Trojaner-Board - Telekom /Abuse sperrt meinen MailAccount. Versenden schädlicher Software

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Telekom /Abuse sperrt meinen MailAccount. Versenden schädlicher Software (https://www.trojaner-board.de/147598-telekom-abuse-sperrt-meinen-mailaccount-versenden-schaedlicher-software.html)

Telekom /Abuse sperrt meinen MailAccount. Versenden schädlicher Software

Hallo zusammen,
ich bekam dieses Schreiben schon mehrmals von der Sicherheitsabteilung (Abuse) der T-Kom.
Bis dato habe ich immer etwaige "Verdächtige" gefunden und beseitigt. Diesmal denke ich , dass ich ein Problem habe.

Ich verwende Windows 7 HP und Norton AV

Hier die Log Files:

Defrogger

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 18:57 on 08/01/2014 (Admin)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

FRST

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-01-2014

Ran by Admin (administrator) on MONSTERDIDI on 08-01-2014 19:00:35

Running from C:\Users\Admin\Desktop

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

() C:\Program Files\ASUS\AXSP\1.00.13\atkexComSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

() C:\Program Files\ASUS\AAHM\1.00.13\aaHMSvc.exe

() C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

(DeviceVM, Inc.) C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe

(Teruten) C:\Windows\System32\FsUsbExService.Exe

(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\AsRoutineController.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe

(DeviceVM, Inc.) C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(SHI Elektronische Medien GmbH) C:\Program Files\WEKA\Kommentierte Betriebsvereinbarungen\SHIWebOnDisk.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\EPU\EPUHelp.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\AI Suite II.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)

HKLM\...\Run: [BCU] - C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe [411864 2010-03-05] (DeviceVM, Inc.)

HKLM\...\Run: [SHIWebOnDiskManager] - C:\Program Files\SHIWebOnDiskManager\SHIWebOnDiskManager.exe [233472 2011-09-23] (SHI Elektronische Medien GmbH)

HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKCU\...\Run: [AdobeBridge] - [x]

HKCU\...\Policies\Explorer: [NoCDBurning] 0

AppInit_DLLs: ì)8ùqÜ±vb [ ] ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=792919e9-9c7c-8293-6f85-ff1387632e08&searchtype=ds&q={searchTerms}&installDate=08/11/2013

SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=792919e9-9c7c-8293-6f85-ff1387632e08&searchtype=ds&q={searchTerms}&installDate=08/11/2013

SearchScopes: HKCU - DefaultScope {426ED343-66B1-4eb2-BD46-51F2AB7D269B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB

SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=792919e9-9c7c-8293-6f85-ff1387632e08&searchtype=ds&q={searchTerms}&installDate=08/11/2013

SearchScopes: HKCU - {292B7515-673D-41ef-A07A-854E5F903682} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}

SearchScopes: HKCU - {426ED343-66B1-4eb2-BD46-51F2AB7D269B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear

SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSSNAV&chn=retail&geo=DE&ver=2014&locale=de_DE&gct=kwd&qsrc=2869

BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\IPS\ipsbho.dll (Symantec Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File

Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File

Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab

DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default

FF NewTab: about:blank

FF DefaultSearchEngine: Web Search

FF SearchEngineOrder.3: Bing 

FF SelectedSearchEngine: Web Search

FF Homepage: google.de

FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=792919e9-9c7c-8293-6f85-ff1387632e08&searchtype=ds&installDate=08/11/2013&q=

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.3.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\searchplugins\bingp.xml

FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\searchplugins\safesearch.xml

FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\searchplugins\Web Search.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: SuperLyrics-16 - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com

FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video

FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video

FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\IPSFF
 

========================== Services (Whitelisted) =================
 

R2 asComSvc; C:\Program Files\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()

R2 asHmComSvc; C:\Program Files\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()

R2 AsSysCtrlService; C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()

R2 BCUService; C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [235752 2010-03-05] (DeviceVM, Inc.)

R2 NAV; C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14650144 2013-10-18] (NVIDIA Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-08-24] ()

R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [98280 2011-01-27] (ASMedia Technology Inc)

R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [304616 2011-01-27] (ASMedia Technology Inc)

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\BASHDefs\20131218.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)

R1 ccSet_NAV; C:\Windows\system32\drivers\NAV\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)

R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-07-18] ()

R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\IPSDefs\20140107.001\IDSvix86.sys [394456 2013-12-13] (Symantec Corporation)

R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\VirusDefs\20140108.003\NAVENG.SYS [93272 2014-01-03] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\VirusDefs\20140108.003\NAVEX15.SYS [1612376 2014-01-03] (Symantec Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [33568 2013-09-28] (NVIDIA Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\NAV\1404000.028\SRTSP.SYS [603224 2013-05-15] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NAV\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)

S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [182680 2013-10-28] (DEVGURU Co., LTD.(www.devguru.co.kr))

S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2007-10-25] ()

R0 SymDS; C:\Windows\System32\drivers\NAV\1404000.028\SYMDS.SYS [367704 2013-05-20] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NAV\1404000.028\SYMEFA.SYS [934488 2013-05-22] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-23] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NAV\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NAV\1404000.028\SYMNETS.SYS [339544 2013-04-24] (Symantec Corporation)

S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [x]

S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-08 19:00 - 2014-01-08 19:00 - 00015606 _____ C:\Users\Admin\Desktop\FRST.txt

2014-01-08 19:00 - 2014-01-08 19:00 - 00000000 ____D C:\FRST

2014-01-08 18:59 - 2014-01-08 18:59 - 01065719 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe

2014-01-08 18:57 - 2014-01-08 18:57 - 00000472 _____ C:\Users\Admin\Desktop\defogger_disable.log

2014-01-08 18:57 - 2014-01-08 18:57 - 00000000 _____ C:\Users\Admin\defogger_reenable

2014-01-08 18:47 - 2014-01-08 18:47 - 00000324 _____ C:\Windows\PFRO.log

2014-01-08 18:35 - 2014-01-08 18:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes

2014-01-08 18:34 - 2014-01-08 18:34 - 00001070 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2014-01-08 18:34 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-01-08 18:31 - 2014-01-08 18:31 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Admin\Desktop\mbam-setup-1.75.0.1300.exe

2014-01-08 18:23 - 2014-01-08 18:23 - 04745728 _____ (AVAST Software) C:\Users\Admin\Desktop\aswMBR.exe

2014-01-08 18:23 - 2014-01-08 18:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Desktop\tdsskiller.exe

2014-01-08 18:22 - 2014-01-08 18:22 - 00688992 _____ (Swearware) C:\Users\Admin\Desktop\dds.exe

2014-01-08 18:22 - 2014-01-08 18:22 - 00050477 _____ C:\Users\Admin\Desktop\Defogger.exe

2014-01-08 17:26 - 2014-01-08 17:26 - 00000000 ____D C:\Program Files\EPSViewer

2014-01-08 17:23 - 2014-01-08 17:24 - 07097337 _____ C:\Users\Admin\Downloads\Typenschild.eps

2014-01-07 21:15 - 2014-01-07 21:15 - 08886413 _____ C:\Users\Admin\Downloads\philz_touch_6.08.9-jfltexx.zip

2014-01-06 19:31 - 2014-01-06 19:31 - 01376581 _____ C:\Users\Admin\Downloads\GravityBox_2.7.6.apk

2014-01-06 19:18 - 2014-01-06 19:18 - 04457988 _____ C:\Users\Admin\Downloads\NottachXposed_v12.apk

2014-01-06 19:04 - 2014-01-06 19:04 - 00543253 _____ C:\Users\Admin\Downloads\de.robv.android.xposed.installer_v25_36cbbc.apk

2014-01-06 16:08 - 2014-01-06 16:08 - 00707836 _____ C:\Users\Admin\Downloads\threeminitsettings.apk

2014-01-06 16:07 - 2014-01-06 16:08 - 51693444 _____ C:\Users\Admin\Downloads\3Minit_Framework_0.4_ML6_MD5_97752B504F0184FC14333E97CA9F8B73.zip

2014-01-06 00:37 - 2014-01-06 16:35 - 579811384 _____ C:\Users\Admin\Downloads\Echoe_Rom_V12_ULTRA_SLIM_by_adl_&_Spevil.zip

2014-01-05 22:33 - 2014-01-05 22:33 - 31776279 _____ C:\Users\Admin\Downloads\BatteryIconCreator_V32.0.zip

2014-01-05 16:25 - 2014-01-05 16:25 - 00135136 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-05 12:18 - 2014-01-05 12:16 - 04790259 ____N C:\Users\Admin\Downloads\systemuiupdate.zip

2014-01-05 12:16 - 2014-01-05 21:22 - 34695113 _____ C:\Users\Admin\Downloads\oggupdate.zip

2014-01-05 11:42 - 2014-01-05 11:41 - 38616581 ____N C:\Users\Admin\Downloads\ogbattupdate.zip

2014-01-03 09:30 - 2014-01-03 09:34 - 04586659 _____ C:\Users\Admin\Downloads\SystemUI.apk

2014-01-02 22:34 - 2014-01-02 22:35 - 00001385 _____ C:\Windows\IE10_main.log

2014-01-02 22:33 - 2014-01-02 22:33 - 30091776 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\IE10-Windows6.1-x86-de-de.exe

2014-01-02 22:03 - 2014-01-02 23:15 - 1557379932 _____ C:\Users\Admin\Downloads\Duxter_Rom_v22.zip

2014-01-02 19:04 - 2014-01-02 19:06 - 25381969 _____ C:\Users\Admin\Downloads\Hot Fudge Theme by HS™ V1.0.zip

2014-01-02 17:20 - 2014-01-08 18:48 - 00004841 _____ C:\Windows\setupact.log

2014-01-02 17:20 - 2014-01-02 17:20 - 03871784 _____ C:\Windows\system32\FNTCACHE.DAT

2014-01-02 17:20 - 2014-01-02 17:20 - 00000000 _____ C:\Windows\setuperr.log

2014-01-02 06:45 - 2014-01-02 06:45 - 00000000 ____D C:\Users\Admin\Documents\WEKA

2013-12-31 16:42 - 2013-12-31 16:40 - 09310082 _____ C:\Users\Admin\Downloads\OGBatteryMod.apk

2013-12-31 16:37 - 2013-12-31 16:35 - 02435595 ____N C:\Users\Admin\Downloads\v12-Stock_SystemUI_OGBatteryMod_ML6.zip

2013-12-31 15:29 - 2013-12-19 22:14 - 11739433 _____ C:\Users\Admin\Downloads\SPlanner.apk

2013-12-31 10:05 - 2014-01-02 19:57 - 1058079272 _____ C:\Users\Admin\Downloads\S4_Echoe_v12_30DEC2013.zip

2013-12-30 14:12 - 2013-12-30 19:05 - 2073729101 _____ C:\Users\Admin\Downloads\PhoeniX.ROM.V7.0.XXUEML1.I9505.by.tamirda.zip

2013-12-29 15:04 - 2013-12-29 15:05 - 00000000 ____D C:\Users\Admin\Downloads\prime 95

2013-12-29 15:03 - 2013-12-29 15:03 - 04277073 _____ C:\Users\Admin\Downloads\p95v279.win32.zip

2013-12-28 14:39 - 2013-12-28 14:42 - 05348016 _____ C:\Users\Admin\Downloads\VP700M1N2N_18827ad160da44c59eefefb4ce72cc0d.zip

2013-12-26 09:56 - 2013-12-26 10:24 - 596713502 _____ C:\Users\Admin\Downloads\Echoe_Rom_V11_ULTRA_SLIM_by_adl_&_Spevil.zip

2013-12-26 00:35 - 2013-12-26 00:35 - 00001978 _____ C:\Users\Admin\Desktop\Tiny Hexer.lnk

2013-12-26 00:35 - 2013-12-26 00:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\mirkes.de

2013-12-26 00:35 - 2013-12-26 00:35 - 00000000 ____D C:\Program Files\mirkes.de

2013-12-26 00:09 - 2013-12-26 00:09 - 00007655 _____ C:\Users\Admin\AppData\Local\Resmon.ResmonCfg

2013-12-22 20:57 - 2013-12-22 21:03 - 00000000 ____D C:\Users\Admin\Downloads\apk_tool

2013-12-22 20:57 - 2013-12-22 21:01 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Android

2013-12-21 22:33 - 2013-12-21 22:48 - 524370513 _____ C:\Users\Admin\Downloads\Echoe_KitKat_v2.1_18DEC2013.zip

2013-12-19 16:59 - 2013-12-19 16:59 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-12-18 19:15 - 2013-12-18 19:15 - 03226940 _____ C:\Users\Admin\Downloads\178.zip

2013-12-18 19:14 - 2013-12-18 19:14 - 03070641 _____ C:\Users\Admin\Downloads\176.zip

2013-12-17 11:30 - 2013-12-17 11:30 - 00609095 _____ C:\Users\Admin\Downloads\echoekitchen.zip

2013-12-16 19:07 - 2014-01-06 19:10 - 00001220 _____ C:\Users\Admin\Downloads\Xposed-Disabler-Recovery.zip

2013-12-16 15:26 - 2013-12-16 15:27 - 52370762 _____ C:\Users\Admin\Downloads\Echoe Settings and Kitchen v9.zip

2013-12-15 18:32 - 2013-12-15 18:33 - 52386816 _____ C:\Users\Admin\Downloads\modem.bin

2013-12-14 22:41 - 2013-12-14 22:56 - 479621178 _____ C:\Users\Admin\Downloads\Echoe_KitKat_v1.2_10Dec2013.zip

2013-12-14 14:42 - 2013-12-16 12:59 - 00000000 ____D C:\Users\Admin\Downloads\wallpaper

2013-12-13 20:21 - 2013-12-13 20:21 - 00966872 _____ C:\Users\Admin\Downloads\DE-SAMSUNGNIZER_SCRIPT_V4.1.zip

2013-12-12 21:18 - 2013-12-14 15:18 - 00012755 _____ C:\Users\Admin\Downloads\lens_flare_lock.ogg

2013-12-12 21:18 - 2013-09-02 08:43 - 00013878 _____ C:\Users\Admin\Downloads\lens_flare_lock1.ogg

2013-12-12 20:44 - 2013-12-12 20:44 - 00000000 ____D C:\ProgramData\Qualcomm

2013-12-12 16:41 - 2013-12-16 13:27 - 702820351 _____ C:\Users\Admin\Downloads\Echoe_SLIM_v9_26Nov2013.zip

