23:47
| #3 |
| | Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll Danke! Hier die Files... wobei ich gleich mal schauen muss, ob die mit Admin-Rechten anders aussehen...
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-05-2014
Ran by *Nutzer2-nonadmin* (ATTENTION: The logged in user is not administrator) on pcname on 23-05-2014 00:38:19
Running from C:\Users\*Nutzer2-nonadmin*\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder\phonostarTimer.exe
(Mozilla Corporation) C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora\firefox.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1050072 2010-08-27] (Toshiba Europe GmbH)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
HKU\S-1-5-21-3063606764-1177351860-3295820248-1001\...\Run: [dradio-RecorderTimer] => C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder\phonostarTimer.exe [42496 2012-10-13] ()
==================== Internet (Whitelisted) ====================
SearchScopes: HKCU - DefaultScope {8E07EE6C-A3D4-4FAA-990C-FF532FE46153} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A010DE739&p={SearchTerms}
SearchScopes: HKCU - {8E07EE6C-A3D4-4FAA-990C-FF532FE46153} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A010DE739&p={SearchTerms}
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @phonostar.de/phonostar - C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder\npphonostarDetectNP.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Pocket - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\isreaditlater@ideashower.com [2014-05-06]
FF Extension: FEBE - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-05-06]
FF Extension: DownloadHelper - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-13]
FF Extension: Add-on Compatibility Reporter - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\compatibility@addons.mozilla.org.xpi [2014-05-06]
FF Extension: gui:config - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\guiconfig@slosd.net.xpi [2014-05-06]
FF Extension: Remove Google Tracking - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\jid0-DpogclPgnN9OvqNntEBbPZxBinY@jetpack.xpi [2014-04-26]
FF Extension: Lazarus: Form Recovery - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\lazarus@interclue.com.xpi [2014-04-26]
FF Extension: Print Edit - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\printedit@DW-dev.xpi [2014-05-19]
FF Extension: Session Manager - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-05-10]
FF Extension: NoScript - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-26]
FF Extension: Adblock Plus - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-13]
FF Extension: BetterPrivacy - C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Mozilla\Firefox\Profiles\7o2pkbzd.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-05-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
Chrome:
=======
========================== Services (Whitelisted) =================
S4 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [124368 2010-08-27] (Toshiba Europe GmbH)
S2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [X]
S2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [X]
S2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [X]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-10] (Avira GmbH)
S3 ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-23 00:38 - 2014-05-23 00:39 - 00009949 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\FRST.txt
2014-05-23 00:37 - 2014-05-23 00:38 - 00000000 ____D () C:\FRST
2014-05-23 00:36 - 2014-05-23 00:37 - 01056768 _____ (Farbar) C:\Users\*Nutzer2-nonadmin*\Desktop\FRST(1).exe
2014-05-23 00:33 - 2014-05-23 00:33 - 01056768 _____ (Farbar) C:\Users\*Nutzer2-nonadmin*\Desktop\FRST.exe
2014-05-22 13:14 - 2014-05-22 13:22 - 00041314 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Extras.Txt
2014-05-22 13:13 - 2014-05-22 13:22 - 00081012 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\OTL.Txt
2014-05-22 12:58 - 2014-05-22 13:14 - 00002039 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\trojboard.txt
2014-05-22 12:53 - 2014-05-22 12:53 - 00004437 _____ () C:\Users\*Nutzer2-nonadmin*\AppData\Local\recently-used.xbel
2014-05-22 11:26 - 2014-05-22 12:53 - 00286140 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\viren.xcf
2014-05-22 11:18 - 2014-05-22 11:18 - 00602112 _____ (OldTimer Tools) C:\Users\*Nutzer2-nonadmin*\Desktop\OTL.exe
2014-05-22 01:42 - 2014-05-22 01:43 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora
2014-05-19 21:50 - 2014-05-19 21:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Ditto
2014-05-19 14:40 - 2014-05-22 11:18 - 00000093 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise2.txt
2014-05-17 00:21 - 2014-05-17 00:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-17 00:18 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 00:18 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 00:18 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 00:09 - 2014-05-17 00:12 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder
2014-05-17 00:09 - 2014-05-17 00:09 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\phonostar GmbH
2014-05-15 14:44 - 2014-05-15 14:45 - 00000289 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise.txt
2014-05-15 14:06 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 02:12 - 2014-05-15 02:13 - 107708366 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Druna-CI-Workshop-Beispiel.mp4
2014-05-14 02:36 - 2014-05-14 02:36 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-05-13 16:03 - 2014-05-13 16:03 - 00000788 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.exe.lnk
2014-05-13 15:51 - 2014-05-13 15:52 - 00000000 ____D () C:\Program Files\Autohotkey
2014-05-13 15:49 - 2014-05-13 16:02 - 00002190 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.ahk
2014-05-13 15:46 - 2014-05-14 00:10 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Ditto
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\Program Files\Ditto
2014-05-12 12:39 - 2014-05-12 12:39 - 00152139 _____ () C:\Users\User\Documents\usbnormal
2014-05-12 12:25 - 2014-05-22 11:26 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gtk-2.0
2014-05-12 12:25 - 2014-05-12 12:25 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.thumbnails
2014-05-12 12:23 - 2014-05-22 12:53 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.gimp-2.8
2014-05-12 12:23 - 2014-05-12 12:23 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gegl-0.2
2014-05-12 12:19 - 2014-05-12 12:19 - 00000842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-12 12:15 - 2014-05-12 12:18 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-12 11:27 - 2014-05-12 11:27 - 00000812 _____ () C:\Users\User\Desktop\mp3DirectCut.lnk
2014-05-12 11:26 - 2014-05-12 11:27 - 00000000 ____D () C:\Program Files\mp3directcut
2014-05-12 01:52 - 2014-05-12 01:52 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Apps\2.0
2014-05-12 01:23 - 2014-05-12 01:28 - 25235372 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\futurama-brutale-Polizeigewalt.ogg
2014-05-10 10:17 - 2014-05-10 10:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Notepad++
2014-05-10 10:08 - 2014-05-10 10:11 - 00000000 ____D () C:\Program Files\Notepadpp
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Ahead
2014-05-06 00:28 - 2014-05-06 00:28 - 00000853 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Aurora.lnk
2014-05-05 23:57 - 2014-05-19 22:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-28 08:49 - 2014-05-22 12:34 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\Desktopordner
2014-04-28 08:15 - 2014-04-28 08:15 - 00000104 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Computer.lnk
2014-04-24 12:03 - 2014-04-24 12:09 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Microsoft Games
2014-04-24 12:03 - 2014-04-24 12:03 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Intel
==================== One Month Modified Files and Folders =======
2014-05-23 00:39 - 2014-05-23 00:38 - 00009949 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\FRST.txt
2014-05-23 00:38 - 2014-05-23 00:37 - 00000000 ____D () C:\FRST
2014-05-23 00:37 - 2014-05-23 00:36 - 01056768 _____ (Farbar) C:\Users\*Nutzer2-nonadmin*\Desktop\FRST(1).exe
2014-05-23 00:36 - 2012-05-04 22:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-23 00:34 - 2008-01-21 03:35 - 01480077 _____ () C:\Windows\WindowsUpdate.log
2014-05-23 00:33 - 2014-05-23 00:33 - 01056768 _____ (Farbar) C:\Users\*Nutzer2-nonadmin*\Desktop\FRST.exe
2014-05-23 00:28 - 2010-09-14 16:31 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-05-23 00:28 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-23 00:28 - 2006-11-02 14:47 - 00004160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-23 00:28 - 2006-11-02 14:47 - 00004160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-22 13:28 - 2006-11-02 15:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-22 13:24 - 2010-11-08 17:13 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000UA.job
2014-05-22 13:22 - 2014-05-22 13:14 - 00041314 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Extras.Txt
2014-05-22 13:22 - 2014-05-22 13:13 - 00081012 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\OTL.Txt
2014-05-22 13:14 - 2014-05-22 12:58 - 00002039 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\trojboard.txt
2014-05-22 12:53 - 2014-05-22 12:53 - 00004437 _____ () C:\Users\*Nutzer2-nonadmin*\AppData\Local\recently-used.xbel
2014-05-22 12:53 - 2014-05-22 11:26 - 00286140 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\viren.xcf
2014-05-22 12:53 - 2014-05-12 12:23 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.gimp-2.8
2014-05-22 12:34 - 2014-04-28 08:49 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\Desktopordner
2014-05-22 12:31 - 2010-11-08 17:13 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000Core.job
2014-05-22 11:26 - 2014-05-12 12:25 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gtk-2.0
2014-05-22 11:18 - 2014-05-22 11:18 - 00602112 _____ (OldTimer Tools) C:\Users\*Nutzer2-nonadmin*\Desktop\OTL.exe
2014-05-22 11:18 - 2014-05-19 14:40 - 00000093 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise2.txt
2014-05-22 01:43 - 2014-05-22 01:42 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora
2014-05-19 22:04 - 2014-05-05 23:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-19 21:50 - 2014-05-19 21:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Ditto
2014-05-17 01:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-17 00:25 - 2013-09-29 16:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 00:22 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-17 00:21 - 2014-05-17 00:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-17 00:21 - 2010-09-14 16:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-17 00:12 - 2014-05-17 00:09 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder
2014-05-17 00:09 - 2014-05-17 00:09 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\phonostar GmbH
2014-05-15 14:45 - 2014-05-15 14:44 - 00000289 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise.txt
2014-05-15 02:13 - 2014-05-15 02:12 - 107708366 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Druna-CI-Workshop-Beispiel.mp4
2014-05-14 04:03 - 2014-04-13 18:19 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\vlc
2014-05-14 02:36 - 2014-05-14 02:36 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-05-14 02:36 - 2012-05-04 22:15 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 02:36 - 2011-05-17 18:00 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 02:31 - 2010-09-14 11:11 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-05-14 00:10 - 2014-05-13 15:46 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Ditto
2014-05-13 16:03 - 2014-05-13 16:03 - 00000788 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.exe.lnk
2014-05-13 16:02 - 2014-05-13 15:49 - 00002190 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.ahk
2014-05-13 15:52 - 2014-05-13 15:51 - 00000000 ____D () C:\Program Files\Autohotkey
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\Program Files\Ditto
2014-05-12 12:39 - 2014-05-12 12:39 - 00152139 _____ () C:\Users\User\Documents\usbnormal
2014-05-12 12:25 - 2014-05-12 12:25 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.thumbnails
2014-05-12 12:25 - 2014-04-13 14:45 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*
2014-05-12 12:23 - 2014-05-12 12:23 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gegl-0.2
2014-05-12 12:19 - 2014-05-12 12:19 - 00000842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-12 12:18 - 2014-05-12 12:15 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-12 11:27 - 2014-05-12 11:27 - 00000812 _____ () C:\Users\User\Desktop\mp3DirectCut.lnk
2014-05-12 11:27 - 2014-05-12 11:26 - 00000000 ____D () C:\Program Files\mp3directcut
2014-05-12 11:24 - 2008-01-21 09:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 11:22 - 2006-11-02 14:52 - 00125458 _____ () C:\Windows\setupact.log
2014-05-12 01:52 - 2014-05-12 01:52 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Apps\2.0
2014-05-12 01:28 - 2014-05-12 01:23 - 25235372 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\futurama-brutale-Polizeigewalt.ogg
2014-05-10 10:17 - 2014-05-10 10:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Notepad++
2014-05-10 10:11 - 2014-05-10 10:08 - 00000000 ____D () C:\Program Files\Notepadpp
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Ahead
2014-05-08 14:27 - 2012-05-23 19:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-06 01:32 - 2014-05-17 00:18 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 01:14 - 2014-05-17 00:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 01:14 - 2014-05-17 00:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 00:28 - 2014-05-06 00:28 - 00000853 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Aurora.lnk
2014-04-28 08:15 - 2014-04-28 08:15 - 00000104 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Computer.lnk
2014-04-24 12:09 - 2014-04-24 12:03 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Microsoft Games
2014-04-24 12:03 - 2014-04-24 12:03 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Intel
Some content of TEMP:
====================
C:\Users\*Nutzer2-nonadmin*\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\AskSLib.dll
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\DivXSetup.exe
C:\Users\User\AppData\Local\Temp\i4jdel0.exe
C:\Users\User\AppData\Local\Temp\instloffer.exe
C:\Users\User\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\User\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\User\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\User\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\User\AppData\Local\Temp\KUIU.EXE
C:\Users\User\AppData\Local\Temp\nsqB6C3.tmp.ConduitEngineEmbbed.exe
C:\Users\User\AppData\Local\Temp\ose00000.exe
C:\Users\User\AppData\Local\Temp\softonic-de3.exe
C:\Users\User\AppData\Local\Temp\tbsof0.dll
C:\Users\User\AppData\Local\Temp\utildel.exe
C:\Users\User\AppData\Local\Temp\_is68D6.exe
C:\Users\User\AppData\Local\Temp\_isC5F1.exe
C:\Users\User\AppData\Local\Temp\{45A92BE1-6EBD-49E1-BD6A-D44009C4A718}-30.0.1599.69_chrome_installer.exe
C:\Users\User\AppData\Local\Temp\{73892D8B-5C3B-403C-A7F1-07553C8EE695}-30.0.1599.69_chrome_installer.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
--- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-05-2014
Ran by *Nutzer2-nonadmin* at 2014-05-23 00:39:39
Running from C:\Users\*Nutzer2-nonadmin*\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{C970757C-FD82-ED94-66C4-AF7C0266699E}) (Version: 3.0.657.0 - ATI Technologies, Inc.)
Aurora 31.0a2 (x86 de) (HKCU\...\Aurora 31.0a2 (x86 de)) (Version: 31.0a2 - Mozilla)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Catalyst Control Center - Branding (HKLM\...\{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}) (Version: 1.00.0000 - ATI)
Catalyst Control Center Core Implementation (Version: 2008.0130.1509.26922 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0130.1509.26922 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0130.1509.26922 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0130.1509.26922 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0130.1509.26922 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0130.1509.26922 - ATI) Hidden
CCC Help German (Version: 2008.0130.1508.26922 - ATI) Hidden
ccc-core-static (Version: 2008.0130.1509.26922 - Ihr Firmenname) Hidden
ccc-utility (Version: 2008.0130.1509.26922 - ATI) Hidden
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.00 - TOSHIBA)
Die Siedler III Gold Edition (HKLM\...\S3) (Version: - )
Ditto (HKLM\...\Ditto_is1) (Version: - Scott Brogden)
dradio-Recorder Version 3.02.6 (HKCU\...\dradio-Recorder_is1) (Version: - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179) (Version: - )
HL-2130 (HKLM\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.6.0 - Brother Industries, Ltd.)
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.5.0000 - Intel Corporation)
LibreOffice 4.2.3.3 (HKLM\...\{4117DF3C-6677-4A22-90B7-FF06923417E9}) (Version: 4.2.3.3 - The Document Foundation)
mCorev32.ism_new (Version: 11.02.0000 - Intel Corporation) Hidden
mCPlug (Version: 11.02.0000 - Intel Corporation) Hidden
mHelp (Version: 11.02.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
mMHouse (Version: 11.02.0000 - Intel Corporation) Hidden
Mozilla Firefox 29.0 (x86 de) (HKLM\...\Mozilla Firefox 29.0 (x86 de)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
mPfMgr (Version: 11.02.0000 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Premium (HKLM\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711031}) (Version: 7.03.1151 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
PC Connectivity Solution (HKLM\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia)
PDF24 Creator 5.4.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
QuickTime (HKLM\...\{EB900AF8-CC61-4E15-871B-98D1EA3E8025}) (Version: 7.67.75.0 - Apple Inc.)
Secure Download Manager (HKLM\...\{AA57D6F1-6360-4397-B2D9-B21C69863D97}) (Version: 3.1.0 - Kivuto Solutions Inc.)
Skins (Version: 2008.0130.1509.26922 - ATI) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.04 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.1.26 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - Toshiba) Hidden
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}) (Version: 3.00.01.00 - TOSHIBA)
TOSHIBA Hardware Setup (Version: 3.00.01.00 - TOSHIBA) Hidden
Toshiba TEMPRO (HKLM\...\{2BA8A909-F17C-4AE5-85C1-9107B7A60D26}) (Version: 2.30 - Toshiba Europe GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) (HKLM\...\3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F) (Version: 10/12/2007 6.85.4.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
yEd Graph Editor 3.6 (HKLM\...\yEd Graph Editor 3.6) (Version: - yWorks GmbH)
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000Core.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000UA.job => ?
==================== Loaded Modules (whitelisted) =============
2010-09-11 13:11 - 2008-01-30 16:30 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2010-09-10 15:37 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2014-05-17 00:09 - 2012-10-13 16:05 - 00042496 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder\phonostarTimer.exe
2014-05-22 01:42 - 2014-05-22 01:43 - 03897456 _____ () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: NBService => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\Windows\pss\OpenOffice.org 3.2.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: Google Update => "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
MSCONFIG\startupreg: TOSCDSPD => C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/23/2014 00:29:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/22/2014 01:28:22 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (05/22/2014 10:50:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\*Nutzer2-nonadmin*\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\7O2PKBZD.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/22/2014 10:50:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\*Nutzer2-nonadmin*\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\7O2PKBZD.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/22/2014 10:50:34 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\*Nutzer2-nonadmin*\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\7O2PKBZD.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/22/2014 10:50:34 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\*Nutzer2-nonadmin*\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\7O2PKBZD.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/22/2014 10:50:34 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\*Nutzer2-nonadmin*\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\7O2PKBZD.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/22/2014 10:50:34 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\*Nutzer2-nonadmin*\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\7O2PKBZD.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/22/2014 10:50:34 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\*Nutzer2-nonadmin*\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\7O2PKBZD.DEFAULT\CACHE\6> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (05/22/2014 10:50:34 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\*Nutzer2-nonadmin*\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\7O2PKBZD.DEFAULT\CACHE\6> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (05/23/2014 00:29:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee SiteAdvisor Service%%3
Error: (05/23/2014 00:29:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Avira Echtzeit-Scanner%%3
Error: (05/23/2014 00:29:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (05/23/2014 00:29:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Avira Planer%%3
Error: (05/23/2014 00:28:56 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.
Error: (05/23/2014 00:28:37 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.1.100 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error: (05/23/2014 00:28:37 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error: (05/22/2014 01:28:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (05/22/2014 10:35:03 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.
Error: (05/22/2014 10:15:01 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.
Microsoft Office Sessions:
=========================
Error: (08/16/2011 05:51:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2012-12-02 19:25:47.231
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-02 19:25:46.948
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-02 19:25:46.942
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-02 19:25:46.897
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-02 19:24:13.583
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-02 19:24:13.529
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-02 19:24:13.164
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-02 19:24:13.121
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-02 19:12:43.257
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-02 19:12:42.969
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 38%
Total physical RAM: 3069.67 MB
Available physical RAM: 1880.26 MB
Total Pagefile: 6341.61 MB
Available Pagefile: 5284.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.55 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:295.79 GB) (Free:180.38 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Geändert von ichmoechtauc (22.05.2014 um 23:53 Uhr) Grund: an |
|
23.05.2014, 16:29
| #4 |
| /// the machine /// TB-Ausbilder | Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll Unsere Tools brauchen auf jeden Fall Adminrechte. Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.05.2014, 14:42
| #5 |
| | Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll Neustart probier ich mal gleich. Edit: Keine Fehlermeldung Code:
ATTFilter ComboFix 14-05-19.01 - User 23.05.2014 17:50:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1883 [GMT 2:00]
ausgeführt von:: c:\users\*Nutzer2-nonadmin*\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\User\AppData\Roaming\AcroIEHelpe.txt
c:\users\User\AppData\Roaming\srvblck2.tmp
c:\users\User\betterads_local.exe.quarantaene
c:\windows\IsUn0407.exe
c:\windows\system32\Oleaut32.1
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-23 bis 2014-05-23 ))))))))))))))))))))))))))))))
.
.