2013-12-12 16:29 - 2013-12-12 16:34 - 15365072 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\Admin\Downloads\USB_Drivers_1.5.27.0.exe

2013-12-12 12:05 - 2013-12-12 12:05 - 01828801 _____ C:\Users\Admin\Downloads\PAS30.zip

2013-12-12 12:03 - 2013-12-12 12:03 - 01823613 _____ C:\Users\Admin\Downloads\PAS29.zip

2013-12-11 23:32 - 2013-12-11 23:33 - 08714305 _____ C:\Users\Admin\Downloads\philz_touch_6.03.4-jfltexx.tar.md5

2013-12-11 22:50 - 2013-12-11 22:50 - 01160801 _____ C:\Users\Admin\Downloads\UPDATE-SuperSU-v1.80.zip

2013-12-11 22:47 - 2013-12-11 22:47 - 00464072 _____ C:\Users\Admin\Downloads\Odin3.07.zip

2013-12-11 20:39 - 2013-12-11 20:39 - 00000000 ____D C:\Program Files\Qualcomm

2013-12-11 20:37 - 2014-01-02 23:08 - 00000000 ____D C:\Users\Admin\Downloads\efs.back

2013-12-11 13:22 - 2013-12-22 10:41 - 00000000 ____D C:\Users\Admin\Downloads\cfautoroot

2013-12-11 12:57 - 2013-12-11 13:26 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-12-11 06:55 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2013-12-11 06:55 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2013-12-11 06:52 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-12-11 06:52 - 2013-10-25 05:45 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-12-11 06:52 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-12-11 06:52 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-12-11 06:52 - 2013-10-25 04:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-12-11 06:52 - 2013-10-25 03:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-12-11 06:43 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2013-12-11 06:43 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-12-11 06:43 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll

2013-12-11 06:43 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-12-11 06:43 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

2013-12-11 06:43 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2013-12-11 06:43 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2013-12-11 06:43 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe

2013-12-11 06:43 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2013-12-11 06:43 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2013-12-11 06:43 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
 

==================== One Month Modified Files and Folders =======
 

2014-01-08 19:00 - 2014-01-08 19:00 - 00015606 _____ C:\Users\Admin\Desktop\FRST.txt

2014-01-08 19:00 - 2014-01-08 19:00 - 00000000 ____D C:\FRST

2014-01-08 18:59 - 2014-01-08 18:59 - 01065719 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe

2014-01-08 18:57 - 2014-01-08 18:57 - 00000472 _____ C:\Users\Admin\Desktop\defogger_disable.log

2014-01-08 18:57 - 2014-01-08 18:57 - 00000000 _____ C:\Users\Admin\defogger_reenable

2014-01-08 18:57 - 2011-06-16 12:04 - 00000000 ____D C:\Users\Admin

2014-01-08 18:55 - 2009-07-14 05:34 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-08 18:55 - 2009-07-14 05:34 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-08 18:52 - 2011-06-16 18:01 - 01156369 _____ C:\Windows\WindowsUpdate.log

2014-01-08 18:48 - 2014-01-02 17:20 - 00004841 _____ C:\Windows\setupact.log

2014-01-08 18:48 - 2011-06-30 11:34 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-08 18:48 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-08 18:47 - 2014-01-08 18:47 - 00000324 _____ C:\Windows\PFRO.log

2014-01-08 18:47 - 2011-06-16 13:45 - 00000000 ____D C:\ProgramData\NVIDIA

2014-01-08 18:35 - 2014-01-08 18:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes

2014-01-08 18:34 - 2014-01-08 18:34 - 00001070 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2014-01-08 18:31 - 2014-01-08 18:31 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Admin\Desktop\mbam-setup-1.75.0.1300.exe

2014-01-08 18:23 - 2014-01-08 18:23 - 04745728 _____ (AVAST Software) C:\Users\Admin\Desktop\aswMBR.exe

2014-01-08 18:23 - 2014-01-08 18:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Desktop\tdsskiller.exe

2014-01-08 18:22 - 2014-01-08 18:22 - 00688992 _____ (Swearware) C:\Users\Admin\Desktop\dds.exe

2014-01-08 18:22 - 2014-01-08 18:22 - 00050477 _____ C:\Users\Admin\Desktop\Defogger.exe

2014-01-08 18:06 - 2011-06-30 11:34 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-08 17:26 - 2014-01-08 17:26 - 00000000 ____D C:\Program Files\EPSViewer

2014-01-08 17:24 - 2014-01-08 17:23 - 07097337 _____ C:\Users\Admin\Downloads\Typenschild.eps

2014-01-07 21:15 - 2014-01-07 21:15 - 08886413 _____ C:\Users\Admin\Downloads\philz_touch_6.08.9-jfltexx.zip

2014-01-06 19:31 - 2014-01-06 19:31 - 01376581 _____ C:\Users\Admin\Downloads\GravityBox_2.7.6.apk

2014-01-06 19:18 - 2014-01-06 19:18 - 04457988 _____ C:\Users\Admin\Downloads\NottachXposed_v12.apk

2014-01-06 19:10 - 2013-12-16 19:07 - 00001220 _____ C:\Users\Admin\Downloads\Xposed-Disabler-Recovery.zip

2014-01-06 19:04 - 2014-01-06 19:04 - 00543253 _____ C:\Users\Admin\Downloads\de.robv.android.xposed.installer_v25_36cbbc.apk

2014-01-06 16:35 - 2014-01-06 00:37 - 579811384 _____ C:\Users\Admin\Downloads\Echoe_Rom_V12_ULTRA_SLIM_by_adl_&_Spevil.zip

2014-01-06 16:08 - 2014-01-06 16:08 - 00707836 _____ C:\Users\Admin\Downloads\threeminitsettings.apk

2014-01-06 16:08 - 2014-01-06 16:07 - 51693444 _____ C:\Users\Admin\Downloads\3Minit_Framework_0.4_ML6_MD5_97752B504F0184FC14333E97CA9F8B73.zip

2014-01-05 22:34 - 2012-10-05 07:30 - 00000000 ____D C:\Users\Admin\Downloads\BatteryIconCreator

2014-01-05 22:33 - 2014-01-05 22:33 - 31776279 _____ C:\Users\Admin\Downloads\BatteryIconCreator_V32.0.zip

2014-01-05 21:22 - 2014-01-05 12:16 - 34695113 _____ C:\Users\Admin\Downloads\oggupdate.zip

2014-01-05 18:01 - 2011-06-16 13:18 - 00010240 _____ C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-01-05 17:59 - 2011-06-16 12:08 - 01658180 _____ C:\Windows\system32\PerfStringBackup.INI

2014-01-05 16:25 - 2014-01-05 16:25 - 00135136 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-05 12:16 - 2014-01-05 12:18 - 04790259 ____N C:\Users\Admin\Downloads\systemuiupdate.zip

2014-01-05 11:41 - 2014-01-05 11:42 - 38616581 ____N C:\Users\Admin\Downloads\ogbattupdate.zip

2014-01-03 09:34 - 2014-01-03 09:30 - 04586659 _____ C:\Users\Admin\Downloads\SystemUI.apk

2014-01-03 00:22 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache

2014-01-02 23:37 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF

2014-01-02 23:15 - 2014-01-02 22:03 - 1557379932 _____ C:\Users\Admin\Downloads\Duxter_Rom_v22.zip

2014-01-02 23:08 - 2013-12-11 20:37 - 00000000 ____D C:\Users\Admin\Downloads\efs.back

2014-01-02 22:53 - 2011-06-16 18:58 - 00000000 ____D C:\Windows\Panther

2014-01-02 22:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE

2014-01-02 22:35 - 2014-01-02 22:34 - 00001385 _____ C:\Windows\IE10_main.log

2014-01-02 22:33 - 2014-01-02 22:33 - 30091776 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\IE10-Windows6.1-x86-de-de.exe

2014-01-02 19:57 - 2013-12-31 10:05 - 1058079272 _____ C:\Users\Admin\Downloads\S4_Echoe_v12_30DEC2013.zip

2014-01-02 19:06 - 2014-01-02 19:04 - 25381969 _____ C:\Users\Admin\Downloads\Hot Fudge Theme by HS™ V1.0.zip

2014-01-02 17:20 - 2014-01-02 17:20 - 03871784 _____ C:\Windows\system32\FNTCACHE.DAT

2014-01-02 17:20 - 2014-01-02 17:20 - 00000000 _____ C:\Windows\setuperr.log

2014-01-02 15:43 - 2012-10-01 04:59 - 00000000 ____D C:\Windows\Minidump

2014-01-02 15:43 - 2011-07-02 10:32 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps

2014-01-02 06:45 - 2014-01-02 06:45 - 00000000 ____D C:\Users\Admin\Documents\WEKA

2014-01-01 23:06 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public

2014-01-01 19:50 - 2011-09-03 09:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc

2014-01-01 10:10 - 2011-06-28 08:51 - 00458752 ___SH C:\Users\Admin\Documents\Thumbs.db

2014-01-01 07:05 - 2009-07-14 05:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2014-01-01 01:49 - 2013-10-22 00:09 - 00000000 ____D C:\Users\Admin\Desktop\van

2013-12-31 16:40 - 2013-12-31 16:42 - 09310082 _____ C:\Users\Admin\Downloads\OGBatteryMod.apk

2013-12-31 16:35 - 2013-12-31 16:37 - 02435595 ____N C:\Users\Admin\Downloads\v12-Stock_SystemUI_OGBatteryMod_ML6.zip

2013-12-31 06:35 - 2012-11-22 08:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-12-30 23:33 - 2012-04-30 06:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-12-30 23:33 - 2011-10-13 07:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-12-30 23:33 - 2011-06-16 12:55 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe

2013-12-30 19:05 - 2013-12-30 14:12 - 2073729101 _____ C:\Users\Admin\Downloads\PhoeniX.ROM.V7.0.XXUEML1.I9505.by.tamirda.zip

2013-12-29 15:05 - 2013-12-29 15:04 - 00000000 ____D C:\Users\Admin\Downloads\prime 95

2013-12-29 15:03 - 2013-12-29 15:03 - 04277073 _____ C:\Users\Admin\Downloads\p95v279.win32.zip

2013-12-28 14:42 - 2013-12-28 14:39 - 05348016 _____ C:\Users\Admin\Downloads\VP700M1N2N_18827ad160da44c59eefefb4ce72cc0d.zip

2013-12-26 10:24 - 2013-12-26 09:56 - 596713502 _____ C:\Users\Admin\Downloads\Echoe_Rom_V11_ULTRA_SLIM_by_adl_&_Spevil.zip

2013-12-26 01:17 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\MSBuild

2013-12-26 00:35 - 2013-12-26 00:35 - 00001978 _____ C:\Users\Admin\Desktop\Tiny Hexer.lnk

2013-12-26 00:35 - 2013-12-26 00:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\mirkes.de

2013-12-26 00:35 - 2013-12-26 00:35 - 00000000 ____D C:\Program Files\mirkes.de

2013-12-26 00:09 - 2013-12-26 00:09 - 00007655 _____ C:\Users\Admin\AppData\Local\Resmon.ResmonCfg

2013-12-24 17:56 - 2013-10-30 09:06 - 00000000 ____D C:\Users\UpdatusUser.MONSTERDIDI

2013-12-24 17:56 - 2012-04-28 07:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-12-22 21:03 - 2013-12-22 20:57 - 00000000 ____D C:\Users\Admin\Downloads\apk_tool

2013-12-22 21:01 - 2013-12-22 20:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Android

2013-12-22 10:41 - 2013-12-11 13:22 - 00000000 ____D C:\Users\Admin\Downloads\cfautoroot

2013-12-21 22:48 - 2013-12-21 22:33 - 524370513 _____ C:\Users\Admin\Downloads\Echoe_KitKat_v2.1_18DEC2013.zip

2013-12-19 22:14 - 2013-12-31 15:29 - 11739433 _____ C:\Users\Admin\Downloads\SPlanner.apk

2013-12-19 16:59 - 2013-12-19 16:59 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-12-18 19:15 - 2013-12-18 19:15 - 03226940 _____ C:\Users\Admin\Downloads\178.zip

2013-12-18 19:14 - 2013-12-18 19:14 - 03070641 _____ C:\Users\Admin\Downloads\176.zip

2013-12-17 11:30 - 2013-12-17 11:30 - 00609095 _____ C:\Users\Admin\Downloads\echoekitchen.zip

2013-12-16 18:08 - 2011-06-16 13:16 - 00000000 ____D C:\Program Files\Google

2013-12-16 15:27 - 2013-12-16 15:26 - 52370762 _____ C:\Users\Admin\Downloads\Echoe Settings and Kitchen v9.zip

2013-12-16 13:27 - 2013-12-12 16:41 - 702820351 _____ C:\Users\Admin\Downloads\Echoe_SLIM_v9_26Nov2013.zip

2013-12-16 13:00 - 2012-06-20 05:38 - 00000000 ____D C:\Users\Admin\Downloads\babe

2013-12-16 12:59 - 2013-12-14 14:42 - 00000000 ____D C:\Users\Admin\Downloads\wallpaper

2013-12-15 18:33 - 2013-12-15 18:32 - 52386816 _____ C:\Users\Admin\Downloads\modem.bin

2013-12-14 22:56 - 2013-12-14 22:41 - 479621178 _____ C:\Users\Admin\Downloads\Echoe_KitKat_v1.2_10Dec2013.zip

2013-12-14 15:18 - 2013-12-12 21:18 - 00012755 _____ C:\Users\Admin\Downloads\lens_flare_lock.ogg

2013-12-13 20:21 - 2013-12-13 20:21 - 00966872 _____ C:\Users\Admin\Downloads\DE-SAMSUNGNIZER_SCRIPT_V4.1.zip

2013-12-12 20:44 - 2013-12-12 20:44 - 00000000 ____D C:\ProgramData\Qualcomm

2013-12-12 16:34 - 2013-12-12 16:29 - 15365072 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\Admin\Downloads\USB_Drivers_1.5.27.0.exe

2013-12-12 12:05 - 2013-12-12 12:05 - 01828801 _____ C:\Users\Admin\Downloads\PAS30.zip

2013-12-12 12:03 - 2013-12-12 12:03 - 01823613 _____ C:\Users\Admin\Downloads\PAS29.zip

2013-12-12 01:00 - 2011-06-16 13:16 - 00000000 ____D C:\Users\Admin\AppData\Local\Google

2013-12-11 23:33 - 2013-12-11 23:32 - 08714305 _____ C:\Users\Admin\Downloads\philz_touch_6.03.4-jfltexx.tar.md5

2013-12-11 22:50 - 2013-12-11 22:50 - 01160801 _____ C:\Users\Admin\Downloads\UPDATE-SuperSU-v1.80.zip

2013-12-11 22:47 - 2013-12-11 22:47 - 00464072 _____ C:\Users\Admin\Downloads\Odin3.07.zip

2013-12-11 20:39 - 2013-12-11 20:39 - 00000000 ____D C:\Program Files\Qualcomm

2013-12-11 13:26 - 2013-12-11 12:57 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-12-11 09:37 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-12-11 08:49 - 2011-06-17 13:09 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-12-11 06:55 - 2013-07-29 15:42 - 00000000 ____D C:\Windows\system32\MRT

2013-12-11 06:55 - 2011-06-16 13:39 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-12-30 09:25
 

==================== End Of Log ============================

Addition

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-01-2014

Ran by Admin at 2014-01-08 19:01:01

Running from C:\Users\Admin\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Norton AntiVirus (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Norton AntiVirus (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
 

==================== Installed Programs ======================
 

 Update for Microsoft Office 2007 (KB2508958) (Version:  - Microsoft)

7-Zip 9.20 (Version:  - )

AC3Filter 1.62b (Version: 1.62b - Alexander Vigovsky)

Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (Version: 11.8.800.94 - Adobe Systems Incorporated)

Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated)

Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden

Adobe Photoshop Album 2.0 Starter Edition (Version: 2.00.100 - Adobe Systems, Inc.)