2014-05-23 15:58 . 2014-05-23 16:00 -------- d-----w- c:\users\User\AppData\Local\temp
2014-05-23 15:58 . 2014-05-23 15:58 -------- d-----w- c:\users\*Nutzer2-nonadmin*\AppData\Local\temp
2014-05-23 15:58 . 2014-05-23 15:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-23 14:54 . 2014-05-23 14:54 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46B8E6ED-9C00-45F3-87D5-E1A62AA3C101}\offreg.dll
2014-05-23 14:54 . 2014-05-23 14:54 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46B8E6ED-9C00-45F3-87D5-E1A62AA3C101}\MpKsld4347f8e.sys
2014-05-23 13:17 . 2014-05-23 13:17 -------- d-----w- c:\users\*Nutzer2-nonadmin*\AppData\Roaming\Nokia Suite
2014-05-23 13:17 . 2014-05-23 13:17 -------- d-----w- c:\users\*Nutzer2-nonadmin*\AppData\Roaming\Nokia
2014-05-23 13:04 . 2014-05-23 13:04 -------- d-----w- c:\users\*Nutzer2-nonadmin*\AppData\Local\Nokia
2014-05-23 13:04 . 2014-05-23 13:15 -------- d-----w- c:\users\*Nutzer2-nonadmin*\AppData\Roaming\PC Suite
2014-05-23 13:04 . 2014-05-23 13:04 -------- d-----w- c:\users\User\AppData\Local\Nokia
2014-05-23 13:02 . 2014-05-23 13:02 -------- d-----w- c:\program files\Common Files\Nokia
2014-05-23 13:02 . 2014-05-23 13:04 -------- d-----w- c:\programdata\Nokia
2014-05-23 13:01 . 2012-10-17 12:53 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2014-05-23 13:01 . 2014-05-23 13:01 -------- d-----w- c:\program files\PC Connectivity Solution
2014-05-23 12:59 . 2014-05-23 13:01 -------- d-----w- c:\windows\LastGood
2014-05-23 12:57 . 2014-05-23 13:02 -------- d-----w- c:\program files\Nokia
2014-05-23 12:54 . 2006-08-29 14:56 32377 ----a-w- c:\windows\system32\drivers\prodigy.sys
2014-05-23 12:54 . 2014-05-23 13:24 -------- d-----w- c:\program files\NSS
2014-05-23 10:58 . 2014-04-30 23:37 8073384 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46B8E6ED-9C00-45F3-87D5-E1A62AA3C101}\mpengine.dll
2014-05-23 01:48 . 2014-05-23 01:49 -------- d-----w- c:\program files\Python26
2014-05-23 01:07 . 2014-05-23 01:30 -------- d-----w- c:\users\*Nutzer2-nonadmin*\MediathekView
2014-05-23 01:05 . 2014-05-23 01:24 -------- d-----w- c:\users\*Nutzer2-nonadmin*\.mediathek3
2014-05-23 01:00 . 2014-05-23 01:00 -------- d-----w- c:\programdata\Oracle
2014-05-23 01:00 . 2014-05-23 01:00 -------- d-----w- c:\program files\Common Files\Java
2014-05-23 00:59 . 2014-05-23 00:58 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-05-23 00:12 . 2014-05-23 00:13 -------- d-----w- c:\program files\mediathekview
2014-05-22 23:09 . 2014-05-22 23:10 -------- d-----w- c:\program files\Python27
2014-05-22 22:57 . 2014-05-22 22:57 -------- d-----w- c:\program files\Meld
2014-05-22 22:51 . 2014-05-22 22:51 -------- d-----w- c:\users\*Nutzer2-nonadmin*\AppData\Local\Aurora
2014-05-22 22:37 . 2014-05-22 23:09 -------- d-----w- C:\FRST
2014-05-22 09:47 . 2014-05-22 09:47 -------- d-----w- C:\oldprefetch
2014-05-21 23:56 . 2014-05-04 17:20 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E91C2C8F-CFEF-402F-A525-A80DD171CA34}\gapaengine.dll
2014-05-21 23:54 . 2014-04-30 23:37 8073384 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-19 19:50 . 2014-05-19 19:50 -------- d-----w- c:\users\User\AppData\Roaming\Ditto
2014-05-16 22:18 . 2014-05-05 23:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-16 22:09 . 2014-05-16 22:09 -------- d-----w- c:\users\*Nutzer2-nonadmin*\AppData\Roaming\phonostar GmbH
2014-05-14 00:36 . 2014-05-14 00:36 17352880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-05-13 13:51 . 2014-05-13 13:52 -------- d-----w- c:\program files\Autohotkey
2014-05-13 13:46 . 2014-05-13 22:10 -------- d-----w- c:\users\*Nutzer2-nonadmin*\AppData\Roaming\Ditto
2014-05-13 13:46 . 2014-05-13 13:46 -------- d-----w- c:\program files\Ditto
2014-05-12 10:25 . 2014-05-22 09:26 -------- d-----w- c:\users\*Nutzer2-nonadmin*\AppData\Local\gtk-2.0
2014-05-12 10:25 . 2014-05-12 10:25 -------- d-----w- c:\users\*Nutzer2-nonadmin*\.thumbnails
2014-05-12 10:23 . 2014-05-12 10:23 -------- d-----w- c:\users\*Nutzer2-nonadmin*\AppData\Local\fontconfig
2014-05-12 10:23 . 2014-05-22 10:53 -------- d-----w- c:\users\*Nutzer2-nonadmin*\.gimp-2.8
2014-05-12 10:23 . 2014-05-12 10:23 -------- d-----w- c:\users\*Nutzer2-nonadmin*\AppData\Local\gegl-0.2
2014-05-12 10:15 . 2014-05-12 10:18 -------- d-----w- c:\program files\GIMP 2
2014-05-12 09:26 . 2014-05-12 09:27 -------- d-----w- c:\program files\mp3directcut
2014-05-11 23:52 . 2014-05-11 23:52 -------- d-----w- c:\users\*Nutzer2-nonadmin*\AppData\Local\Apps
2014-05-10 08:17 . 2014-05-10 08:17 -------- d-----w- c:\users\*Nutzer2-nonadmin*\AppData\Roaming\Notepad++
2014-05-10 08:08 . 2014-05-10 08:11 -------- d-----w- c:\program files\Notepadpp
2014-05-09 12:27 . 2014-05-09 12:27 -------- d-----w- c:\users\*Nutzer2-nonadmin*\AppData\Local\Ahead
2014-04-24 10:03 . 2014-04-24 10:09 -------- d-----w- c:\users\*Nutzer2-nonadmin*\AppData\Local\Microsoft Games
2014-04-24 10:03 . 2014-04-24 10:03 -------- d-----w- c:\users\*Nutzer2-nonadmin*\AppData\Roaming\Intel
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 00:36 . 2012-05-04 20:15 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-14 00:36 . 2011-05-17 16:00 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-04 17:20 . 2014-04-20 13:00 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-17 08:16 . 2014-04-16 08:03 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A62FBF1C-8C10-48F3-BCCE-F6A6B9B9A755}\mpengine.dll
2014-03-11 07:52 . 2014-03-11 07:52 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-07 23:12 . 2014-04-12 11:35 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-03-07 23:02 . 2014-04-12 11:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-07 23:02 . 2014-04-12 11:35 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-03-07 22:57 . 2014-04-12 11:35 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-07 22:56 . 2014-04-12 11:35 421376 ----a-w- c:\windows\system32\vbscript.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Ditto"="c:\program files\Ditto\Ditto.exe" [2012-11-08 1433200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-08-27 1050072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 09:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
2010-06-10 12:42 2621440 ------r- c:\program files\Browny02\Brother\BrStMonW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-11-08 15:13 136176 ----atw- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 06:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2013-03-20 12:38 162856 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 03:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-10 21:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2013-04-18 08:55 1105408 ----a-w- c:\users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 10:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2007-12-29 07:06 430080 ----a-w- c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSLD4347F8E
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 00:36]
.
2014-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-08 15:13]
.
2014-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-08 15:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube Download - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o3cx0grh.default-1397302169899\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
HKLM-Run-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
AddRemove-Avira AntiVir Desktop - c:\program files\Avira\AntiVir Desktop\setup.exe
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179\UIU32m.exe
AddRemove-S3 - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-05-23 18:00
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\User\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}]
@DACL=(02 0000)
@="MX XML Reader 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}]
@DACL=(02 0000)
@="Update3COMClass"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{08FB66B9-2D2D-4B35-A747-D5D9E9F472E2}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{0F9285DF-3511-4FE6-A587-CD8F61A121CA}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{1793FE32-120E-4D33-8BE9-19EF4AD165F6}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{220DFF67-87CE-4D26-8020-27E0B554A880}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}]
@DACL=(02 0000)
@="GoogleUpdate Update3Web"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}]
@DACL=(02 0000)
@="Google Update Legacy On Demand"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{3063357E-821C-4A7D-B49A-F61EA772BF9B}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{3A6EE5C3-7A28-452B-832D-08FE74C7EEAD}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{4A26DF46-A5AF-4D46-A60D-14AD89E57A63}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{515C93ED-88BD-4CCB-AE7F-9F2A1E9695A3}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}]
@DACL=(02 0000)
@="Google.OneClickProcessLauncher"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{546958A5-5C48-48BE-9396-599811623E60}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}]
@DACL=(02 0000)
@="CommandExecuteImpl Class"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}]
@DACL=(02 0000)
@="SAX XML Reader 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="XML DOM Document 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="Free Threaded XML DOM Document 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="XML Schema Cache 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="XSL Template 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="XML Data Source Object 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="XML HTTP 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="Server XML HTTP 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="MXXMLWriter 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="MXHTMLWriter 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="SAXAttributes 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}]
@DACL=(02 0000)
@="MXNamespaceManager 4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{A1436E43-F58F-4D3B-B908-B6DA44563B00}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{A480C024-04D0-4F28-8CF0-ADACE2BD839C}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{B41AD4BE-25BA-4A51-A0BB-FC1584E316F1}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
@DACL=(02 0000)
@="Google Update Plugin"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
@DACL=(02 0000)
@="Google Update Plugin"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.0_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.0_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.0_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_08"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_08"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_09"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_09"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_10"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_10"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_11"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_11"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_12"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_12"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_13"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_13"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_14"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_14"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_15"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_15"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_16"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_16"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_17"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_17"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_18"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_18"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_19"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_19"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_20"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_20"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_21"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_21"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_22"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_22"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_23"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_23"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_24"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_24"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_25"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_25"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_27"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_27"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_28"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_28"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_29"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_29"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_30"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_30"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_08"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_08"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_09"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_09"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_10"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_10"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_11"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_11"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_12"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_12"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_13"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_13"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_14"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_14"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_15"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_15"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_16"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_16"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_17"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_17"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_18"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_18"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_19"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_19"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_20"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_20"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_21"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_21"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_22"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_22"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_23"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_23"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_24"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_24"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_25"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_25"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_27"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_27"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_28"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_28"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_29"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_29"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_30"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_30"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_08"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_08"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_08"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_09"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_09"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_09"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_10"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_10"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_10"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_11"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_11"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_11"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_12"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_12"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_12"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_13"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_13"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_13"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_14"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_14"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_14"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_15"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_15"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_15"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_16"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_16"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_16"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_17"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_17"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_17"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_18"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_18"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_18"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_19"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_19"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_19"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_20"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_20"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_20"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_21"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_21"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_21"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_22"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_22"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_22"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_23"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_23"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_23"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_24"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_24"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_24"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_25"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_25"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_25"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_27"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_27"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_27"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_28"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_28"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_28"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_29"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_29"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_29"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_30"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_30"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_30"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_01"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_03"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_04"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_05"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_06"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_07"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_08"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_08"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_08"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_09"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_09"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_09"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_10"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_10"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_10"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_11"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_11"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_11"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_12"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_12"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_12"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_13"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_13"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_13"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_14"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_14"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_14"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_15"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_15"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_15"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_16"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_16"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_16"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_17"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_17"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_17"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_18"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_18"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_18"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_19"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_19"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_19"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_20"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_20"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_20"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_21"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_21"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_21"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_22"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_22"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_22"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_23"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_23"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_23"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_24"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_24"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_24"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_25"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_25"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_25"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_26"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{CD221623-4F9A-4FA5-A9EE-A77EC8F0E7BD}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.0_02"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}]
@DACL=(02 0000)
@="GoogleUpdate CredentialDialog"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{EFF39A40-C163-4d5d-B073-52FBB55C646A}]
@DACL=(02 0000)
@="Adobe PDF Reader Link Helper"
"AppID"="{74DB2CD7-094B-4d60-9656-ADC2F8830D29}"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}]
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-3063606764-1177351860-3295820248-1001_Classes\CLSID\{FD10EA6A-0D14-4AA2-A376-0C8D51CA8779}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2014-05-23 18:02:38
ComboFix-quarantined-files.txt 2014-05-23 16:02
.
Vor Suchlauf: 11 Verzeichnis(se), 193.216.204.800 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 196.871.512.064 Bytes frei
.
- - End Of File - - AB1D20248AA11D60BEDB8B23B0DA48AB
5C616939100B85E558DA92B899A0FC36
Geändert von ichmoechtauc (23.05.2014 um 19:52 Uhr) |
|
25.05.2014, 07:07
| #6 |
| /// the machine /// TB-Ausbilder | Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll Das ist ne Fehlerkennng. Können wir wieder rausholen falls Du es nicht schon behoben hast. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll |
|
27.05.2014, 12:06
| #7 |
| | Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll Hier ist jetzt alles zu finden, ein paar weitere wurden noch entdeckt: MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 26.05.2014 Suchlauf-Zeit: 00:29:38 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.05.25.07 Rootkit Datenbank: v2014.05.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: User Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 282752 Verstrichene Zeit: 9 Min, 29 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 4 Trojan.Agent, HKU\S-1-5-21-3063606764-1177351860-3295820248-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EFF39A40-C163-4d5d-B073-52FBB55C646A}, In Quarantäne, [54474b0a413a4cea7252fa46d62cf60a], PUP.Optional.BundleInstaller.A, HKLM\SOFTWARE\VITTALIA\AxtanInstaller, In Quarantäne, [8a111a3b4d2ecb6bde30158f51b1cd33], PUP.Optional.PriceGong.A, HKU\S-1-5-21-3063606764-1177351860-3295820248-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, In Quarantäne, [7d1e7dd8d8a3f83e27c5c7d96f9305fb], PUP.Optional.Softonic.A, HKU\S-1-5-21-3063606764-1177351860-3295820248-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [603b98bde29988ae0a154b4a50b24ab6], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 1 Adware.InstallBrain, C:\ProgramData\IBUpdaterService, In Quarantäne, [e8b3b5a04c2f4ceaf371920457acb34d], Dateien: 3 Trojan.Agent, C:\Users\User\AppData\Roaming\5053\components\AcroFF5.dll, In Quarantäne, [cad123327902bb7bf240c3ba29d747b9], PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dhdepfaagokllfmhfbcfmocaeigmoebo_0.localstorage-journal, In Quarantäne, [d4c79bba05761c1a82cbc7cb6e9414ec], Adware.InstallBrain, C:\ProgramData\IBUpdaterService\repository.xml, In Quarantäne, [e8b3b5a04c2f4ceaf371920457acb34d], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.210 - Bericht erstellt am 26/05/2014 um 02:29:34
# Aktualisiert 19/05/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : User - pcname
# Gestartet von : C:\Users\*Nutzer2-nonadmin*\Desktop\adwcleaner_3.210.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Windows\system32\conduitEngine.tmp
Ordner Gefunden : C:\Program Files\FreeRIP3
Ordner Gefunden : C:\ProgramData\FreeRIP
Ordner Gefunden : C:\Users\User\AppData\Local\Conduit
Ordner Gefunden : C:\Users\User\AppData\Local\OpenCandy
Ordner Gefunden : C:\Users\User\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\User\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\User\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gefunden : C:\Users\User\AppData\Roaming\Uniblue
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\MGShareware
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{501451DE-5808-4599-B544-8BD0915B6B24}_is1
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gefunden : HKLM\Software\MGShareware
Schlüssel Gefunden : HKLM\Software\Uniblue
Schlüssel Gefunden : HKLM\Software\Vittalia
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16545
-\\ Mozilla Firefox v29.0 (de)
[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o3cx0grh.default-1397302169899\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gefunden [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
Gefunden [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Gefunden [Extension] : kincjchfokkeneeofpeefomkikfkiedl
*************************
AdwCleaner[R0].txt - [2616 octets] - [26/05/2014 02:29:34]
########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [2676 octets] ##########
Code:
ATTFilter # AdwCleaner v3.210 - Bericht erstellt am 26/05/2014 um 02:31:34
# Aktualisiert 19/05/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : User - pcname
# Gestartet von : C:\Users\*Nutzer2-nonadmin*\Desktop\adwcleaner_3.210.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\FreeRIP
Ordner Gelöscht : C:\Program Files\FreeRIP3
Ordner Gelöscht : C:\Users\User\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\User\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\User\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Uniblue
Datei Gelöscht : C:\Windows\system32\conduitEngine.tmp
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKCU\Software\MGShareware
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\MGShareware
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Vittalia
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{501451DE-5808-4599-B544-8BD0915B6B24}_is1
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16545
-\\ Mozilla Firefox v29.0 (de)
[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o3cx0grh.default-1397302169899\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
Gelöscht [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Gelöscht [Extension] : kincjchfokkeneeofpeefomkikfkiedl
*************************
AdwCleaner[R0].txt - [2754 octets] - [26/05/2014 02:29:34]
AdwCleaner[S0].txt - [2677 octets] - [26/05/2014 02:31:34]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [2737 octets] ##########
JRT hat eine Logdatei ausgespuckt, allerdings erst beim 2. Mal. Es kann weiterhin sein, dass ich das mehrmals gestartet hab (irgendwie liefen aber auch beide Male 2 von den Programmen gleichzeitig, auch wenn ich das nur einmal gestartet hab) JRT JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by User on 26.05.2014 at 2:56:52,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.05.2014 at 3:01:50,10
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hab hierdrin nochmal aus Versehen Combofix statt FRST gestartet. Das hat aber nix gefunden. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by User (administrator) on pcname on 26-05-2014 14:04:02
Running from C:\Users\*Nutzer2-nonadmin*\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1050072 2010-08-27] (Toshiba Europe GmbH)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [1433200 2012-11-08] ()
HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3063606764-1177351860-3295820248-1001\...\Run: [dradio-RecorderTimer] => C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder\phonostarTimer.exe [42496 2012-10-13] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE003EBEC9B7ECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {9DF002E3-B996-4600-858A-B63E2D74FB66} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o3cx0grh.default-1397302169899
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll No File
CHR Plugin: (ScorchPlugin) - C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (SiteAdvisor) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-09-12]
CHR Extension: (AT_AgathaRuizdelaPrada) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccdaldnlpmblnjpbboadeocpnclfcbm [2010-11-08]
========================== Services (Whitelisted) =================
S4 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [124368 2010-08-27] (Toshiba Europe GmbH)
S2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [X]
S2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [X]
S2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [X]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-10] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S3 ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-26 14:04 - 2014-05-26 14:04 - 00012075 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\FRST.txt
2014-05-26 14:03 - 2014-05-26 14:03 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\FRST-OlderVersion
2014-05-26 13:59 - 2014-05-26 13:59 - 00074398 _____ () C:\ComboFix.txt
2014-05-26 13:44 - 2014-05-26 14:00 - 00000000 ____D () C:\ComboFix
2014-05-26 03:00 - 2014-05-26 03:01 - 00000818 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\JRT.txt
2014-05-26 02:36 - 2014-05-26 02:36 - 00000000 ____D () C:\Windows\ERUNT
2014-05-26 02:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-26 02:29 - 2014-05-26 02:31 - 00000000 ____D () C:\AdwCleaner
2014-05-26 02:28 - 2014-05-26 02:28 - 00000546 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\bandscheiben.txt
2014-05-26 00:54 - 2014-05-26 02:51 - 00000554 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\todo-viren.txt
2014-05-26 00:53 - 2014-05-26 00:53 - 01326389 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\adwcleaner_3.210.exe
2014-05-26 00:53 - 2014-05-26 00:53 - 01016261 _____ (Thisisu) C:\Users\*Nutzer2-nonadmin*\Desktop\JRT.exe
2014-05-26 00:43 - 2014-05-26 00:44 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora
2014-05-26 00:43 - 2014-05-26 00:43 - 00002469 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\mbam.txt
2014-05-26 00:28 - 2014-05-26 00:43 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 00:28 - 2014-05-26 00:28 - 00000859 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-26 00:28 - 2014-05-26 00:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 00:28 - 2014-05-26 00:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-26 00:28 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-26 00:28 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-26 00:28 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-23 17:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-23 17:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-23 17:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-23 17:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-23 17:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-23 17:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-23 17:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-23 17:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-23 17:41 - 2014-05-26 14:00 - 00000000 ____D () C:\Qoobox
2014-05-23 17:41 - 2014-05-23 18:01 - 00000000 ____D () C:\Windows\erdnt
2014-05-23 17:39 - 2014-05-26 13:44 - 05200919 ____R (Swearware) C:\Users\*Nutzer2-nonadmin*\Desktop\ComboFix.exe
2014-05-23 15:17 - 2014-05-23 15:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Nokia Suite
2014-05-23 15:17 - 2014-05-23 15:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Nokia
2014-05-23 15:07 - 2014-05-23 15:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2014-05-23 15:04 - 2014-05-23 15:15 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\PC Suite
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ccdcmb_01009.Wdf
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\User\AppData\Local\Nokia
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\NokiaAccount
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Nokia
2014-05-23 15:03 - 2014-05-23 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2014-05-23 15:02 - 2014-05-23 15:04 - 00000000 ____D () C:\ProgramData\Nokia