Adobe Photoshop CS6 (Version: 13.0 - Adobe Systems Incorporated)

Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (Version: 11.6.3.633 - Adobe Systems, Inc.)

AI Suite II (Version: 1.01.14 - ASUSTeK)

Allgemeine Runtime Files (x86) (Version: 1.0.3.0 - Sereby Corporation)

Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.6.3.0 - Asmedia Technology)

Bejeweled 3 (Version:  - PopCap Games)

Bejeweled Twist (Version:  - PopCap Games)

BG BAU Aus Unfällen lernen 2012 (Version: 1.2.3.1. - Jedermann-Verlag)

BG BAU Info-CD 2011 (Version:  - )

BG BAU Regelwerke 2012 (Version: 20120601 - Jedermann-Verlag GmbH)

BG BAU Startbildschirm (Version: 20120601 - Jedermann-Verlag GmbH)

BG-Bau-Wegweiser-12 (Version: 12.0.8.22 - Jedermann-Verlag)

Big Fish Games: Game Manager (Version: 3.0.1.60 - )

Browser Configuration Utility (Version: 1.0.12.1 - DeviceVM, Inc.)

calibre (Version: 1.10.0 - Kovid Goyal)

CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden

CCleaner (Version: 4.04 - Piriform)

Citrix XenApp Web Plugin (Version: 11.0.0.5357 - Citrix Systems, Inc.)

DirectX 9.0c Extra Files (x86) (Version: 1.10.06.0 - Sereby Corporation)

DirectX for Managed Code (Version: 1.0.0.0 - Sereby Corporation)

DivX-Setup (Version: 2.5.0.11 - DivX, LLC)

Easy XML Editor 1.6.6 (Version:  - hxxp://www.easy-xml-editor.de)

EPS Viewer (Version:  - IdeaMK)

erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden

Exact Audio Copy 1.0beta3 (Version: 1.0beta3 - Andre Wiethoff)

FreePDF (Remove only) (Version:  - )

FRITZ!Box-Fernzugang einrichten (Version: 1.0.3 - AVM Berlin)

GB Hoch- und Tiefbau-Gewerke (Version:  - )

GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden

Google Drive (Version: 1.13.5782.599 - Google, Inc.)

Google Earth Plug-in (Version: 7.1.2.2041 - Google)

Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden

GPL Ghostscript (Version: 9.02 - Artifex Software Inc.)

Greenfish Icon Editor Pro 3.25 (Version:  - Greenfish Corporation)

HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Officejet 6500 E710a-f Hilfe (Version: 140.0.2.2 - Hewlett Packard)

HP Product Detection (Version: 11.14.0004 - HP)

I.R.I.S. OCR (Version: 12.3.4.0 - HP)

Intel(R) Management Engine Components (Version: 7.0.0.1144 - Intel Corporation)

IrfanView (remove only) (Version: 4.27 - Irfan Skiljan)

IsoBuster 2.8.5 (Version: 2.8.5 - Smart Projects)

Java Auto Updater (Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden

Java(TM) 7 Update 3 (Version: 7.0.30 - Oracle)

Java(TM) SE Development Kit 7 Update 1 (Version: 1.7.0.10 - Oracle)

JavaFX 2.0.3 (Version: 2.0.3 - Oracle Corporation)

Jedermann-Verlag Symbolbibliothek (Version: 6.0 - )

Lexware Info Service (Version: 4.00.00.0075 - Haufe-Lexware GmbH & Co.KG)

Logitech Vid HD (Version: 7.2 (7259) - Logitech Inc..)

Logitech Webcam-Software (Version: 2.51 - Logitech Inc.)

LWS Facebook (Version: 13.50.854.0 - Logitech) Hidden

LWS Gallery (Version: 13.51.827.0 - Logitech) Hidden

LWS Help_main (Version: 13.51.828.0 - Logitech) Hidden

LWS Launcher (Version: 13.51.828.0 - Logitech) Hidden

LWS Motion Detection (Version: 13.51.815.0 - Logitech) Hidden

LWS Pictures And Video (Version: 13.51.815.0 - Logitech) Hidden

LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden

LWS Webcam Software (Version: 13.51.815.0 - Logitech) Hidden

LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden

LWS YouTube Plugin (Version: 13.31.1038.0 - Logitech) Hidden

Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322 - Microsoft)

Microsoft .NET Framework 1.1 Security Update (KB979906) (Version:  - )

Microsoft .NET Framework 1.1 SP1 + KB928366 (Version:  - )

Microsoft .NET Framework 1.1 SP1 + KB928366 (Version: 1.1.4322 - Microsoft) Hidden

Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual J# 2.0 Redistributable Package (Version:  - Microsoft Corporation)

Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727 - Microsoft Corporation) Hidden

Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden

mirkes.de Tiny Hexer (Version: 1.8 - markus stephany)

MozBackup 1.4.10 (Version:  - Pavel Cvrcek)

Mozilla Firefox 25.0.1 (x86 de) (Version: 25.0.1 - Mozilla)

Mozilla Maintenance Service (Version: 25.0.1 - Mozilla)

Mozilla Thunderbird 24.2.0 (x86 de) (Version: 24.2.0 - Mozilla)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)

MyTomTom 3.2.0.700 (Version: 3.2.0.700 - TomTom)

Nero 7 Ultra Edition (Version: 7.02.2620 - Nero AG)

NewsLeecher v4.0 Final (Version:  - )

Norton AntiVirus (Version: 20.4.0.40 - Symantec Corporation)

Notepad++ (Version: 5.9.4 - )

NVIDIA 3D Vision Controller Driver (Version: 275.33 - NVIDIA Corporation) Hidden

NVIDIA 3D Vision Controller-Treiber 331.65 (Version: 331.65 - NVIDIA Corporation)

NVIDIA 3D Vision Treiber 331.65 (Version: 331.65 - NVIDIA Corporation)

NVIDIA Display Control Panel (Version: 6.14.11.9745 - NVIDIA Corporation)

NVIDIA GeForce Experience 1.7 (Version: 1.7 - NVIDIA Corporation)

NVIDIA Grafiktreiber 331.65 (Version: 331.65 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden

NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation) Hidden

NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)

NVIDIA ShadowPlay 9.3.16 (Version: 9.3.16 - NVIDIA Corporation) Hidden

NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3165 - NVIDIA Corporation) Hidden

NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden

NVIDIA Update 9.3.16 (Version: 9.3.16 - NVIDIA Corporation) Hidden

NVIDIA Update Components (Version: 9.3.16 - NVIDIA Corporation) Hidden

NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9 - NVIDIA Corporation)

Octoshape add-in for Adobe Flash Player (Version:  - )

Paint.NET v3.5.5 (Version: 3.55.0 - dotPDN LLC)

PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden

Planet Horse (Version:  - )

QPST 2.7 (Version: 2.7.378 - Qualcomm)

QuickSteuer 2012 (Version: 18.06.00.0009 - Haufe-Lexware GmbH & Co.KG)

QuickSteuer 2013 (Version: 19.04.00.0009 - Haufe-Lexware GmbH & Co.KG)

QuickSteuer 2014 (Version: 20.00.00.0035 - Haufe-Lexware GmbH & Co.KG)

Real Alternative 2.0.2 (Version: 2.0.2 - )

Realtek Ethernet Controller Driver (Version: 7.69.304.2013 - Realtek)

RedMon - Redirection Port Monitor (Version:  - )

Samsung Kies (Version: 2.1.0.11095_121 - Samsung Electronics Co., Ltd.)

Samsung Kies (Version: 2.1.0.11095_121 - Samsung Electronics Co., Ltd.) Hidden

Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)

Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)

SHIELD Streaming (Version: 1.6.34 - NVIDIA Corporation) Hidden

swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

System Requirements Lab (Version:  - )

Total Commander (Remove or Repair) (Version: 7.50a - Ghisler Software GmbH)

Trinklit Supreme (Version:  - )

Ubuntu (Version: 12.10-rev273 - Ubuntu)

Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)

Update für Microsoft Office Outlook 2007 Help (KB963677) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)

VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden

Visual C++ 2008 x86 Runtime - (v9.0.30729.5026) (Version: 9.0.30729.5026 - Microsoft Corporation) Hidden

Visual C++ 2008 x86 Runtime - v9.0.30729.5026 (Version: 9.0.30729.5026 - Microsoft Corporation)

Visual Studio C++ 10.0 Runtime (Version: 10.0.0 - TomTom International B.V.)

VLC media player 1.1.11 (Version: 1.1.11 - VideoLAN)

WEKA Kommentierte Betriebsvereinbarungen Oktober 2011 (Version: Oktober 2011 - WEKA)

WinRAR 4.00 (32-Bit) (Version: 4.00.0 - win.rar GmbH)

XAMPP 1.7.7 (Version:  - )

xrecode II 1.0.0.140 (Version:  - )
 

==================== Restore Points  =========================
 

29-12-2013 16:21:56 Geplanter Prüfpunkt

01-01-2014 18:00:39 Windows-Sicherung

02-01-2014 21:46:25 Windows Modules Installer
 

==================== Hosts content: ==========================
 

2009-07-14 03:04 - 2012-06-30 15:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {26534F4C-2C60-4A1C-8379-C2C13B4BE605} - \DealPlyUpdate No Task File

Task: {36F7C6B3-26DE-4465-B741-310C86C208E9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-30] (Adobe Systems Incorporated)

Task: {4177085D-8129-4EFE-9ED6-5A8112ABCCA4} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)

Task: {448EFBA6-45D7-4918-928A-A5D2974AE4A5} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.5.0.67\SymErr.exe

Task: {4ADBC274-F1F4-40B3-B060-DF8CC0DEA341} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-30] (Google Inc.)

Task: {781748DA-F809-4A78-8E80-5766B5FFF25F} - System32\Tasks\{5CDEA5B8-9211-4ACE-9152-70A0AE66D8DC} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.120/de/abandoninstall?page=tsGoogle&amp;installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered

Task: {8731E1AB-C410-4175-B18D-98A8F94E647E} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)

Task: {8C719D6B-040A-4922-A35D-4C67D077C427} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-30] (Google Inc.)

Task: {8D52240F-D509-4523-AC49-2838669B419E} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2014.5.0.67\SymErr.exe

Task: {9D1DE175-5640-47D5-90E0-62EEDCCBB911} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {B9FEA4AB-33BC-41F5-AD30-A102CC5F67CD} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)

Task: {C7199B42-F633-4918-BD4C-86303B1D2CB2} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)

Task: {C787FDE7-D03C-4C41-8D30-2A51686F030A} - System32\Tasks\{2975EC6C-E375-4365-97F5-3F8577440DFC} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.59.129/de/abandoninstall?page=tsProgressBar

Task: {CDCC03F9-0013-441C-AFA8-4CD055A462DB} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMJJNMNMLJMJNMMMJJCNNJIMNMGMCNLMMMOJIMCNHMOJOJKMCNIMLMKJNMJMGMLMLMKMMMGMNMJNJICMIMCNGMCNOMFMGMCNOMPMCNGMNMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMKMGMJNHICMEKMICNJJCKJNBJCMOLLJCJGJBJJNKJCMJNNICMJNDJCMLJKJ"

Task: {E486DE01-113D-4509-8C5B-D226E101088D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2011-10-08 09:46 - 2011-03-02 11:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll

2011-07-18 22:04 - 2011-07-18 22:04 - 00296448 _____ () C:\Program Files\Notepad++\NppShell_04.dll

2009-07-31 20:39 - 2009-07-31 20:39 - 00503202 _____ () C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll

2012-10-26 14:25 - 2011-09-23 12:52 - 01351168 ____N () C:\Program Files\WEKA\Kommentierte Betriebsvereinbarungen\ip-engine\StdFTS\cpl25m.dll

2012-10-26 14:25 - 2011-09-23 12:52 - 00655360 ____N () C:\PROGRAM FILES\WEKA\KOMMENTIERTE BETRIEBSVEREINBARUNGEN\IP-ENGINE\STDFTS\CONFIG\PROD\RCA\SHICplUni.dll

2012-10-26 14:25 - 2011-09-23 12:52 - 00226816 ____N () C:\PROGRAM FILES\WEKA\KOMMENTIERTE BETRIEBSVEREINBARUNGEN\IP-ENGINE\STDFTS\CONFIG\PROD\LSS\lss_back.dll

2012-10-26 14:25 - 2011-09-23 12:52 - 00296960 ____N () C:\PROGRAM FILES\WEKA\KOMMENTIERTE BETRIEBSVEREINBARUNGEN\IP-ENGINE\STDFTS\CONFIG\PROD\LSS\lss_unic.dll

2012-10-26 14:26 - 2011-09-23 12:52 - 00045056 ____N () C:\Program Files\WEKA\Kommentierte Betriebsvereinbarungen\webapp\standard\dll\SHINativeUtil.dll

2011-06-16 15:38 - 2009-05-21 03:14 - 00053248 ____N () C:\Program Files\ASUS\AI Suite II\TurboV EVO\HookKey32.dll