2014-05-23 15:02 - 2014-05-23 15:02 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2014-05-23 15:01 - 2014-05-23 15:01 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2014-05-23 15:01 - 2012-10-17 14:53 - 00019072 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfd.sys
2014-05-23 14:57 - 2014-05-23 15:02 - 00000000 ____D () C:\Program Files\Nokia
2014-05-23 14:57 - 2014-05-23 14:57 - 00000000 ____D () C:\ProgramData\NokiaInstallerCache
2014-05-23 14:54 - 2014-05-23 20:31 - 00000000 ____D () C:\Program Files\NSS
2014-05-23 14:54 - 2006-08-29 16:56 - 00032377 _____ (B-phreaks) C:\Windows\system32\Drivers\prodigy.sys
2014-05-23 13:20 - 2014-05-24 15:46 - 00039524 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Desktop.rar
2014-05-23 13:16 - 2014-05-23 13:16 - 00000520 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Aufnahmen - DRadio.lnk
2014-05-23 13:16 - 2014-05-23 13:16 - 00000506 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\MediathekView.lnk
2014-05-23 13:14 - 2014-05-23 13:14 - 00000044 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\filme.txt
2014-05-23 03:49 - 2014-05-23 03:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.6
2014-05-23 03:48 - 2014-05-23 03:49 - 00000000 ____D () C:\Program Files\Python26
2014-05-23 03:07 - 2014-05-23 03:30 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\MediathekView
2014-05-23 03:05 - 2014-05-23 03:24 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.mediathek3
2014-05-23 03:00 - 2014-05-23 03:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-23 03:00 - 2014-05-23 03:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-23 02:59 - 2014-05-23 02:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-23 02:59 - 2014-05-23 02:58 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-23 02:59 - 2014-05-23 02:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-23 02:59 - 2014-05-23 02:58 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-23 02:59 - 2014-05-23 02:58 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-23 02:12 - 2014-05-23 02:13 - 00000000 ____D () C:\Program Files\mediathekview
2014-05-23 01:07 - 2014-05-23 01:07 - 16281600 _____ () C:\Users\*Nutzer2-nonadmin*\Downloads\python-2.7.6.msi
2014-05-23 00:57 - 2014-05-23 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Meld
2014-05-23 00:57 - 2014-05-23 00:57 - 00000000 ____D () C:\Program Files\Meld
2014-05-23 00:53 - 2014-05-23 00:54 - 40184344 _____ (Keegan Witt) C:\Users\*Nutzer2-nonadmin*\Downloads\meld-1.8.4.1.exe
2014-05-23 00:37 - 2014-05-26 14:04 - 00000000 ____D () C:\FRST
2014-05-23 00:33 - 2014-05-26 14:03 - 01056256 _____ (Farbar) C:\Users\*Nutzer2-nonadmin*\Desktop\FRST.exe
2014-05-22 12:53 - 2014-05-22 12:53 - 00004437 _____ () C:\Users\*Nutzer2-nonadmin*\AppData\Local\recently-used.xbel
2014-05-22 11:26 - 2014-05-22 12:53 - 00286140 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\viren.xcf
2014-05-19 21:50 - 2014-05-19 21:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Ditto
2014-05-19 14:40 - 2014-05-22 11:18 - 00000093 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise2.txt
2014-05-17 00:21 - 2014-05-17 00:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-17 00:18 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 00:18 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 00:18 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 00:09 - 2014-05-17 00:12 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder
2014-05-17 00:09 - 2014-05-17 00:09 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\phonostar GmbH
2014-05-15 14:44 - 2014-05-15 14:45 - 00000289 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise.txt
2014-05-15 14:06 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 02:12 - 2014-05-15 02:13 - 107708366 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Druna-CI-Workshop-Beispiel.mp4
2014-05-14 02:36 - 2014-05-14 02:36 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-05-13 16:03 - 2014-05-13 16:03 - 00000788 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.exe.lnk
2014-05-13 15:51 - 2014-05-13 15:52 - 00000000 ____D () C:\Program Files\Autohotkey
2014-05-13 15:49 - 2014-05-13 16:02 - 00002190 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.ahk
2014-05-13 15:46 - 2014-05-14 00:10 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Ditto
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\Program Files\Ditto
2014-05-12 12:39 - 2014-05-12 12:39 - 00152139 _____ () C:\Users\User\Documents\usbnormal
2014-05-12 12:25 - 2014-05-22 11:26 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gtk-2.0
2014-05-12 12:25 - 2014-05-12 12:25 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.thumbnails
2014-05-12 12:23 - 2014-05-22 12:53 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.gimp-2.8
2014-05-12 12:23 - 2014-05-12 12:23 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gegl-0.2
2014-05-12 12:19 - 2014-05-12 12:19 - 00000842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-12 12:15 - 2014-05-12 12:18 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-12 11:27 - 2014-05-12 11:27 - 00000812 _____ () C:\Users\User\Desktop\mp3DirectCut.lnk
2014-05-12 11:26 - 2014-05-12 11:27 - 00000000 ____D () C:\Program Files\mp3directcut
2014-05-12 01:52 - 2014-05-12 01:52 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Apps\2.0
2014-05-12 01:23 - 2014-05-12 01:28 - 25235372 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\futurama-brutale-Polizeigewalt.ogg
2014-05-10 10:17 - 2014-05-10 10:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Notepad++
2014-05-10 10:08 - 2014-05-10 10:11 - 00000000 ____D () C:\Program Files\Notepadpp
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Ahead
2014-05-06 00:28 - 2014-05-06 00:28 - 00000853 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Aurora.lnk
2014-05-05 23:57 - 2014-05-19 22:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-28 08:49 - 2014-05-26 00:50 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\Desktopordner
2014-04-28 08:15 - 2014-04-28 08:15 - 00000104 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Computer.lnk
==================== One Month Modified Files and Folders =======
2014-05-26 14:04 - 2014-05-26 14:04 - 00012075 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\FRST.txt
2014-05-26 14:04 - 2014-05-23 00:37 - 00000000 ____D () C:\FRST
2014-05-26 14:03 - 2014-05-26 14:03 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\FRST-OlderVersion
2014-05-26 14:03 - 2014-05-23 00:33 - 01056256 _____ (Farbar) C:\Users\*Nutzer2-nonadmin*\Desktop\FRST.exe
2014-05-26 14:00 - 2014-05-26 13:44 - 00000000 ____D () C:\ComboFix
2014-05-26 14:00 - 2014-05-23 17:41 - 00000000 ____D () C:\Qoobox
2014-05-26 13:59 - 2014-05-26 13:59 - 00074398 _____ () C:\ComboFix.txt
2014-05-26 13:57 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-05-26 13:50 - 2008-01-21 03:35 - 01642522 _____ () C:\Windows\WindowsUpdate.log
2014-05-26 13:44 - 2014-05-23 17:39 - 05200919 ____R (Swearware) C:\Users\*Nutzer2-nonadmin*\Desktop\ComboFix.exe
2014-05-26 13:37 - 2010-09-14 16:31 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-05-26 13:37 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-26 13:37 - 2006-11-02 14:47 - 00004160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-26 13:37 - 2006-11-02 14:47 - 00004160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-26 13:36 - 2012-05-04 22:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-26 13:36 - 2006-11-02 15:01 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-26 13:29 - 2010-11-08 17:13 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000UA.job
2014-05-26 13:29 - 2010-11-08 17:13 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000Core.job
2014-05-26 03:01 - 2014-05-26 03:00 - 00000818 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\JRT.txt
2014-05-26 02:51 - 2014-05-26 00:54 - 00000554 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\todo-viren.txt
2014-05-26 02:36 - 2014-05-26 02:36 - 00000000 ____D () C:\Windows\ERUNT
2014-05-26 02:33 - 2008-01-21 04:47 - 00124028 _____ () C:\Windows\PFRO.log
2014-05-26 02:31 - 2014-05-26 02:29 - 00000000 ____D () C:\AdwCleaner
2014-05-26 02:28 - 2014-05-26 02:28 - 00000546 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\bandscheiben.txt
2014-05-26 02:28 - 2014-04-13 18:19 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\vlc
2014-05-26 00:53 - 2014-05-26 00:53 - 01326389 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\adwcleaner_3.210.exe
2014-05-26 00:53 - 2014-05-26 00:53 - 01016261 _____ (Thisisu) C:\Users\*Nutzer2-nonadmin*\Desktop\JRT.exe
2014-05-26 00:50 - 2014-04-28 08:49 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\Desktopordner
2014-05-26 00:44 - 2014-05-26 00:43 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora
2014-05-26 00:43 - 2014-05-26 00:43 - 00002469 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\mbam.txt
2014-05-26 00:43 - 2014-05-26 00:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 00:28 - 2014-05-26 00:28 - 00000859 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-26 00:28 - 2014-05-26 00:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 00:28 - 2014-05-26 00:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-24 15:46 - 2014-05-23 13:20 - 00039524 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Desktop.rar
2014-05-24 15:27 - 2008-01-21 09:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-23 20:31 - 2014-05-23 14:54 - 00000000 ____D () C:\Program Files\NSS
2014-05-23 20:31 - 2010-09-15 00:32 - 00000000 ____D () C:\Program Files\QuickTime
2014-05-23 18:02 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-05-23 18:02 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-05-23 18:01 - 2014-05-23 17:41 - 00000000 ____D () C:\Windows\erdnt
2014-05-23 15:17 - 2014-05-23 15:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Nokia Suite
2014-05-23 15:17 - 2014-05-23 15:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Nokia
2014-05-23 15:15 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\PC Suite
2014-05-23 15:07 - 2014-05-23 15:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2014-05-23 15:07 - 2011-04-20 01:02 - 00000000 ____D () C:\ProgramData\PC Suite
2014-05-23 15:07 - 2006-11-02 14:52 - 00127970 _____ () C:\Windows\setupact.log
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ccdcmb_01009.Wdf
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\User\AppData\Local\Nokia
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\NokiaAccount
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Nokia
2014-05-23 15:04 - 2014-05-23 15:02 - 00000000 ____D () C:\ProgramData\Nokia
2014-05-23 15:03 - 2014-05-23 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2014-05-23 15:02 - 2014-05-23 15:02 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2014-05-23 15:02 - 2014-05-23 14:57 - 00000000 ____D () C:\Program Files\Nokia
2014-05-23 15:01 - 2014-05-23 15:01 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2014-05-23 15:01 - 2011-04-19 20:07 - 00000000 ____D () C:\Program Files\DIFX
2014-05-23 15:01 - 2010-09-13 10:07 - 00059642 _____ () C:\Windows\DPINST.LOG
2014-05-23 14:57 - 2014-05-23 14:57 - 00000000 ____D () C:\ProgramData\NokiaInstallerCache
2014-05-23 13:42 - 2014-04-13 14:53 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Adobe
2014-05-23 13:42 - 2010-09-11 13:00 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-05-23 13:37 - 2010-09-14 11:15 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-23 13:31 - 2010-09-14 11:11 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-05-23 13:29 - 2014-04-13 23:42 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Adobe
2014-05-23 13:16 - 2014-05-23 13:16 - 00000520 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Aufnahmen - DRadio.lnk
2014-05-23 13:16 - 2014-05-23 13:16 - 00000506 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\MediathekView.lnk
2014-05-23 13:14 - 2014-05-23 13:14 - 00000044 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\filme.txt
2014-05-23 03:49 - 2014-05-23 03:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.6
2014-05-23 03:49 - 2014-05-23 03:48 - 00000000 ____D () C:\Program Files\Python26
2014-05-23 03:30 - 2014-05-23 03:07 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\MediathekView
2014-05-23 03:24 - 2014-05-23 03:05 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.mediathek3
2014-05-23 03:07 - 2014-04-13 14:45 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*
2014-05-23 03:00 - 2014-05-23 03:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-23 03:00 - 2014-05-23 03:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-23 02:59 - 2014-05-23 02:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-23 02:58 - 2014-05-23 02:59 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-23 02:58 - 2014-05-23 02:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-23 02:58 - 2014-05-23 02:59 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-23 02:58 - 2014-05-23 02:59 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-23 02:58 - 2010-11-16 09:30 - 00000000 ____D () C:\Program Files\java
2014-05-23 02:13 - 2014-05-23 02:12 - 00000000 ____D () C:\Program Files\mediathekview
2014-05-23 01:07 - 2014-05-23 01:07 - 16281600 _____ () C:\Users\*Nutzer2-nonadmin*\Downloads\python-2.7.6.msi
2014-05-23 00:57 - 2014-05-23 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Meld
2014-05-23 00:57 - 2014-05-23 00:57 - 00000000 ____D () C:\Program Files\Meld
2014-05-23 00:54 - 2014-05-23 00:53 - 40184344 _____ (Keegan Witt) C:\Users\*Nutzer2-nonadmin*\Downloads\meld-1.8.4.1.exe
2014-05-22 12:53 - 2014-05-22 12:53 - 00004437 _____ () C:\Users\*Nutzer2-nonadmin*\AppData\Local\recently-used.xbel
2014-05-22 12:53 - 2014-05-22 11:26 - 00286140 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\viren.xcf
2014-05-22 12:53 - 2014-05-12 12:23 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.gimp-2.8
2014-05-22 11:26 - 2014-05-12 12:25 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gtk-2.0
2014-05-22 11:18 - 2014-05-19 14:40 - 00000093 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise2.txt
2014-05-19 22:04 - 2014-05-05 23:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-19 21:50 - 2014-05-19 21:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Ditto
2014-05-17 01:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-17 00:25 - 2013-09-29 16:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 00:22 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-17 00:21 - 2014-05-17 00:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-17 00:21 - 2010-09-14 16:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-17 00:12 - 2014-05-17 00:09 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder
2014-05-17 00:09 - 2014-05-17 00:09 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\phonostar GmbH
2014-05-15 14:45 - 2014-05-15 14:44 - 00000289 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise.txt
2014-05-15 02:13 - 2014-05-15 02:12 - 107708366 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Druna-CI-Workshop-Beispiel.mp4
2014-05-14 02:36 - 2014-05-14 02:36 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-05-14 02:36 - 2012-05-04 22:15 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 02:36 - 2011-05-17 18:00 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 00:10 - 2014-05-13 15:46 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Ditto
2014-05-13 16:03 - 2014-05-13 16:03 - 00000788 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.exe.lnk
2014-05-13 16:02 - 2014-05-13 15:49 - 00002190 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.ahk
2014-05-13 15:52 - 2014-05-13 15:51 - 00000000 ____D () C:\Program Files\Autohotkey
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\Program Files\Ditto
2014-05-12 12:39 - 2014-05-12 12:39 - 00152139 _____ () C:\Users\User\Documents\usbnormal
2014-05-12 12:25 - 2014-05-12 12:25 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.thumbnails
2014-05-12 12:23 - 2014-05-12 12:23 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gegl-0.2
2014-05-12 12:19 - 2014-05-12 12:19 - 00000842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-12 12:18 - 2014-05-12 12:15 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-12 11:27 - 2014-05-12 11:27 - 00000812 _____ () C:\Users\User\Desktop\mp3DirectCut.lnk
2014-05-12 11:27 - 2014-05-12 11:26 - 00000000 ____D () C:\Program Files\mp3directcut
2014-05-12 07:26 - 2014-05-26 00:28 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-26 00:28 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-26 00:28 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-12 01:52 - 2014-05-12 01:52 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Apps\2.0
2014-05-12 01:28 - 2014-05-12 01:23 - 25235372 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\futurama-brutale-Polizeigewalt.ogg
2014-05-10 10:17 - 2014-05-10 10:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Notepad++
2014-05-10 10:11 - 2014-05-10 10:08 - 00000000 ____D () C:\Program Files\Notepadpp
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Ahead
2014-05-08 14:27 - 2012-05-23 19:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-06 01:32 - 2014-05-17 00:18 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 01:14 - 2014-05-17 00:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 01:14 - 2014-05-17 00:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 00:28 - 2014-05-06 00:28 - 00000853 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Aurora.lnk
2014-04-28 08:15 - 2014-04-28 08:15 - 00000104 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Computer.lnk
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-26 13:52
==================== End Of Log ============================
So, jetzt konnte ich es editieren. Sollte alles drin sein  Geändert von ichmoechtauc (26.05.2014 um 01:50 Uhr) |
|
28.05.2014, 09:33
| #8 |
| /// the machine /// TB-Ausbilder | Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dllESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.05.2014, 09:22
| #9 |
| | Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll Scheint alles weg zu sein, vielen Dank für deine Hilfe! ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c1bbad0314bf2d41ab73b0861efab1d1
# engine=18441
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-28 10:53:23
# local_time=2014-05-28 12:53:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 3638967 238807131 0 0
# scanned=172599
# found=0
# cleaned=0
# scan_time=3981
Code:
ATTFilter Results of screen317's Security Check version 0.99.83
Windows Vista Service Pack 2 x86
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Adobe Flash Player 13.0.0.214
Mozilla Firefox (29.0.1)
Google Chrome 31.0.1650.63
Google Chrome 34.0.1847.116
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by User (administrator) on pcname on 29-05-2014 01:45:52
Running from C:\Users\User\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Ditto\Ditto.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1050072 2010-08-27] (Toshiba Europe GmbH)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [1433200 2012-11-08] ()
HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3063606764-1177351860-3295820248-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-11-08] (Google Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE003EBEC9B7ECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {9DF002E3-B996-4600-858A-B63E2D74FB66} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o3cx0grh.default-1397302169899
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o3cx0grh.default-1397302169899\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll No File
CHR Plugin: (ScorchPlugin) - C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (SiteAdvisor) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-09-12]
CHR Extension: (AT_AgathaRuizdelaPrada) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccdaldnlpmblnjpbboadeocpnclfcbm [2010-11-08]
========================== Services (Whitelisted) =================
S4 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [124368 2010-08-27] (Toshiba Europe GmbH)
S2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [X]
S2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [X]
S2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [X]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-10] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S3 ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-29 01:45 - 2014-05-29 01:45 - 00012459 _____ () C:\Users\User\Desktop\FRST.txt
2014-05-29 01:45 - 2014-05-26 14:03 - 01056256 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2014-05-29 01:44 - 2014-05-29 01:44 - 00000913 _____ () C:\Users\Public\Documents\checkup.txt
2014-05-29 01:39 - 2014-05-28 11:34 - 00854367 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-05-29 01:29 - 2014-05-29 01:30 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\Weitere Programme
2014-05-29 01:16 - 2014-05-29 01:16 - 00013257 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\Probandenüberblick.ods
2014-05-28 22:43 - 2014-05-29 01:27 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\Nokia
2014-05-28 13:09 - 2014-05-28 13:09 - 00000524 _____ () C:\Users\User\Desktop\Öffentliche Dokumente - Verknüpfung.lnk
2014-05-28 12:22 - 2014-05-28 12:23 - 00000000 ____D () C:\Users\User\Downloads\toshiba
2014-05-28 12:03 - 2014-05-28 13:09 - 00000655 _____ () C:\Users\Public\Documents\todo-viren2.txt
2014-05-28 11:55 - 2014-05-28 11:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Notepad++
2014-05-28 11:44 - 2014-05-28 11:44 - 00000000 ____D () C:\Program Files\ESET
2014-05-28 11:34 - 2014-05-28 11:34 - 00854367 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\SecurityCheck.exe
2014-05-28 00:17 - 2014-05-29 01:18 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora
2014-05-26 13:59 - 2014-05-26 13:59 - 00074398 _____ () C:\Users\Public\Documents\ComboFix.txt
2014-05-26 02:36 - 2014-05-26 02:36 - 00000000 ____D () C:\Windows\ERUNT
2014-05-26 02:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-26 02:29 - 2014-05-26 02:31 - 00000000 ____D () C:\AdwCleaner