2011-06-16 15:38 - 2009-05-21 09:14 - 00253952 _____ () C:\Program Files\ASUS\AI Suite II\TurboV EVO\pngio.dll

2011-06-16 15:36 - 2010-08-23 03:17 - 00662016 ____R () C:\Program Files\ASUS\AAHM\1.00.13\aaHMLib.dll

2011-06-16 15:37 - 2010-12-02 16:28 - 00143360 _____ () C:\Program Files\ASUS\AI Suite II\AssistFunc.dll

2011-06-16 15:37 - 2010-06-21 14:21 - 00208896 _____ () C:\Program Files\ASUS\AI Suite II\ImageHelper.dll

2011-06-16 15:37 - 2009-08-12 19:15 - 00253952 _____ () C:\Program Files\ASUS\AI Suite II\pngio.dll

2011-06-16 15:37 - 2010-11-19 09:53 - 00963584 _____ () C:\Program Files\ASUS\AI Suite II\BarGadget\BarGadget.dll

2011-06-16 15:38 - 2011-01-06 09:38 - 01027072 _____ () C:\Program Files\ASUS\AI Suite II\Probe_II\ProbeII.dll

2011-06-16 15:37 - 2010-09-27 19:51 - 00881664 _____ () C:\Program Files\ASUS\AI Suite II\Sensor\Sensor.dll

2011-06-16 15:37 - 2010-09-27 19:51 - 01607168 _____ () C:\Program Files\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll

2011-06-16 15:37 - 2010-11-19 09:55 - 01246208 _____ () C:\Program Files\ASUS\AI Suite II\Settings\Settings.dll

2011-06-16 15:37 - 2010-08-06 17:11 - 00850944 _____ () C:\Program Files\ASUS\AI Suite II\Splitter\Splitter.dll

2011-06-16 15:37 - 2010-08-06 17:13 - 00886272 _____ () C:\Program Files\ASUS\AI Suite II\TabGadget\TabGadget.dll

2011-06-16 15:37 - 2010-06-21 14:21 - 00208896 _____ () C:\Program Files\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\ProgramData\Temp:09CD1DC6

AlternateDataStreams: C:\ProgramData\Temp:0C9CD455

AlternateDataStreams: C:\ProgramData\Temp:16A4620C

AlternateDataStreams: C:\ProgramData\Temp:193CB03B

AlternateDataStreams: C:\ProgramData\Temp:1F7A10DD

AlternateDataStreams: C:\ProgramData\Temp:2AE74FF9

AlternateDataStreams: C:\ProgramData\Temp:30E0D641

AlternateDataStreams: C:\ProgramData\Temp:4D551822

AlternateDataStreams: C:\ProgramData\Temp:51E83E25

AlternateDataStreams: C:\ProgramData\Temp:56C66609

AlternateDataStreams: C:\ProgramData\Temp:5BC73C48

AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2

AlternateDataStreams: C:\ProgramData\Temp:603FD11D

AlternateDataStreams: C:\ProgramData\Temp:6DA3BBF2

AlternateDataStreams: C:\ProgramData\Temp:71AEFFEB

AlternateDataStreams: C:\ProgramData\Temp:7ADB695A

AlternateDataStreams: C:\ProgramData\Temp:880F0FEF

AlternateDataStreams: C:\ProgramData\Temp:88AA70D1

AlternateDataStreams: C:\ProgramData\Temp:8FF81EB0

AlternateDataStreams: C:\ProgramData\Temp:90108DD7

AlternateDataStreams: C:\ProgramData\Temp:9C8D5426

AlternateDataStreams: C:\ProgramData\Temp:A3E39C6A

AlternateDataStreams: C:\ProgramData\Temp:A4241298

AlternateDataStreams: C:\ProgramData\Temp:B285A50E

AlternateDataStreams: C:\ProgramData\Temp:BD34FFC5

AlternateDataStreams: C:\ProgramData\Temp:D6D084A5

AlternateDataStreams: C:\ProgramData\Temp:D987CB43

AlternateDataStreams: C:\ProgramData\Temp:DA5888A7

AlternateDataStreams: C:\ProgramData\Temp:E07EA07E

AlternateDataStreams: C:\ProgramData\Temp:E222F217

AlternateDataStreams: C:\ProgramData\Temp:E8C44CB4

AlternateDataStreams: C:\ProgramData\Temp:E9495818

AlternateDataStreams: C:\ProgramData\Temp:F1175E1D

AlternateDataStreams: C:\ProgramData\Temp:F33C37D5

AlternateDataStreams: C:\ProgramData\Temp:F9EDCFB0

AlternateDataStreams: C:\ProgramData\Temp:FBE5FDB9

AlternateDataStreams: C:\ProgramData\Temp:FFEAC7E5
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (01/08/2014 08:17:11 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.

Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 

Error: (01/08/2014 08:11:59 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (01/08/2014 06:57:55 AM) (Source: Application Hang) (User: )

Description: Programm iexplore.exe, Version 10.0.9200.16750 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 1498
 

Startzeit: 01cf0c367a530203
 

Endzeit: 32
 

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe
 

Berichts-ID:
 

Error: (01/06/2014 01:55:42 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.

Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 

Error: (01/06/2014 01:53:33 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (01/04/2014 07:04:24 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.

Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 

Error: (01/04/2014 07:02:40 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (01/03/2014 00:51:10 PM) (Source: Application Hang) (User: )

Description: Programm iexplore.exe, Version 10.0.9200.16750 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 3594
 

Startzeit: 01cf0876a8adf6dc
 

Endzeit: 80
 

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe
 

Berichts-ID:
 

Error: (01/03/2014 00:32:47 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.

Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 

Error: (01/03/2014 00:30:53 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
 

System errors:

=============

Error: (01/08/2014 06:49:03 PM) (Source: DCOM) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
 

Error: (01/08/2014 06:14:03 PM) (Source: Schannel) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2014 05:40:25 PM) (Source: Schannel) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2014 05:40:25 PM) (Source: Schannel) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2014 05:36:06 PM) (Source: DCOM) (User: MONSTERDIDI)

Description: AnwendungsspezifischLokalAktivierung{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}MONSTERDIDIAdminS-1-5-21-1507968218-3757338369-1811197512-1000LocalHost (unter Verwendung von LRPC)
 

Error: (01/08/2014 05:36:06 PM) (Source: DCOM) (User: MONSTERDIDI)

Description: AnwendungsspezifischLokalAktivierung{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}MONSTERDIDIAdminS-1-5-21-1507968218-3757338369-1811197512-1000LocalHost (unter Verwendung von LRPC)
 

Error: (01/08/2014 05:36:05 PM) (Source: DCOM) (User: MONSTERDIDI)

Description: AnwendungsspezifischLokalAktivierung{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}MONSTERDIDIAdminS-1-5-21-1507968218-3757338369-1811197512-1000LocalHost (unter Verwendung von LRPC)
 

Error: (01/08/2014 05:24:56 PM) (Source: Schannel) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2014 05:24:56 PM) (Source: Schannel) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2014 05:24:56 PM) (Source: Schannel) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 
 

Microsoft Office Sessions:

=========================
 

==================== Memory info =========================== 
 

Percentage of memory in use: 40%

Total physical RAM: 3573.25 MB

Available physical RAM: 2139.92 MB

Total Pagefile: 7144.78 MB

Available Pagefile: 5687.99 MB

Total Virtual: 2047.88 MB

Available Virtual: 1895.5 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:195.21 GB) (Free:116.36 GB) NTFS

Drive e: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive f: () (Fixed) (Total:148.95 GB) (Free:31.69 GB) NTFS

Drive g: (Volume) (Fixed) (Total:736.2 GB) (Free:650.2 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E983747F)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=736 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: F482F482)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

GMER

Code:

GMER 2.1.19163 - hxxp://www.gmer.net

Rootkit scan 2014-01-08 19:23:35

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD105SI rev.1AJ10001 931,51GB

Running: 5xcq4ty4.exe; Driver: C:\Users\Admin\AppData\Local\Temp\fwdyifoc.sys
 
 

---- System - GMER 2.1 ----
 

SSDT   874A6718                                                                                                                ZwAlpcConnectPort

SSDT   874A6160                                                                                                                ZwLoadDriver
 

---- Kernel code sections - GMER 2.1 ----
 

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                                8367FA15 1 Byte  [06]

.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                  836B9212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text  ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                                                     836C0494 4 Bytes  [18, 67, 4A, 87]

.text  ntkrnlpa.exe!KeRemoveQueueEx + 1313                                                                                     836C06A8 4 Bytes  [60, 61, 4A, 87]
 

---- Registry - GMER 2.1 ----
 

Reg    HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{F0F78DEA-9839-11E0-A56C-806E6F6E6963}  21747449128
 

---- EOF - GMER 2.1 ----

Das ist erst mal alles was ich bieten kann.

Gruß Dieter

hi,

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo und danke für die schnelle Antwort.
Hier die Log von Combo:

Code:

ComboFix 14-01-08.03 - Admin 08.01.2014  23:00:39.2.4 - x86

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3573.2098 [GMT 1:00]

ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome.manifest

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\asyncDB.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\background.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\browserAction.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\contextMenu.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\dbManager.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\dom_bg.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\fileManager.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\firefox.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\firefoxNotifications.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\firefoxOmnibox.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\message.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\pageAction.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\request.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\tabs.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\webRequest.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\background.html

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\baseObject.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\browser.xul

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\console.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\consts.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\delegate.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\extensionDataStore.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\folderIOWrapper.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\httpObserver.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\IDBWrapper.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\installer.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\logFile.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\prefs.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\progressListenerObserver.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\registry.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\reloadObserver.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\reports.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\requestObject.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\searchSettings.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\uninstallObserver.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\updateManager.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\utils.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\xhr.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\dialog.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\main.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\options.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\options.xul

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\search_dialog.xul

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\defaults\preferences\prefs.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\manifest.xml

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins.json

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\1_base.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\102_dealply_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\103_intext_5_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\104_jollywallet_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\105_corticas_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\108_icm_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\117_coupons_intext_ads_5_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\119_similar_web_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\120_luck_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\123_intext_adv_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\125_arcadi2_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\126_revizer_ws_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\127_revizer_p_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\128_superfish_pricora_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\13_CrossriderAppUtils.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\135_arcadi3_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\138_getdeal_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\14_CrossriderUtils.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\141_corticas_ru_m.js.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\142_intext_fa_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\155_ibario_pops_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\159_cortica_rollover_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\16_FFAppAPIWrapper.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\17_jQuery.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\171_arcadi2_sourceID_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\175_coolmirage_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\177_crossriderDashboard.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\178_revizer_ws_dynamic_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\179_revizer_p_dynamic_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\180_bpo_serp_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\182_openUrl.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\183_tabsWrapper.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\21_debug.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\22_resources.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\28_initializer.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\4_jquery_1_7_1.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\47_resources_background.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\64_appApiMessage.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\7_hooks.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\72_appApiValidation.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\78_CrossriderInfo.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\87_ginyas_wrapper.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\9_search_engine_hook.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\91_monetizationLoader.js.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\93_superfish_no_coupons_m.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\98_omniCommands.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\userCode\background.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\userCode\extension.js

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\install.rdf

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\locale\en-US\translations.dtd

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button1.png

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button2.png

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button3.png

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button4.png

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button5.png

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\crossrider_statusbar.png

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon128.png

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon16.png

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon24.png

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon48.png

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\panelarrow-up.png

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\popup.html

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\skin.css

c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\update.css

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-12-08 bis 2014-01-08  ))))))))))))))))))))))))))))))

.

.

2014-01-08 22:07 . 2014-01-08 22:07        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2014-01-08 22:07 . 2014-01-08 22:07        --------        d-----w-        c:\users\UpdatusUser.MONSTERDIDI\AppData\Local\temp

2014-01-08 22:07 . 2014-01-08 22:07        --------        d-----w-        c:\users\Public\AppData\Local\temp

2014-01-08 22:07 . 2014-01-08 22:07        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-01-08 18:00 . 2014-01-08 18:00        --------        d-----w-        C:\FRST

2014-01-08 17:35 . 2014-01-08 17:35        --------        d-----w-        c:\users\Admin\AppData\Roaming\Malwarebytes

2014-01-08 17:34 . 2014-01-08 17:34        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2014-01-08 17:34 . 2014-01-08 17:34        --------        d-----w-        c:\programdata\Malwarebytes

2014-01-08 17:34 . 2013-04-04 13:50        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys

2014-01-08 16:26 . 2014-01-08 16:26        --------        d-----w-        c:\program files\EPSViewer

2014-01-01 22:19 . 2014-01-01 22:19        --------        d-----w-        c:\users\Admin\AppData\Local\Programs

2013-12-25 23:35 . 2013-12-25 23:35        --------        d-----w-        c:\users\Admin\AppData\Roaming\mirkes.de

2013-12-25 23:35 . 2013-12-25 23:35        --------        d-----w-        c:\program files\mirkes.de

2013-12-22 19:57 . 2013-12-22 20:01        --------        d-----w-        c:\users\Admin\AppData\Roaming\Android

2013-12-12 19:44 . 2013-12-12 19:44        --------        d-----w-        c:\programdata\Qualcomm

2013-12-11 19:39 . 2013-12-11 19:39        --------        d-----w-        c:\program files\Qualcomm

2013-12-11 11:57 . 2013-12-11 12:26        --------        d-----w-        c:\program files\Mozilla Thunderbird

2013-12-11 05:55 . 2013-05-10 04:56        12625408        ----a-w-        c:\windows\system32\wmploc.DLL

2013-12-11 05:55 . 2013-05-10 03:48        164864        ----a-w-        c:\program files\Windows Media Player\wmplayer.exe

2013-12-11 05:43 . 2013-10-30 02:19        301568        ----a-w-        c:\windows\system32\msieftp.dll

2013-12-11 05:43 . 2013-10-19 01:36        159232        ----a-w-        c:\windows\system32\imagehlp.dll

2013-12-11 05:43 . 2013-10-12 02:04        121856        ----a-w-        c:\windows\system32\wshom.ocx

2013-12-11 05:43 . 2013-10-12 02:03        163840        ----a-w-        c:\windows\system32\scrrun.dll

2013-12-11 05:43 . 2013-10-12 01:15        141824        ----a-w-        c:\windows\system32\wscript.exe

2013-12-11 05:43 . 2013-10-12 01:15        126976        ----a-w-        c:\windows\system32\cscript.exe

2013-12-11 05:43 . 2013-11-23 18:26        417792        ----a-w-        c:\windows\system32\WMPhoto.dll

2013-12-11 05:43 . 2013-11-12 02:07        2048        ----a-w-        c:\windows\system32\tzres.dll

2013-12-11 05:43 . 2013-10-30 01:27        2349056        ----a-w-        c:\windows\system32\win32k.sys

2013-12-11 05:43 . 2013-10-04 01:49        81408        ----a-w-        c:\windows\system32\drivers\drmk.sys

2013-12-11 05:43 . 2013-10-04 01:17        177152        ----a-w-        c:\windows\system32\drivers\portcls.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-30 22:33 . 2012-04-30 05:38        692616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2013-12-30 22:33 . 2011-10-13 06:22        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-28 00:12 . 2013-10-28 00:12        182680        ----a-w-        c:\windows\system32\drivers\ssudserd.sys

2013-10-28 00:12 . 2013-10-28 00:12        87064        ----a-w-        c:\windows\system32\drivers\ssudbus.sys

2013-10-28 00:12 . 2013-10-28 00:12        182680        ----a-w-        c:\windows\system32\drivers\ssudmdm.sys

2013-10-23 10:24 . 2013-10-30 08:04        9524088        ----a-w-        c:\windows\system32\nvcuda.dll

2013-10-23 10:24 . 2013-10-30 08:04        9480328        ----a-w-        c:\windows\system32\nvopencl.dll

2013-10-23 10:24 . 2013-10-30 08:04        893728        ----a-w-        c:\windows\system32\nvdispgenco3233165.dll

2013-10-23 10:24 . 2013-10-30 08:04        599840        ----a-w-        c:\windows\system32\NvFBC.dll

2013-10-23 10:24 . 2013-10-30 08:04        560416        ----a-w-        c:\windows\system32\NvIFR.dll

2013-10-23 10:24 . 2013-10-30 08:04        2946848        ----a-w-        c:\windows\system32\nvcuvid.dll

2013-10-23 10:24 . 2013-10-30 08:04        2747168        ----a-w-        c:\windows\system32\nvcuvenc.dll

2013-10-23 10:24 . 2013-10-30 08:04        266984        ----a-w-        c:\windows\system32\nvoglshim32.dll

2013-10-23 10:24 . 2013-10-30 08:04        22933792        ----a-w-        c:\windows\system32\nvoglv32.dll

2013-10-23 10:24 . 2013-10-30 08:04        17560352        ----a-w-        c:\windows\system32\nvcompiler.dll

2013-10-23 10:24 . 2013-10-30 08:04        15855568        ----a-w-        c:\windows\system32\nvwgf2um.dll

2013-10-23 10:24 . 2013-10-30 08:04        15212336        ----a-w-        c:\windows\system32\nvd3dum.dll

2013-10-23 10:24 . 2013-10-30 08:04        141336        ----a-w-        c:\windows\system32\nvinit.dll

2013-10-23 10:24 . 2013-10-30 08:04        1049888        ----a-w-        c:\windows\system32\nvdispco3233165.dll

2013-10-23 10:24 . 2013-10-30 08:04        10410272        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys

2013-10-23 10:24 . 2012-02-09 20:43        1241376        ----a-w-        c:\windows\system32\nvumdshim.dll

2013-10-23 10:24 . 2011-12-03 13:22        2695200        ----a-w-        c:\windows\system32\nvapi.dll

2013-10-23 07:19 . 2010-04-03 16:27        4318496        ----a-w-        c:\windows\system32\nvcpl.dll

2013-10-23 07:19 . 2010-04-03 16:27        3036448        ----a-w-        c:\windows\system32\nvsvc.dll

2013-10-23 07:19 . 2010-04-03 16:27        664352        ----a-w-        c:\windows\system32\nvvsvc.exe

2013-10-23 07:19 . 2010-04-03 16:27        62752        ----a-w-        c:\windows\system32\nvshext.dll

2013-10-23 07:19 . 2010-04-03 16:27        2555168        ----a-w-        c:\windows\system32\nvsvcr.dll

2013-10-23 07:19 . 2010-04-03 16:27        209184        ----a-w-        c:\windows\system32\nvmctray.dll

2013-10-23 02:02 . 2013-10-23 02:02        589600        ----a-w-        c:\windows\system32\nvStreaming.exe

2013-10-18 01:36 . 2013-10-30 08:08        955168        ----a-w-        c:\windows\system32\nvspcap.dll

2013-10-12 02:03 . 2013-11-13 01:15        656896        ----a-w-        c:\windows\system32\nshwfp.dll

2013-10-12 02:01 . 2013-11-13 01:16        679424        ----a-w-        c:\windows\system32\IKEEXT.DLL

2013-10-12 02:01 . 2013-11-13 01:15        216576        ----a-w-        c:\windows\system32\FWPUCLNT.DLL

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-12-06 14:47        579024        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-12-06 14:47        579024        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-12-06 14:47        579024        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-12-06 14:47        579024        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-12-06 14:47        579024        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-12-06 14:47        579024        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2010-06-17 370176]

"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]

"SHIWebOnDiskManager"="c:\program files\SHIWebOnDiskManager\SHIWebOnDiskManager.exe" [2011-09-23 233472]

"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]

"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2013-10-18 955168]

"LexwareInfoService"="c:\program files\Lexware\Update Manager\LxUpdateManager.exe" [2013-10-08 208424]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCU]

2010-03-05 08:15        411864        ----a-w-        c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe

.

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-10-28 87064]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-01-15 13224]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2013-06-21 136904]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2013-06-21 17864]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2013-06-21 153672]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2013-06-21 130248]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-10-28 182680]

R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2013-10-28 182680]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]

R3 usbrndis6;USB-RNDIS6-Adapter;c:\windows\system32\DRIVERS\usb80236.sys [2013-02-12 15872]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1404000.028\SYMDS.SYS [2013-05-20 367704]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1404000.028\SYMEFA.SYS [2013-05-22 934488]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\BASHDefs\20131218.001\BHDrvx86.sys [2013-12-18 1098968]

S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1404000.028\ccSetx86.sys [2013-04-15 134744]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\IPSDefs\20140107.001\IDSvix86.sys [2013-12-13 394456]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1404000.028\Ironx86.SYS [2013-03-04 175264]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAV\1404000.028\SYMNETS.SYS [2013-04-24 339544]

S2 asComSvc;ASUS Com Service;c:\program files\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]

S2 asHmComSvc;ASUS HM Com Service;c:\program files\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]

S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-07-18 233472]

S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe [2013-05-20 144368]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-18 14650144]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-01-27 98280]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-01-27 304616]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-21 108120]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2013-07-18 37344]

S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-09-27 33568]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-03-04 643656]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - FSUSBEXDISK

*NewlyCreated* - FWDYIFOC

*Deregistered* - fwdyifoc

.

Inhalt des "geplante Tasks" Ordners

.

2013-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 22:33]

.

2014-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-30 10:34]

.

2014-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-30 10:34]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = https://www.google.de/

uSearchAssistant = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: starstable.com

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - google.de

FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=792919e9-9c7c-8293-6f85-ff1387632e08&searchtype=ds&installDate=08/11/2013&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKCU-Run-AdobeBridge - (no file)

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.0_03"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.0_04"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.0_05"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_01"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_01"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_02"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_02"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_03"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_03"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_04"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_04"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_05"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_05"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_06"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_06"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_07"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_07"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_08"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_08"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_09"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_09"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_10"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_10"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_11"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_11"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_12"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_12"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_13"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_13"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_14"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_14"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_15"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_15"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_16"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_16"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_17"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_17"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_18"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_18"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_19"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_19"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_20"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_20"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_21"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.1_21"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.0"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.0"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.0_01"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.0_01"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.0_02"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.0_02"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.0_03"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.0_03"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.0_04"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.0_04"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.1"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.1"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.1_01"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.1_01"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.1_02"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.1_02"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.1_03"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.1_03"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.1_04"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.1_04"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.1_05"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.1_05"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.1_06"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.1_06"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.1_07"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.1_07"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_01"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_01"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_02"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_02"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_03"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_03"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_04"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_04"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_05"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_05"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_06"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_06"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_07"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_07"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_08"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_08"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_09"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_09"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_10"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_10"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_11"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_11"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_12"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_12"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_13"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_13"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_14"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_14"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_15"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_15"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_16"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_16"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_17"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_17"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_18"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_18"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_19"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_19"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_20"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_20"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_21"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_21"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_22"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_22"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_23"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_23"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_24"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_24"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_25"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_25"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_26"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_26"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_27"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_27"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_28"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_28"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_29"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_29"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_30"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_30"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_31"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_31"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_32"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_32"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_33"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_33"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_34"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_34"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_35"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_35"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_36"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2_36"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.4.2"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_01"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_01"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_01"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_02"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_02"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_02"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_03"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_03"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_03"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_04"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_04"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_04"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_05"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_05"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_05"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_06"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_06"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_06"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_07"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_07"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_07"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_08"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_08"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_08"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_09"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_09"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_09"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_10"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_10"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_10"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_11"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_11"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_11"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_12"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_12"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_12"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_13"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_13"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_13"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_14"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_14"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_14"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_15"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_15"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_15"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_16"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_16"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_16"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_17"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_17"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_17"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_18"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_18"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_18"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_19"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_19"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_19"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_20"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_20"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_20"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_21"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_21"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_21"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_22"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_22"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_22"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_23"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_23"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_23"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_24"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_24"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_24"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_25"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_25"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_25"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_26"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_26"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_26"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_27"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_27"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_27"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_28"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_28"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_28"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_29"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_29"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_29"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_30"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_30"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_30"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_31"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_31"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_31"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_32"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_32"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_32"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_33"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_33"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_33"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_34"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_34"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0_34"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.5.0"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_01"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_01"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_01"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_02"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_02"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_02"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_03"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_03"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_03"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_04"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_04"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_04"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_05"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_05"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_05"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_06"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_06"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_06"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_07"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_07"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_07"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_08"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_08"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_08"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_09"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_09"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_09"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_10"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_10"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_10"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_11"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_11"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_11"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_12"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_12"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_12"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_13"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_13"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_13"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_14"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_14"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_14"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_15"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_15"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_15"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_16"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_16"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_16"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_17"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_17"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_17"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_18"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_18"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_18"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_19"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_19"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_19"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_20"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_20"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_20"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_21"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_21"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_21"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_22"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_22"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_22"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_23"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_23"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_23"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_24"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_24"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_24"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_25"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_25"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_25"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_26"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_26"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_26"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_27"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_27"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_27"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_28"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_28"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_28"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_29"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_29"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_29"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_30"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_30"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_30"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_31"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_31"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0_31"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.6.0"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.7.0"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.7.0"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.7.0"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.7.0_01"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.7.0_01"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.7.0_01"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}]

@DACL=(02 0000)

@="Java Plug-in 1.7.0_02"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}]

@DACL=(02 0000)

@="Java Plug-in 1.7.0_02"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}]

@DACL=(02 0000)

@="Java Plug-in 1.7.0_02"

.

[HKEY_USERS\S-1-5-21-1507968218-3757338369-1811197512-1000_Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]

@DACL=(02 0000)

@="Java Plug-in 1.3.0_02"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2014-01-08  23:08:33

ComboFix-quarantined-files.txt  2014-01-08 22:08

.

Vor Suchlauf: 19 Verzeichnis(se), 131.975.581.696 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 131.948.195.840 Bytes frei

.

- - End Of File - - 5382C7FC629135B9AF0B8A1DB529A9A6

A36C5E4F47E84449FF07ED3517B43A31

Gruß Dieter

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hallo,
hier die Logs:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-01-2014 01

Ran by Admin (administrator) on MONSTERDIDI on 09-01-2014 17:12:15

Running from C:\Users\Admin\Desktop

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

() C:\Program Files\ASUS\AXSP\1.00.13\atkexComSvc.exe

() C:\Program Files\ASUS\AAHM\1.00.13\aaHMSvc.exe

() C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

(Teruten) C:\Windows\System32\FsUsbExService.Exe

(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\AsRoutineController.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(SHI Elektronische Medien GmbH) C:\Program Files\WEKA\Kommentierte Betriebsvereinbarungen\SHIWebOnDisk.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\EPU\EPUHelp.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\AI Suite II.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)

HKLM\...\Run: [SHIWebOnDiskManager] - C:\Program Files\SHIWebOnDiskManager\SHIWebOnDiskManager.exe [233472 2011-09-23] (SHI Elektronische Medien GmbH)

HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKCU\...\Policies\Explorer: [NoCDBurning] 0
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {426ED343-66B1-4eb2-BD46-51F2AB7D269B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB

SearchScopes: HKCU - {292B7515-673D-41ef-A07A-854E5F903682} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}

SearchScopes: HKCU - {426ED343-66B1-4eb2-BD46-51F2AB7D269B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear

BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\IPS\ipsbho.dll (Symantec Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File

Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab

DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default

FF NewTab: about:blank

FF SearchEngineOrder.3: Bing 

FF Homepage: google.de

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.3.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video

FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video

FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\IPSFF
 

========================== Services (Whitelisted) =================
 

R2 asComSvc; C:\Program Files\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()

R2 asHmComSvc; C:\Program Files\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()

R2 AsSysCtrlService; C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()

R2 NAV; C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14650144 2013-10-18] (NVIDIA Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-08-24] ()

R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [98280 2011-01-27] (ASMedia Technology Inc)

R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [304616 2011-01-27] (ASMedia Technology Inc)

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\BASHDefs\20131218.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)

R1 ccSet_NAV; C:\Windows\system32\drivers\NAV\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)

R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-07-18] ()

R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\IPSDefs\20140108.001\IDSvix86.sys [394456 2013-12-13] (Symantec Corporation)

R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\VirusDefs\20140108.023\NAVENG.SYS [93272 2014-01-03] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\VirusDefs\20140108.023\NAVEX15.SYS [1612376 2014-01-03] (Symantec Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [33568 2013-09-28] (NVIDIA Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\NAV\1404000.028\SRTSP.SYS [603224 2013-05-15] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NAV\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)

S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [182680 2013-10-28] (DEVGURU Co., LTD.(www.devguru.co.kr))

S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2007-10-25] ()

R0 SymDS; C:\Windows\System32\drivers\NAV\1404000.028\SYMDS.SYS [367704 2013-05-20] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NAV\1404000.028\SYMEFA.SYS [934488 2013-05-22] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-23] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NAV\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NAV\1404000.028\SYMNETS.SYS [339544 2013-04-24] (Symantec Corporation)