2014-05-26 02:28 - 2014-05-26 02:28 - 00000546 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\bandscheiben.txt
2014-05-26 00:54 - 2014-05-26 02:51 - 00000554 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\todo-viren.txt
2014-05-26 00:53 - 2014-05-26 00:53 - 01326389 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\adwcleaner_3.210.exe
2014-05-26 00:53 - 2014-05-26 00:53 - 01016261 _____ (Thisisu) C:\Users\*Nutzer2-nonadmin*\Desktop\JRT.exe
2014-05-26 00:28 - 2014-05-26 00:43 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 00:28 - 2014-05-26 00:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 00:28 - 2014-05-26 00:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-26 00:28 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-26 00:28 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-26 00:28 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-23 17:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-23 17:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-23 17:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-23 17:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-23 17:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-23 17:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-23 17:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-23 17:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-23 17:41 - 2014-05-26 14:00 - 00000000 ____D () C:\Qoobox
2014-05-23 17:41 - 2014-05-23 18:01 - 00000000 ____D () C:\Windows\erdnt
2014-05-23 17:39 - 2014-05-26 13:44 - 05200919 ____R (Swearware) C:\Users\*Nutzer2-nonadmin*\Desktop\ComboFix.exe
2014-05-23 15:17 - 2014-05-23 15:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Nokia Suite
2014-05-23 15:17 - 2014-05-23 15:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Nokia
2014-05-23 15:07 - 2014-05-23 15:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2014-05-23 15:04 - 2014-05-23 15:15 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\PC Suite
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ccdcmb_01009.Wdf
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\User\AppData\Local\Nokia
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\NokiaAccount
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Nokia
2014-05-23 15:03 - 2014-05-23 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2014-05-23 15:02 - 2014-05-23 15:04 - 00000000 ____D () C:\ProgramData\Nokia
2014-05-23 15:02 - 2014-05-23 15:02 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2014-05-23 15:01 - 2014-05-23 15:01 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2014-05-23 15:01 - 2012-10-17 14:53 - 00019072 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfd.sys
2014-05-23 14:57 - 2014-05-23 15:02 - 00000000 ____D () C:\Program Files\Nokia
2014-05-23 14:57 - 2014-05-23 14:57 - 00000000 ____D () C:\ProgramData\NokiaInstallerCache
2014-05-23 14:54 - 2014-05-23 20:31 - 00000000 ____D () C:\Program Files\NSS
2014-05-23 14:54 - 2006-08-29 16:56 - 00032377 _____ (B-phreaks) C:\Windows\system32\Drivers\prodigy.sys
2014-05-23 13:16 - 2014-05-23 13:16 - 00000520 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Aufnahmen - DRadio.lnk
2014-05-23 13:16 - 2014-05-23 13:16 - 00000506 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\MediathekView.lnk
2014-05-23 13:14 - 2014-05-23 13:14 - 00000044 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\filme.txt
2014-05-23 03:49 - 2014-05-23 03:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.6
2014-05-23 03:48 - 2014-05-23 03:49 - 00000000 ____D () C:\Program Files\Python26
2014-05-23 03:07 - 2014-05-23 03:30 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\MediathekView
2014-05-23 03:05 - 2014-05-23 03:24 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.mediathek3
2014-05-23 03:00 - 2014-05-23 03:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-23 03:00 - 2014-05-23 03:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-23 02:59 - 2014-05-23 02:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-23 02:59 - 2014-05-23 02:58 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-23 02:59 - 2014-05-23 02:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-23 02:59 - 2014-05-23 02:58 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-23 02:59 - 2014-05-23 02:58 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-23 02:12 - 2014-05-23 02:13 - 00000000 ____D () C:\Program Files\mediathekview
2014-05-23 01:07 - 2014-05-23 01:07 - 16281600 _____ () C:\Users\*Nutzer2-nonadmin*\Downloads\python-2.7.6.msi
2014-05-23 00:57 - 2014-05-23 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Meld
2014-05-23 00:57 - 2014-05-23 00:57 - 00000000 ____D () C:\Program Files\Meld
2014-05-23 00:53 - 2014-05-23 00:54 - 40184344 _____ (Keegan Witt) C:\Users\*Nutzer2-nonadmin*\Downloads\meld-1.8.4.1.exe
2014-05-23 00:37 - 2014-05-29 01:45 - 00000000 ____D () C:\FRST
2014-05-23 00:33 - 2014-05-26 14:03 - 01056256 _____ (Farbar) C:\Users\*Nutzer2-nonadmin*\Desktop\FRST.exe
2014-05-22 12:53 - 2014-05-22 12:53 - 00004437 _____ () C:\Users\*Nutzer2-nonadmin*\AppData\Local\recently-used.xbel
2014-05-19 22:04 - 2014-05-19 22:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-19 21:50 - 2014-05-29 01:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\Ditto
2014-05-19 14:40 - 2014-05-22 11:18 - 00000093 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise2.txt
2014-05-17 00:21 - 2014-05-17 00:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-17 00:18 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 00:18 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 00:18 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 00:09 - 2014-05-17 00:12 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder
2014-05-17 00:09 - 2014-05-17 00:09 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\phonostar GmbH
2014-05-15 14:44 - 2014-05-15 14:45 - 00000289 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise.txt
2014-05-15 14:06 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 02:12 - 2014-05-15 02:13 - 107708366 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Druna-CI-Workshop-Beispiel.mp4
2014-05-14 02:36 - 2014-05-14 02:36 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-05-13 16:03 - 2014-05-13 16:03 - 00000788 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.exe.lnk
2014-05-13 15:51 - 2014-05-13 15:52 - 00000000 ____D () C:\Program Files\Autohotkey
2014-05-13 15:49 - 2014-05-13 16:02 - 00002190 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.ahk
2014-05-13 15:46 - 2014-05-14 00:10 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Ditto
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\Program Files\Ditto
2014-05-12 12:39 - 2014-05-12 12:39 - 00152139 _____ () C:\Users\User\Documents\usbnormal
2014-05-12 12:25 - 2014-05-22 11:26 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gtk-2.0
2014-05-12 12:25 - 2014-05-12 12:25 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.thumbnails
2014-05-12 12:23 - 2014-05-22 12:53 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.gimp-2.8
2014-05-12 12:23 - 2014-05-12 12:23 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gegl-0.2
2014-05-12 12:19 - 2014-05-12 12:19 - 00000842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-12 12:15 - 2014-05-12 12:18 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-12 11:27 - 2014-05-12 11:27 - 00000812 _____ () C:\Users\User\Desktop\mp3DirectCut.lnk
2014-05-12 11:26 - 2014-05-12 11:27 - 00000000 ____D () C:\Program Files\mp3directcut
2014-05-12 01:52 - 2014-05-12 01:52 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Apps\2.0
2014-05-12 01:23 - 2014-05-12 01:28 - 25235372 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\futurama-brutale-Polizeigewalt.ogg
2014-05-10 10:17 - 2014-05-10 10:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Notepad++
2014-05-10 10:08 - 2014-05-10 10:11 - 00000000 ____D () C:\Program Files\Notepadpp
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Ahead
2014-05-06 00:28 - 2014-05-06 00:28 - 00000853 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Aurora.lnk
==================== One Month Modified Files and Folders =======
2014-05-29 01:46 - 2014-05-29 01:45 - 00012459 _____ () C:\Users\User\Desktop\FRST.txt
2014-05-29 01:45 - 2014-05-23 00:37 - 00000000 ____D () C:\FRST
2014-05-29 01:44 - 2014-05-29 01:44 - 00000913 _____ () C:\Users\Public\Documents\checkup.txt
2014-05-29 01:36 - 2012-05-04 22:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 01:30 - 2014-05-29 01:29 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\Weitere Programme
2014-05-29 01:30 - 2014-05-19 21:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Ditto
2014-05-29 01:27 - 2014-05-28 22:43 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\Nokia
2014-05-29 01:18 - 2014-05-28 00:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Aurora
2014-05-29 01:16 - 2014-05-29 01:16 - 00013257 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\Probandenüberblick.ods
2014-05-29 00:57 - 2010-11-08 17:13 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000UA.job
2014-05-29 00:25 - 2006-11-02 14:47 - 00004160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-29 00:25 - 2006-11-02 14:47 - 00004160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 22:47 - 2008-01-21 03:35 - 01734667 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 22:25 - 2012-05-23 19:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-28 22:25 - 2010-09-14 16:31 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-05-28 22:25 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 15:11 - 2006-11-02 15:01 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-28 13:09 - 2014-05-28 13:09 - 00000524 _____ () C:\Users\User\Desktop\Öffentliche Dokumente - Verknüpfung.lnk
2014-05-28 13:09 - 2014-05-28 12:03 - 00000655 _____ () C:\Users\Public\Documents\todo-viren2.txt
2014-05-28 12:58 - 2010-11-08 17:13 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3063606764-1177351860-3295820248-1000Core.job
2014-05-28 12:45 - 2010-10-17 23:19 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 12:23 - 2014-05-28 12:22 - 00000000 ____D () C:\Users\User\Downloads\toshiba
2014-05-28 12:06 - 2014-04-18 13:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-05-28 11:55 - 2014-05-28 11:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Notepad++
2014-05-28 11:44 - 2014-05-28 11:44 - 00000000 ____D () C:\Program Files\ESET
2014-05-28 11:34 - 2014-05-29 01:39 - 00854367 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-05-28 11:34 - 2014-05-28 11:34 - 00854367 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\SecurityCheck.exe
2014-05-27 12:50 - 2008-01-21 04:47 - 00124828 _____ () C:\Windows\PFRO.log
2014-05-26 14:03 - 2014-05-29 01:45 - 01056256 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2014-05-26 14:03 - 2014-05-23 00:33 - 01056256 _____ (Farbar) C:\Users\*Nutzer2-nonadmin*\Desktop\FRST.exe
2014-05-26 14:00 - 2014-05-23 17:41 - 00000000 ____D () C:\Qoobox
2014-05-26 13:59 - 2014-05-26 13:59 - 00074398 _____ () C:\Users\Public\Documents\ComboFix.txt
2014-05-26 13:57 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-05-26 13:44 - 2014-05-23 17:39 - 05200919 ____R (Swearware) C:\Users\*Nutzer2-nonadmin*\Desktop\ComboFix.exe
2014-05-26 02:51 - 2014-05-26 00:54 - 00000554 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\todo-viren.txt
2014-05-26 02:36 - 2014-05-26 02:36 - 00000000 ____D () C:\Windows\ERUNT
2014-05-26 02:31 - 2014-05-26 02:29 - 00000000 ____D () C:\AdwCleaner
2014-05-26 02:28 - 2014-05-26 02:28 - 00000546 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\bandscheiben.txt
2014-05-26 02:28 - 2014-04-13 18:19 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\vlc
2014-05-26 00:53 - 2014-05-26 00:53 - 01326389 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\adwcleaner_3.210.exe
2014-05-26 00:53 - 2014-05-26 00:53 - 01016261 _____ (Thisisu) C:\Users\*Nutzer2-nonadmin*\Desktop\JRT.exe
2014-05-26 00:50 - 2014-04-28 08:49 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Desktop\Desktopordner
2014-05-26 00:43 - 2014-05-26 00:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 00:28 - 2014-05-26 00:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 00:28 - 2014-05-26 00:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-24 15:27 - 2008-01-21 09:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-23 20:31 - 2014-05-23 14:54 - 00000000 ____D () C:\Program Files\NSS
2014-05-23 20:31 - 2010-09-15 00:32 - 00000000 ____D () C:\Program Files\QuickTime
2014-05-23 18:02 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-05-23 18:02 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-05-23 18:01 - 2014-05-23 17:41 - 00000000 ____D () C:\Windows\erdnt
2014-05-23 15:17 - 2014-05-23 15:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Nokia Suite
2014-05-23 15:17 - 2014-05-23 15:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Nokia
2014-05-23 15:15 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\PC Suite
2014-05-23 15:07 - 2014-05-23 15:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2014-05-23 15:07 - 2011-04-20 01:02 - 00000000 ____D () C:\ProgramData\PC Suite
2014-05-23 15:07 - 2006-11-02 14:52 - 00127970 _____ () C:\Windows\setupact.log
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ccdcmb_01009.Wdf
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\User\AppData\Local\Nokia
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\NokiaAccount
2014-05-23 15:04 - 2014-05-23 15:04 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Nokia
2014-05-23 15:04 - 2014-05-23 15:02 - 00000000 ____D () C:\ProgramData\Nokia
2014-05-23 15:03 - 2014-05-23 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2014-05-23 15:02 - 2014-05-23 15:02 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2014-05-23 15:02 - 2014-05-23 14:57 - 00000000 ____D () C:\Program Files\Nokia
2014-05-23 15:01 - 2014-05-23 15:01 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2014-05-23 15:01 - 2011-04-19 20:07 - 00000000 ____D () C:\Program Files\DIFX
2014-05-23 15:01 - 2010-09-13 10:07 - 00059642 _____ () C:\Windows\DPINST.LOG
2014-05-23 14:57 - 2014-05-23 14:57 - 00000000 ____D () C:\ProgramData\NokiaInstallerCache
2014-05-23 13:42 - 2014-04-13 14:53 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Adobe
2014-05-23 13:42 - 2010-09-11 13:00 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-05-23 13:37 - 2010-09-14 11:15 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-23 13:31 - 2010-09-14 11:11 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-05-23 13:29 - 2014-04-13 23:42 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Adobe
2014-05-23 13:16 - 2014-05-23 13:16 - 00000520 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Aufnahmen - DRadio.lnk
2014-05-23 13:16 - 2014-05-23 13:16 - 00000506 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\MediathekView.lnk
2014-05-23 13:14 - 2014-05-23 13:14 - 00000044 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\filme.txt
2014-05-23 03:49 - 2014-05-23 03:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.6
2014-05-23 03:49 - 2014-05-23 03:48 - 00000000 ____D () C:\Program Files\Python26
2014-05-23 03:30 - 2014-05-23 03:07 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\MediathekView
2014-05-23 03:24 - 2014-05-23 03:05 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.mediathek3
2014-05-23 03:07 - 2014-04-13 14:45 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*
2014-05-23 03:00 - 2014-05-23 03:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-23 03:00 - 2014-05-23 03:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-23 02:59 - 2014-05-23 02:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-23 02:58 - 2014-05-23 02:59 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-23 02:58 - 2014-05-23 02:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-23 02:58 - 2014-05-23 02:59 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-23 02:58 - 2014-05-23 02:59 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-23 02:58 - 2010-11-16 09:30 - 00000000 ____D () C:\Program Files\java
2014-05-23 02:13 - 2014-05-23 02:12 - 00000000 ____D () C:\Program Files\mediathekview
2014-05-23 01:07 - 2014-05-23 01:07 - 16281600 _____ () C:\Users\*Nutzer2-nonadmin*\Downloads\python-2.7.6.msi
2014-05-23 00:57 - 2014-05-23 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Meld
2014-05-23 00:57 - 2014-05-23 00:57 - 00000000 ____D () C:\Program Files\Meld
2014-05-23 00:54 - 2014-05-23 00:53 - 40184344 _____ (Keegan Witt) C:\Users\*Nutzer2-nonadmin*\Downloads\meld-1.8.4.1.exe
2014-05-22 12:53 - 2014-05-22 12:53 - 00004437 _____ () C:\Users\*Nutzer2-nonadmin*\AppData\Local\recently-used.xbel
2014-05-22 12:53 - 2014-05-12 12:23 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.gimp-2.8
2014-05-22 11:26 - 2014-05-12 12:25 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gtk-2.0
2014-05-22 11:18 - 2014-05-19 14:40 - 00000093 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise2.txt
2014-05-19 22:05 - 2014-05-19 22:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-17 01:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-17 00:25 - 2013-09-29 16:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 00:22 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-17 00:21 - 2014-05-17 00:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-17 00:21 - 2010-09-14 16:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-17 00:12 - 2014-05-17 00:09 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\Documents\dradio-Recorder
2014-05-17 00:09 - 2014-05-17 00:09 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\phonostar GmbH
2014-05-15 14:45 - 2014-05-15 14:44 - 00000289 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Denise.txt
2014-05-15 02:13 - 2014-05-15 02:12 - 107708366 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Druna-CI-Workshop-Beispiel.mp4
2014-05-14 02:36 - 2014-05-14 02:36 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-05-14 02:36 - 2012-05-04 22:15 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 02:36 - 2011-05-17 18:00 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 00:10 - 2014-05-13 15:46 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Ditto
2014-05-13 16:03 - 2014-05-13 16:03 - 00000788 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.exe.lnk
2014-05-13 16:02 - 2014-05-13 15:49 - 00002190 _____ () C:\Users\*Nutzer2-nonadmin*\Documents\AutoHotkey.ahk
2014-05-13 15:52 - 2014-05-13 15:51 - 00000000 ____D () C:\Program Files\Autohotkey
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto
2014-05-13 15:46 - 2014-05-13 15:46 - 00000000 ____D () C:\Program Files\Ditto
2014-05-12 12:39 - 2014-05-12 12:39 - 00152139 _____ () C:\Users\User\Documents\usbnormal
2014-05-12 12:25 - 2014-05-12 12:25 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\.thumbnails
2014-05-12 12:23 - 2014-05-12 12:23 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\gegl-0.2
2014-05-12 12:19 - 2014-05-12 12:19 - 00000842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-12 12:18 - 2014-05-12 12:15 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-12 11:27 - 2014-05-12 11:27 - 00000812 _____ () C:\Users\User\Desktop\mp3DirectCut.lnk
2014-05-12 11:27 - 2014-05-12 11:26 - 00000000 ____D () C:\Program Files\mp3directcut
2014-05-12 07:26 - 2014-05-26 00:28 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-26 00:28 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-26 00:28 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-12 01:52 - 2014-05-12 01:52 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Apps\2.0
2014-05-12 01:28 - 2014-05-12 01:23 - 25235372 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\futurama-brutale-Polizeigewalt.ogg
2014-05-10 10:17 - 2014-05-10 10:17 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Roaming\Notepad++
2014-05-10 10:11 - 2014-05-10 10:08 - 00000000 ____D () C:\Program Files\Notepadpp
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\*Nutzer2-nonadmin*\AppData\Local\Ahead
2014-05-06 01:32 - 2014-05-17 00:18 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 01:14 - 2014-05-17 00:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 01:14 - 2014-05-17 00:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 00:28 - 2014-05-06 00:28 - 00000853 _____ () C:\Users\*Nutzer2-nonadmin*\Desktop\Aurora.lnk
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-28 22:50
==================== End Of Log ============================
--- --- --- Geändert von ichmoechtauc (29.05.2014 um 09:44 Uhr) |
|
30.05.2014, 09:37
| #10 |
| /// the machine /// TB-Ausbilder | Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.06.2014, 01:09
| #11 |
| | Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll Das letzte Log, sieht gut aus. Vielen Dank für alles. Kannst das Abo dann löschen, denk ich Code:
ATTFilter # DelFix v10.7 - Datei am 04/06/2014 um 01:58:50 erstellt
# Aktualisiert am 27/04/2014 von Xplode
# Benutzer : 2.non-admin-nutzer - pcname
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
~ Aktiviere die Benutzerkontensteuerung ... OK
~ Entferne die Bereinigungsprogramme ...
Gelöscht : \32788R22FWJFW
Gelöscht : \FRST
Gelöscht : \AdwCleaner
Gelöscht : HKLM\SOFTWARE\OldTimer Tools
Gelöscht : HKLM\SOFTWARE\AdwCleaner
Gelöscht : HKLM\SOFTWARE\Swearware
~ Erstelle ein Backup der Registrierungsdatenbank ... OK
~ Lösche die Wiederherstellungspunkte ...
Gelöscht : RP #796 [Geplanter Prüfpunkt | 05/27/2014 22:35:28]
Gelöscht : RP #797 [Geplanter Prüfpunkt | 05/28/2014 13:02:18]
Gelöscht : RP #798 [Windows Update | 05/28/2014 20:38:57]
Gelöscht : RP #799 [Windows Update | 06/01/2014 00:39:34]
Gelöscht : RP #800 [ComboFix created restore point | 06/03/2014 23:33:24]
Ein neuer Wiederherstellungspunkt wurde erstellt !
~ Stelle die Systemeinstellungen wieder her ... OK
########## - EOF - ##########
|
|
04.06.2014, 19:04
| #12 |
| /// the machine /// TB-Ausbilder | Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll |
| adware.installbrain, install.exe, pup.optional.bundleinstaller.a, pup.optional.crossrider.a, pup.optional.pricegong.a, pup.optional.softonic.a, trojan.agent, ändern |
WARNUNG an die MITLESER: 
Linear-Darstellung