S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [x]

S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-09 17:12 - 2014-01-09 17:12 - 00013405 _____ C:\Users\Admin\Desktop\FRST.txt

2014-01-09 17:11 - 2014-01-09 17:11 - 00000000 ____D C:\Users\Admin\Desktop\FRST-OlderVersion

2014-01-09 17:09 - 2014-01-09 17:09 - 00000823 _____ C:\Users\Admin\Desktop\JRT.txt

2014-01-09 17:07 - 2014-01-09 17:07 - 00000000 ____D C:\Windows\ERUNT

2014-01-09 17:04 - 2014-01-09 17:04 - 00005228 _____ C:\Users\Admin\Desktop\AdwCleaner[S0].txt

2014-01-09 17:01 - 2014-01-09 17:02 - 00000000 ____D C:\AdwCleaner

2014-01-09 17:00 - 2014-01-09 17:00 - 01233962 _____ C:\Users\Admin\Desktop\adwcleaner.exe

2014-01-09 16:50 - 2014-01-09 16:50 - 01037068 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe

2014-01-08 23:44 - 2014-01-08 23:44 - 00147276 _____ C:\Users\Admin\Downloads\BluMak2000 Universal Kernel Script Cleaning 4.0.zip

2014-01-08 23:32 - 2014-01-08 23:32 - 09290061 _____ C:\Users\Admin\Downloads\v1-TW-Edition-ausdim-Kernel-GT-I9505--20140104132045-CWM.zip

2014-01-08 23:08 - 2014-01-08 23:08 - 00100094 _____ C:\ComboFix.txt

2014-01-08 22:54 - 2014-01-08 22:54 - 05162489 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe

2014-01-08 19:23 - 2014-01-08 19:23 - 00001601 _____ C:\Users\Admin\Desktop\scan.log

2014-01-08 19:06 - 2014-01-08 19:06 - 00377856 _____ C:\Users\Admin\Desktop\5xcq4ty4.exe

2014-01-08 19:01 - 2014-01-08 19:01 - 00030621 _____ C:\Users\Admin\Desktop\Addition.txt

2014-01-08 19:00 - 2014-01-09 17:11 - 00000000 ____D C:\FRST

2014-01-08 18:59 - 2014-01-09 17:11 - 01065947 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe

2014-01-08 18:57 - 2014-01-08 18:57 - 00000000 _____ C:\Users\Admin\defogger_reenable

2014-01-08 18:47 - 2014-01-09 06:45 - 00000858 _____ C:\Windows\PFRO.log

2014-01-08 18:35 - 2014-01-08 18:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes

2014-01-08 18:34 - 2014-01-08 18:34 - 00001070 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2014-01-08 18:34 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-01-08 18:31 - 2014-01-08 18:31 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Admin\Desktop\mbam-setup-1.75.0.1300.exe

2014-01-08 18:23 - 2014-01-08 18:23 - 04745728 _____ (AVAST Software) C:\Users\Admin\Desktop\aswMBR.exe

2014-01-08 18:23 - 2014-01-08 18:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Desktop\tdsskiller.exe

2014-01-08 18:22 - 2014-01-08 18:22 - 00688992 _____ (Swearware) C:\Users\Admin\Desktop\dds.exe

2014-01-08 18:22 - 2014-01-08 18:22 - 00050477 _____ C:\Users\Admin\Desktop\Defogger.exe

2014-01-08 17:26 - 2014-01-08 17:26 - 00000000 ____D C:\Program Files\EPSViewer

2014-01-08 17:23 - 2014-01-08 17:24 - 07097337 _____ C:\Users\Admin\Downloads\Typenschild.eps

2014-01-07 21:15 - 2014-01-07 21:15 - 08886413 _____ C:\Users\Admin\Downloads\philz_touch_6.08.9-jfltexx.zip

2014-01-06 19:31 - 2014-01-06 19:31 - 01376581 _____ C:\Users\Admin\Downloads\GravityBox_2.7.6.apk

2014-01-06 19:18 - 2014-01-06 19:18 - 04457988 _____ C:\Users\Admin\Downloads\NottachXposed_v12.apk

2014-01-06 19:04 - 2014-01-06 19:04 - 00543253 _____ C:\Users\Admin\Downloads\de.robv.android.xposed.installer_v25_36cbbc.apk

2014-01-06 16:08 - 2014-01-06 16:08 - 00707836 _____ C:\Users\Admin\Downloads\threeminitsettings.apk

2014-01-06 16:07 - 2014-01-06 16:08 - 51693444 _____ C:\Users\Admin\Downloads\3Minit_Framework_0.4_ML6_MD5_97752B504F0184FC14333E97CA9F8B73.zip

2014-01-06 00:37 - 2014-01-06 16:35 - 579811384 _____ C:\Users\Admin\Downloads\Echoe_Rom_V12_ULTRA_SLIM_by_adl_&_Spevil.zip

2014-01-05 22:33 - 2014-01-05 22:33 - 31776279 _____ C:\Users\Admin\Downloads\BatteryIconCreator_V32.0.zip

2014-01-05 16:25 - 2014-01-05 16:25 - 00135136 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-05 12:18 - 2014-01-05 12:16 - 04790259 ____N C:\Users\Admin\Downloads\systemuiupdate.zip

2014-01-05 12:16 - 2014-01-05 21:22 - 34695113 _____ C:\Users\Admin\Downloads\oggupdate.zip

2014-01-05 11:42 - 2014-01-05 11:41 - 38616581 ____N C:\Users\Admin\Downloads\ogbattupdate.zip

2014-01-03 09:30 - 2014-01-03 09:34 - 04586659 _____ C:\Users\Admin\Downloads\SystemUI.apk

2014-01-02 22:34 - 2014-01-02 22:35 - 00001385 _____ C:\Windows\IE10_main.log

2014-01-02 22:33 - 2014-01-02 22:33 - 30091776 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\IE10-Windows6.1-x86-de-de.exe

2014-01-02 22:03 - 2014-01-02 23:15 - 1557379932 _____ C:\Users\Admin\Downloads\Duxter_Rom_v22.zip

2014-01-02 19:04 - 2014-01-02 19:06 - 25381969 _____ C:\Users\Admin\Downloads\Hot Fudge Theme by HS™ V1.0.zip

2014-01-02 17:20 - 2014-01-09 17:04 - 00005177 _____ C:\Windows\setupact.log

2014-01-02 17:20 - 2014-01-02 17:20 - 03871784 _____ C:\Windows\system32\FNTCACHE.DAT

2014-01-02 17:20 - 2014-01-02 17:20 - 00000000 _____ C:\Windows\setuperr.log

2014-01-02 06:45 - 2014-01-02 06:45 - 00000000 ____D C:\Users\Admin\Documents\WEKA

2013-12-31 16:42 - 2013-12-31 16:40 - 09310082 _____ C:\Users\Admin\Downloads\OGBatteryMod.apk

2013-12-31 16:37 - 2013-12-31 16:35 - 02435595 ____N C:\Users\Admin\Downloads\v12-Stock_SystemUI_OGBatteryMod_ML6.zip

2013-12-31 15:29 - 2013-12-19 22:14 - 11739433 _____ C:\Users\Admin\Downloads\SPlanner.apk

2013-12-31 10:05 - 2014-01-02 19:57 - 1058079272 _____ C:\Users\Admin\Downloads\S4_Echoe_v12_30DEC2013.zip

2013-12-30 14:12 - 2013-12-30 19:05 - 2073729101 _____ C:\Users\Admin\Downloads\PhoeniX.ROM.V7.0.XXUEML1.I9505.by.tamirda.zip

2013-12-29 15:04 - 2013-12-29 15:05 - 00000000 ____D C:\Users\Admin\Downloads\prime 95

2013-12-29 15:03 - 2013-12-29 15:03 - 04277073 _____ C:\Users\Admin\Downloads\p95v279.win32.zip

2013-12-28 14:39 - 2013-12-28 14:42 - 05348016 _____ C:\Users\Admin\Downloads\VP700M1N2N_18827ad160da44c59eefefb4ce72cc0d.zip

2013-12-26 09:56 - 2013-12-26 10:24 - 596713502 _____ C:\Users\Admin\Downloads\Echoe_Rom_V11_ULTRA_SLIM_by_adl_&_Spevil.zip

2013-12-26 00:35 - 2013-12-26 00:35 - 00001978 _____ C:\Users\Admin\Desktop\Tiny Hexer.lnk

2013-12-26 00:35 - 2013-12-26 00:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\mirkes.de

2013-12-26 00:35 - 2013-12-26 00:35 - 00000000 ____D C:\Program Files\mirkes.de

2013-12-26 00:09 - 2013-12-26 00:09 - 00007655 _____ C:\Users\Admin\AppData\Local\Resmon.ResmonCfg

2013-12-22 20:57 - 2013-12-22 21:03 - 00000000 ____D C:\Users\Admin\Downloads\apk_tool

2013-12-22 20:57 - 2013-12-22 21:01 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Android

2013-12-21 22:33 - 2013-12-21 22:48 - 524370513 _____ C:\Users\Admin\Downloads\Echoe_KitKat_v2.1_18DEC2013.zip

2013-12-19 16:59 - 2014-01-09 17:02 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-12-18 19:15 - 2013-12-18 19:15 - 03226940 _____ C:\Users\Admin\Downloads\178.zip

2013-12-18 19:14 - 2013-12-18 19:14 - 03070641 _____ C:\Users\Admin\Downloads\176.zip

2013-12-17 11:30 - 2013-12-17 11:30 - 00609095 _____ C:\Users\Admin\Downloads\echoekitchen.zip

2013-12-16 19:07 - 2014-01-06 19:10 - 00001220 _____ C:\Users\Admin\Downloads\Xposed-Disabler-Recovery.zip

2013-12-16 15:26 - 2013-12-16 15:27 - 52370762 _____ C:\Users\Admin\Downloads\Echoe Settings and Kitchen v9.zip

2013-12-15 18:32 - 2013-12-15 18:33 - 52386816 _____ C:\Users\Admin\Downloads\modem.bin

2013-12-14 22:41 - 2013-12-14 22:56 - 479621178 _____ C:\Users\Admin\Downloads\Echoe_KitKat_v1.2_10Dec2013.zip

2013-12-14 14:42 - 2013-12-16 12:59 - 00000000 ____D C:\Users\Admin\Downloads\wallpaper

2013-12-13 20:21 - 2013-12-13 20:21 - 00966872 _____ C:\Users\Admin\Downloads\DE-SAMSUNGNIZER_SCRIPT_V4.1.zip

2013-12-12 21:18 - 2013-12-14 15:18 - 00012755 _____ C:\Users\Admin\Downloads\lens_flare_lock.ogg

2013-12-12 21:18 - 2013-09-02 08:43 - 00013878 _____ C:\Users\Admin\Downloads\lens_flare_lock1.ogg

2013-12-12 20:44 - 2013-12-12 20:44 - 00000000 ____D C:\ProgramData\Qualcomm

2013-12-12 16:41 - 2013-12-16 13:27 - 702820351 _____ C:\Users\Admin\Downloads\Echoe_SLIM_v9_26Nov2013.zip

2013-12-12 16:29 - 2013-12-12 16:34 - 15365072 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\Admin\Downloads\USB_Drivers_1.5.27.0.exe

2013-12-12 12:05 - 2013-12-12 12:05 - 01828801 _____ C:\Users\Admin\Downloads\PAS30.zip

2013-12-12 12:03 - 2013-12-12 12:03 - 01823613 _____ C:\Users\Admin\Downloads\PAS29.zip

2013-12-11 23:32 - 2013-12-11 23:33 - 08714305 _____ C:\Users\Admin\Downloads\philz_touch_6.03.4-jfltexx.tar.md5

2013-12-11 22:50 - 2013-12-11 22:50 - 01160801 _____ C:\Users\Admin\Downloads\UPDATE-SuperSU-v1.80.zip

2013-12-11 22:47 - 2013-12-11 22:47 - 00464072 _____ C:\Users\Admin\Downloads\Odin3.07.zip

2013-12-11 20:39 - 2013-12-11 20:39 - 00000000 ____D C:\Program Files\Qualcomm

2013-12-11 20:37 - 2014-01-02 23:08 - 00000000 ____D C:\Users\Admin\Downloads\efs.back

2013-12-11 13:22 - 2013-12-22 10:41 - 00000000 ____D C:\Users\Admin\Downloads\cfautoroot

2013-12-11 12:57 - 2013-12-11 13:26 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-12-11 06:55 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2013-12-11 06:55 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2013-12-11 06:52 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-12-11 06:52 - 2013-10-25 05:45 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-12-11 06:52 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-12-11 06:52 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-12-11 06:52 - 2013-10-25 04:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-12-11 06:52 - 2013-10-25 03:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-12-11 06:43 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2013-12-11 06:43 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-12-11 06:43 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll

2013-12-11 06:43 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-12-11 06:43 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

2013-12-11 06:43 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2013-12-11 06:43 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2013-12-11 06:43 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe

2013-12-11 06:43 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2013-12-11 06:43 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2013-12-11 06:43 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
 

==================== One Month Modified Files and Folders =======
 

2014-01-09 17:12 - 2014-01-09 17:12 - 00013405 _____ C:\Users\Admin\Desktop\FRST.txt

2014-01-09 17:11 - 2014-01-09 17:11 - 00000000 ____D C:\Users\Admin\Desktop\FRST-OlderVersion

2014-01-09 17:11 - 2014-01-08 19:00 - 00000000 ____D C:\FRST

2014-01-09 17:11 - 2014-01-08 18:59 - 01065947 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe

2014-01-09 17:11 - 2009-07-14 05:34 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-09 17:11 - 2009-07-14 05:34 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-09 17:09 - 2014-01-09 17:09 - 00000823 _____ C:\Users\Admin\Desktop\JRT.txt

2014-01-09 17:07 - 2014-01-09 17:07 - 00000000 ____D C:\Windows\ERUNT

2014-01-09 17:06 - 2011-06-30 11:34 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-09 17:04 - 2014-01-09 17:04 - 00005228 _____ C:\Users\Admin\Desktop\AdwCleaner[S0].txt

2014-01-09 17:04 - 2014-01-02 17:20 - 00005177 _____ C:\Windows\setupact.log

2014-01-09 17:04 - 2011-06-30 11:34 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-09 17:03 - 2011-06-16 18:01 - 01181378 _____ C:\Windows\WindowsUpdate.log

2014-01-09 17:03 - 2011-06-16 13:45 - 00000000 ____D C:\ProgramData\NVIDIA

2014-01-09 17:03 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-09 17:02 - 2014-01-09 17:01 - 00000000 ____D C:\AdwCleaner

2014-01-09 17:02 - 2013-12-19 16:59 - 00000000 ____D C:\Program Files\Mozilla Firefox

2014-01-09 17:00 - 2014-01-09 17:00 - 01233962 _____ C:\Users\Admin\Desktop\adwcleaner.exe

2014-01-09 16:50 - 2014-01-09 16:50 - 01037068 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe

2014-01-09 06:45 - 2014-01-08 18:47 - 00000858 _____ C:\Windows\PFRO.log

2014-01-08 23:44 - 2014-01-08 23:44 - 00147276 _____ C:\Users\Admin\Downloads\BluMak2000 Universal Kernel Script Cleaning 4.0.zip

2014-01-08 23:32 - 2014-01-08 23:32 - 09290061 _____ C:\Users\Admin\Downloads\v1-TW-Edition-ausdim-Kernel-GT-I9505--20140104132045-CWM.zip

2014-01-08 23:08 - 2014-01-08 23:08 - 00100094 _____ C:\ComboFix.txt

2014-01-08 23:08 - 2012-06-30 15:44 - 00000000 ____D C:\Qoobox

2014-01-08 23:07 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini

2014-01-08 22:54 - 2014-01-08 22:54 - 05162489 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe

2014-01-08 20:28 - 2011-06-16 12:29 - 00000000 ____D C:\Intel

2014-01-08 19:23 - 2014-01-08 19:23 - 00001601 _____ C:\Users\Admin\Desktop\scan.log

2014-01-08 19:06 - 2014-01-08 19:06 - 00377856 _____ C:\Users\Admin\Desktop\5xcq4ty4.exe

2014-01-08 19:01 - 2014-01-08 19:01 - 00030621 _____ C:\Users\Admin\Desktop\Addition.txt

2014-01-08 18:57 - 2014-01-08 18:57 - 00000000 _____ C:\Users\Admin\defogger_reenable

2014-01-08 18:57 - 2011-06-16 12:04 - 00000000 ____D C:\Users\Admin

2014-01-08 18:35 - 2014-01-08 18:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes

2014-01-08 18:34 - 2014-01-08 18:34 - 00001070 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2014-01-08 18:31 - 2014-01-08 18:31 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Admin\Desktop\mbam-setup-1.75.0.1300.exe

2014-01-08 18:23 - 2014-01-08 18:23 - 04745728 _____ (AVAST Software) C:\Users\Admin\Desktop\aswMBR.exe

2014-01-08 18:23 - 2014-01-08 18:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Desktop\tdsskiller.exe

2014-01-08 18:22 - 2014-01-08 18:22 - 00688992 _____ (Swearware) C:\Users\Admin\Desktop\dds.exe

2014-01-08 18:22 - 2014-01-08 18:22 - 00050477 _____ C:\Users\Admin\Desktop\Defogger.exe

2014-01-08 17:26 - 2014-01-08 17:26 - 00000000 ____D C:\Program Files\EPSViewer

2014-01-08 17:24 - 2014-01-08 17:23 - 07097337 _____ C:\Users\Admin\Downloads\Typenschild.eps

2014-01-07 21:15 - 2014-01-07 21:15 - 08886413 _____ C:\Users\Admin\Downloads\philz_touch_6.08.9-jfltexx.zip

2014-01-06 19:31 - 2014-01-06 19:31 - 01376581 _____ C:\Users\Admin\Downloads\GravityBox_2.7.6.apk

2014-01-06 19:18 - 2014-01-06 19:18 - 04457988 _____ C:\Users\Admin\Downloads\NottachXposed_v12.apk

2014-01-06 19:10 - 2013-12-16 19:07 - 00001220 _____ C:\Users\Admin\Downloads\Xposed-Disabler-Recovery.zip

2014-01-06 19:04 - 2014-01-06 19:04 - 00543253 _____ C:\Users\Admin\Downloads\de.robv.android.xposed.installer_v25_36cbbc.apk

2014-01-06 16:35 - 2014-01-06 00:37 - 579811384 _____ C:\Users\Admin\Downloads\Echoe_Rom_V12_ULTRA_SLIM_by_adl_&_Spevil.zip

2014-01-06 16:08 - 2014-01-06 16:08 - 00707836 _____ C:\Users\Admin\Downloads\threeminitsettings.apk

2014-01-06 16:08 - 2014-01-06 16:07 - 51693444 _____ C:\Users\Admin\Downloads\3Minit_Framework_0.4_ML6_MD5_97752B504F0184FC14333E97CA9F8B73.zip

2014-01-05 22:34 - 2012-10-05 07:30 - 00000000 ____D C:\Users\Admin\Downloads\BatteryIconCreator

2014-01-05 22:33 - 2014-01-05 22:33 - 31776279 _____ C:\Users\Admin\Downloads\BatteryIconCreator_V32.0.zip

2014-01-05 21:22 - 2014-01-05 12:16 - 34695113 _____ C:\Users\Admin\Downloads\oggupdate.zip

2014-01-05 18:01 - 2011-06-16 13:18 - 00010240 _____ C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-01-05 17:59 - 2011-06-16 12:08 - 01658180 _____ C:\Windows\system32\PerfStringBackup.INI

2014-01-05 16:25 - 2014-01-05 16:25 - 00135136 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-05 12:16 - 2014-01-05 12:18 - 04790259 ____N C:\Users\Admin\Downloads\systemuiupdate.zip

2014-01-05 11:41 - 2014-01-05 11:42 - 38616581 ____N C:\Users\Admin\Downloads\ogbattupdate.zip

2014-01-03 09:34 - 2014-01-03 09:30 - 04586659 _____ C:\Users\Admin\Downloads\SystemUI.apk

2014-01-03 00:22 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache

2014-01-02 23:37 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF

2014-01-02 23:15 - 2014-01-02 22:03 - 1557379932 _____ C:\Users\Admin\Downloads\Duxter_Rom_v22.zip

2014-01-02 23:08 - 2013-12-11 20:37 - 00000000 ____D C:\Users\Admin\Downloads\efs.back

2014-01-02 22:53 - 2011-06-16 18:58 - 00000000 ____D C:\Windows\Panther

2014-01-02 22:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE

2014-01-02 22:35 - 2014-01-02 22:34 - 00001385 _____ C:\Windows\IE10_main.log

2014-01-02 22:33 - 2014-01-02 22:33 - 30091776 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\IE10-Windows6.1-x86-de-de.exe

2014-01-02 19:57 - 2013-12-31 10:05 - 1058079272 _____ C:\Users\Admin\Downloads\S4_Echoe_v12_30DEC2013.zip

2014-01-02 19:06 - 2014-01-02 19:04 - 25381969 _____ C:\Users\Admin\Downloads\Hot Fudge Theme by HS™ V1.0.zip

2014-01-02 17:20 - 2014-01-02 17:20 - 03871784 _____ C:\Windows\system32\FNTCACHE.DAT

2014-01-02 17:20 - 2014-01-02 17:20 - 00000000 _____ C:\Windows\setuperr.log

2014-01-02 15:43 - 2012-10-01 04:59 - 00000000 ____D C:\Windows\Minidump

2014-01-02 15:43 - 2011-07-02 10:32 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps

2014-01-02 06:45 - 2014-01-02 06:45 - 00000000 ____D C:\Users\Admin\Documents\WEKA

2014-01-01 23:06 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public

2014-01-01 19:50 - 2011-09-03 09:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc

2014-01-01 10:10 - 2011-06-28 08:51 - 00458752 ___SH C:\Users\Admin\Documents\Thumbs.db

2014-01-01 07:05 - 2009-07-14 05:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2014-01-01 01:49 - 2013-10-22 00:09 - 00000000 ____D C:\Users\Admin\Desktop\van

2013-12-31 16:40 - 2013-12-31 16:42 - 09310082 _____ C:\Users\Admin\Downloads\OGBatteryMod.apk

2013-12-31 16:35 - 2013-12-31 16:37 - 02435595 ____N C:\Users\Admin\Downloads\v12-Stock_SystemUI_OGBatteryMod_ML6.zip

2013-12-31 06:35 - 2012-11-22 08:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-12-30 23:33 - 2012-04-30 06:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-12-30 23:33 - 2011-10-13 07:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-12-30 23:33 - 2011-06-16 12:55 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe

2013-12-30 19:05 - 2013-12-30 14:12 - 2073729101 _____ C:\Users\Admin\Downloads\PhoeniX.ROM.V7.0.XXUEML1.I9505.by.tamirda.zip

2013-12-29 15:05 - 2013-12-29 15:04 - 00000000 ____D C:\Users\Admin\Downloads\prime 95

2013-12-29 15:03 - 2013-12-29 15:03 - 04277073 _____ C:\Users\Admin\Downloads\p95v279.win32.zip

2013-12-28 14:42 - 2013-12-28 14:39 - 05348016 _____ C:\Users\Admin\Downloads\VP700M1N2N_18827ad160da44c59eefefb4ce72cc0d.zip

2013-12-26 10:24 - 2013-12-26 09:56 - 596713502 _____ C:\Users\Admin\Downloads\Echoe_Rom_V11_ULTRA_SLIM_by_adl_&_Spevil.zip

2013-12-26 01:17 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\MSBuild

2013-12-26 00:35 - 2013-12-26 00:35 - 00001978 _____ C:\Users\Admin\Desktop\Tiny Hexer.lnk

2013-12-26 00:35 - 2013-12-26 00:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\mirkes.de

2013-12-26 00:35 - 2013-12-26 00:35 - 00000000 ____D C:\Program Files\mirkes.de

2013-12-26 00:09 - 2013-12-26 00:09 - 00007655 _____ C:\Users\Admin\AppData\Local\Resmon.ResmonCfg

2013-12-24 17:56 - 2013-10-30 09:06 - 00000000 ____D C:\Users\UpdatusUser.*********

2013-12-24 17:56 - 2012-04-28 07:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-12-22 21:03 - 2013-12-22 20:57 - 00000000 ____D C:\Users\Admin\Downloads\apk_tool

2013-12-22 21:01 - 2013-12-22 20:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Android

2013-12-22 10:41 - 2013-12-11 13:22 - 00000000 ____D C:\Users\Admin\Downloads\cfautoroot

2013-12-21 22:48 - 2013-12-21 22:33 - 524370513 _____ C:\Users\Admin\Downloads\Echoe_KitKat_v2.1_18DEC2013.zip

2013-12-19 22:14 - 2013-12-31 15:29 - 11739433 _____ C:\Users\Admin\Downloads\SPlanner.apk

2013-12-18 19:15 - 2013-12-18 19:15 - 03226940 _____ C:\Users\Admin\Downloads\178.zip

2013-12-18 19:14 - 2013-12-18 19:14 - 03070641 _____ C:\Users\Admin\Downloads\176.zip

2013-12-17 11:30 - 2013-12-17 11:30 - 00609095 _____ C:\Users\Admin\Downloads\echoekitchen.zip

2013-12-16 18:08 - 2011-06-16 13:16 - 00000000 ____D C:\Program Files\Google

2013-12-16 15:27 - 2013-12-16 15:26 - 52370762 _____ C:\Users\Admin\Downloads\Echoe Settings and Kitchen v9.zip

2013-12-16 13:27 - 2013-12-12 16:41 - 702820351 _____ C:\Users\Admin\Downloads\Echoe_SLIM_v9_26Nov2013.zip

2013-12-16 13:00 - 2012-06-20 05:38 - 00000000 ____D C:\Users\Admin\Downloads\babe

2013-12-16 12:59 - 2013-12-14 14:42 - 00000000 ____D C:\Users\Admin\Downloads\wallpaper

2013-12-15 18:33 - 2013-12-15 18:32 - 52386816 _____ C:\Users\Admin\Downloads\modem.bin

2013-12-14 22:56 - 2013-12-14 22:41 - 479621178 _____ C:\Users\Admin\Downloads\Echoe_KitKat_v1.2_10Dec2013.zip

2013-12-14 15:18 - 2013-12-12 21:18 - 00012755 _____ C:\Users\Admin\Downloads\lens_flare_lock.ogg

2013-12-13 20:21 - 2013-12-13 20:21 - 00966872 _____ C:\Users\Admin\Downloads\DE-SAMSUNGNIZER_SCRIPT_V4.1.zip

2013-12-12 20:44 - 2013-12-12 20:44 - 00000000 ____D C:\ProgramData\Qualcomm

2013-12-12 16:34 - 2013-12-12 16:29 - 15365072 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\Admin\Downloads\USB_Drivers_1.5.27.0.exe

2013-12-12 12:05 - 2013-12-12 12:05 - 01828801 _____ C:\Users\Admin\Downloads\PAS30.zip

2013-12-12 12:03 - 2013-12-12 12:03 - 01823613 _____ C:\Users\Admin\Downloads\PAS29.zip

2013-12-12 01:00 - 2011-06-16 13:16 - 00000000 ____D C:\Users\Admin\AppData\Local\Google

2013-12-11 23:33 - 2013-12-11 23:32 - 08714305 _____ C:\Users\Admin\Downloads\philz_touch_6.03.4-jfltexx.tar.md5

2013-12-11 22:50 - 2013-12-11 22:50 - 01160801 _____ C:\Users\Admin\Downloads\UPDATE-SuperSU-v1.80.zip

2013-12-11 22:47 - 2013-12-11 22:47 - 00464072 _____ C:\Users\Admin\Downloads\Odin3.07.zip

2013-12-11 20:39 - 2013-12-11 20:39 - 00000000 ____D C:\Program Files\Qualcomm

2013-12-11 13:26 - 2013-12-11 12:57 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-12-11 09:37 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-12-11 08:49 - 2011-06-17 13:09 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-12-11 06:55 - 2013-07-29 15:42 - 00000000 ____D C:\Windows\system32\MRT

2013-12-11 06:55 - 2011-06-16 13:39 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 

Some content of TEMP:

====================

C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-01-09 10:06
 

==================== End Of Log ============================

--- --- ---

JRT:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.0 (01.07.2014:1)

OS: Windows 7 Home Premium x86

Ran by Admin on 09.01.2014 at 17:07:44,66

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\onuftrsm.default\minidumps [32 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 09.01.2014 at 17:09:47,29

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADW:

Code:

# AdwCleaner v3.016 - Bericht erstellt am 09/01/2014 um 17:02:27

# Aktualisiert 23/12/2013 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)

# Benutzername : Admin - *********

# Gestartet von : C:\Users\Admin\Desktop\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 

Dienst Gelöscht : BCUService
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\DeviceVM

Ordner Gelöscht : C:\Program Files\DeviceVM

Ordner Gelöscht : C:\Program Files\myfree codec

Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\boost_interprocess

Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\DeviceVM

Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\searchplugins\bingp.xml

Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\searchplugins\safesearch.xml

Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\searchplugins\Web Search.xml

Datei Gelöscht : C:\Program Files\Mozilla Firefox\user.js
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26534F4C-2C60-4A1C-8379-C2C13B4BE605}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_bewerbungsmaster_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_bewerbungsmaster_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415562}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416662}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444414462}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Schlüssel Gelöscht : HKCU\Software\DeviceVM

Schlüssel Gelöscht : HKCU\Software\IM

Schlüssel Gelöscht : HKCU\Software\ImInstaller

Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions

Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKCU\Software\Softonic

Schlüssel Gelöscht : HKLM\Software\DeviceVM

Schlüssel Gelöscht : HKLM\Software\InstalledThirdPartyPrograms
 

***** [ Browser ] *****
 

-\\ Internet Explorer v10.0.9200.16750
 

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
 

-\\ Mozilla Firefox v25.0.1 (de)
 

[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\prefs.js ]
 

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");

Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");

Zeile gelöscht : user_pref("extensions.crossrider.bic", "1423c64124e21fa8e6b3451ef1ec5b89");

Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=792919e9-9c7c-8293-6f85-ff1387632e08&searchtype=ds&installDate=08/11/2013&q=");
 

*************************
 

AdwCleaner[R0].txt - [5587 octets] - [09/01/2014 17:01:34]

AdwCleaner[S0].txt - [5088 octets] - [09/01/2014 17:02:27]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5148 octets] ##########

mbA:

Code:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2014.01.09.04
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16750

Admin ::************ [Administrator]
 

09.01.2014 16:53:31

mbam-log-2014-01-09 (16-53-31).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 263118

Laufzeit: 5 Minute(n), 54 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Vielen Dank für die Unterstützung

Gruß Dieter

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hallo,
ich habe eigentlich keine weiteren Probleme mit dem Rechner. Ab und an mal ein Systemhänger, aber das kenne ich von Windows nicht anders...:applaus:

Ärgerlich ist einfach die andauernde Post von den Freunden der T-Kom...

Log:

Code:

Results of screen317's Security Check version 0.99.78  

 Windows 7 Service Pack 1 x86 (UAC is enabled)  

 Internet Explorer 10 Out of date! 
 ``````````````Antivirus/Firewall Check:`````````````` 

Norton AntiVirus   

 WMI entry may not exist for antivirus; attempting automatic update. 
 `````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware Version 1.75.0.1300  

 CCleaner     

 JavaFX 2.0.3    

 Java(TM) 7 Update 3  

 Java(TM) SE Development Kit 7 Update 1 

 Java version out of Date! 

 Adobe Flash Player         11.8.800.94  

 Adobe Reader 10.1.8 Adobe Reader out of Date!  

 Mozilla Firefox 25.0.1 Firefox out of Date!  

 Mozilla Thunderbird (24.2.0) 
 ````````Process Check: objlist.exe by Laurent````````  

 Norton ccSvcHst.exe 

 Norton AntiVirus Engine 20.4.0.40 ccSvcHst.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=f8d980c09fb98c49b9394a2381c0390d

# engine=16601

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-01-10 06:31:05

# local_time=2014-01-10 07:31:05 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=3590 16777213 100 90 15379378 208399129 0 0

# compatibility_mode=5893 16776574 100 94 15379535 141009856 0 0

# scanned=254571

# found=5

# cleaned=0

# scan_time=13375

sh=2687BC8DE902586023B05AE61F21E7B8D21F234E ft=1 fh=c71c00116a5ab973 vn="a variant of Win32/Kryptik.BSPD trojan" ac=I fn="C:\Users\Admin\AppData\Roaming\Evutp\kywia.exe"

sh=B4FEE1F0A0B698DE0507D1A6AEFE104469DA7B53 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.C trojan" ac=I fn="F:\MONSTERDIDI\Backup Set 2012-11-01 190002\Backup Files 2012-11-01 190002\Backup files 7.zip"

sh=C217825A15A8D4925393836BC1E94BCAE1F048A0 ft=0 fh=0000000000000000 vn="Android/Exploit.RageCage.A trojan" ac=I fn="F:\MONSTERDIDI\Backup Set 2012-11-01 190002\Backup Files 2012-11-01 190002\Backup files 77.zip"

sh=0C23B3E310A1016492FEBABD3A7DC8B342BB7968 ft=0 fh=0000000000000000 vn="Android/Exploit.RageCage.A trojan" ac=I fn="F:\MONSTERDIDI\Backup Set 2012-11-01 190002\Backup Files 2012-11-01 190002\Backup files 8.zip"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Spy.Zbot.AAQ trojan" ac=I fn="${Memory}"

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-01-2014

Ran by Admin (administrator) on MONSTERDIDI on 10-01-2014 19:50:25

Running from C:\Users\Admin\Desktop

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

() C:\Program Files\ASUS\AXSP\1.00.13\atkexComSvc.exe

() C:\Program Files\ASUS\AAHM\1.00.13\aaHMSvc.exe

() C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

(Teruten) C:\Windows\System32\FsUsbExService.Exe

(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\AsRoutineController.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe

(SHI Elektronische Medien GmbH) C:\Program Files\WEKA\Kommentierte Betriebsvereinbarungen\SHIWebOnDisk.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\EPU\EPUHelp.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\AI Suite II.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe

(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)

HKLM\...\Run: [SHIWebOnDiskManager] - C:\Program Files\SHIWebOnDiskManager\SHIWebOnDiskManager.exe [233472 2011-09-23] (SHI Elektronische Medien GmbH)

HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKCU\...\Run: [kywia.exe] - C:\Users\Admin\AppData\Roaming\Evutp\kywia.exe [372736 2013-03-23] ()

HKCU\...\Policies\Explorer: [NoCDBurning] 0
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {426ED343-66B1-4eb2-BD46-51F2AB7D269B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB

SearchScopes: HKCU - {292B7515-673D-41ef-A07A-854E5F903682} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}

SearchScopes: HKCU - {426ED343-66B1-4eb2-BD46-51F2AB7D269B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear

BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\IPS\ipsbho.dll (Symantec Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File

Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab

DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default

FF NewTab: about:blank

FF SearchEngineOrder.3: Bing 

FF Homepage: google.de

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.3.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video

FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video

FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\IPSFF
 

========================== Services (Whitelisted) =================
 

R2 asComSvc; C:\Program Files\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()

R2 asHmComSvc; C:\Program Files\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()

R2 AsSysCtrlService; C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()

R2 NAV; C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14650144 2013-10-18] (NVIDIA Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-08-24] ()

R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [98280 2011-01-27] (ASMedia Technology Inc)

R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [304616 2011-01-27] (ASMedia Technology Inc)

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\BASHDefs\20131218.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)

R1 ccSet_NAV; C:\Windows\system32\drivers\NAV\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)

R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-07-18] ()

R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\IPSDefs\20140109.001\IDSvix86.sys [394456 2013-12-13] (Symantec Corporation)

R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\VirusDefs\20140110.002\NAVENG.SYS [93272 2014-01-03] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\VirusDefs\20140110.002\NAVEX15.SYS [1612376 2014-01-03] (Symantec Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [33568 2013-09-28] (NVIDIA Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\NAV\1404000.028\SRTSP.SYS [603224 2013-05-15] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NAV\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)

S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [182680 2013-10-28] (DEVGURU Co., LTD.(www.devguru.co.kr))

S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2007-10-25] ()

R0 SymDS; C:\Windows\System32\drivers\NAV\1404000.028\SYMDS.SYS [367704 2013-05-20] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NAV\1404000.028\SYMEFA.SYS [934488 2013-05-22] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-23] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NAV\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NAV\1404000.028\SYMNETS.SYS [339544 2013-04-24] (Symantec Corporation)

S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [x]

S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-10 19:50 - 2014-01-10 19:50 - 00013574 _____ C:\Users\Admin\Desktop\FRST.txt

2014-01-10 19:50 - 2014-01-10 19:50 - 00000000 ____D C:\Users\Admin\Desktop\FRST-OlderVersion

2014-01-10 15:45 - 2014-01-10 15:45 - 00000000 ____D C:\Program Files\ESET

2014-01-10 15:43 - 2014-01-10 15:43 - 00987410 _____ C:\Users\Admin\Desktop\SecurityCheck.exe

2014-01-10 15:42 - 2014-01-10 15:42 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe

2014-01-09 23:15 - 2014-01-09 23:15 - 01440776 _____ C:\Users\Admin\Downloads\Root_SuperSU.0.98-Busybox.1.20.2-signed.zip

2014-01-09 20:47 - 2014-01-09 20:47 - 00626836 _____ C:\Users\Admin\Downloads\Param_Bin_I9305.zip

2014-01-09 20:46 - 2014-01-09 20:46 - 00468077 _____ C:\Users\Admin\Downloads\Odin3 3.04.zip

2014-01-09 18:19 - 2014-01-09 18:19 - 08007743 _____ C:\Users\Admin\Downloads\philz_touch_6.07.9-i9305.tar (1).md5

2014-01-09 17:44 - 2014-01-10 14:24 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Duicef

2014-01-09 17:44 - 2014-01-09 17:44 - 00000000 ____D C:\Windows\Sun

2014-01-09 17:44 - 2014-01-09 17:44 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Evutp

2014-01-09 17:07 - 2014-01-09 17:07 - 00000000 ____D C:\Windows\ERUNT

2014-01-09 17:01 - 2014-01-09 17:02 - 00000000 ____D C:\AdwCleaner

2014-01-09 17:00 - 2014-01-09 17:00 - 01233962 _____ C:\Users\Admin\Desktop\adwcleaner.exe

2014-01-09 16:50 - 2014-01-09 16:50 - 01037068 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe

2014-01-08 23:32 - 2014-01-08 23:32 - 09290061 _____ C:\Users\Admin\Downloads\v1-TW-Edition-ausdim-Kernel-GT-I9505--20140104132045-CWM.zip

2014-01-08 23:08 - 2014-01-08 23:08 - 00100094 _____ C:\ComboFix.txt

2014-01-08 22:54 - 2014-01-08 22:54 - 05162489 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe

2014-01-08 19:06 - 2014-01-08 19:06 - 00377856 _____ C:\Users\Admin\Desktop\5xcq4ty4.exe

2014-01-08 19:00 - 2014-01-10 19:50 - 00000000 ____D C:\FRST

2014-01-08 18:59 - 2014-01-10 19:50 - 01066141 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe

2014-01-08 18:57 - 2014-01-08 18:57 - 00000000 _____ C:\Users\Admin\defogger_reenable

2014-01-08 18:47 - 2014-01-09 06:45 - 00000858 _____ C:\Windows\PFRO.log

2014-01-08 18:35 - 2014-01-08 18:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes

2014-01-08 18:34 - 2014-01-08 18:34 - 00001070 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2014-01-08 18:34 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-01-08 18:31 - 2014-01-08 18:31 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Admin\Desktop\mbam-setup-1.75.0.1300.exe

2014-01-08 18:23 - 2014-01-08 18:23 - 04745728 _____ (AVAST Software) C:\Users\Admin\Desktop\aswMBR.exe

2014-01-08 18:23 - 2014-01-08 18:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Desktop\tdsskiller.exe

2014-01-08 18:22 - 2014-01-08 18:22 - 00688992 _____ (Swearware) C:\Users\Admin\Desktop\dds.exe

2014-01-08 18:22 - 2014-01-08 18:22 - 00050477 _____ C:\Users\Admin\Desktop\Defogger.exe

2014-01-08 17:26 - 2014-01-08 17:26 - 00000000 ____D C:\Program Files\EPSViewer

2014-01-08 17:23 - 2014-01-08 17:24 - 07097337 _____ C:\Users\Admin\Downloads\Typenschild.eps

2014-01-07 21:15 - 2014-01-07 21:15 - 08886413 _____ C:\Users\Admin\Downloads\philz_touch_6.08.9-jfltexx.zip

2014-01-06 00:37 - 2014-01-06 16:35 - 579811384 _____ C:\Users\Admin\Downloads\Echoe_Rom_V12_ULTRA_SLIM_by_adl_&_Spevil.zip

2014-01-05 22:33 - 2014-01-05 22:33 - 31776279 _____ C:\Users\Admin\Downloads\BatteryIconCreator_V32.0.zip

2014-01-05 16:25 - 2014-01-05 16:25 - 00135136 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-05 12:16 - 2014-01-05 21:22 - 34695113 _____ C:\Users\Admin\Downloads\oggupdate.zip

2014-01-02 22:34 - 2014-01-02 22:35 - 00001385 _____ C:\Windows\IE10_main.log

2014-01-02 19:04 - 2014-01-02 19:06 - 25381969 _____ C:\Users\Admin\Downloads\Hot Fudge Theme by HS™ V1.0.zip

2014-01-02 17:20 - 2014-01-10 08:44 - 00009511 _____ C:\Windows\setupact.log

2014-01-02 17:20 - 2014-01-02 17:20 - 03871784 _____ C:\Windows\system32\FNTCACHE.DAT

2014-01-02 17:20 - 2014-01-02 17:20 - 00000000 _____ C:\Windows\setuperr.log

2014-01-02 06:45 - 2014-01-02 06:45 - 00000000 ____D C:\Users\Admin\Documents\WEKA

2013-12-31 16:42 - 2013-12-31 16:40 - 09310082 _____ C:\Users\Admin\Downloads\OGBatteryMod.apk

2013-12-31 16:37 - 2013-12-31 16:35 - 02435595 ____N C:\Users\Admin\Downloads\v12-Stock_SystemUI_OGBatteryMod_ML6.zip

2013-12-31 15:29 - 2013-12-19 22:14 - 11739433 _____ C:\Users\Admin\Downloads\SPlanner.apk

2013-12-29 15:04 - 2013-12-29 15:05 - 00000000 ____D C:\Users\Admin\Downloads\prime 95

2013-12-28 14:39 - 2013-12-28 14:42 - 05348016 _____ C:\Users\Admin\Downloads\VP700M1N2N_18827ad160da44c59eefefb4ce72cc0d.zip

2013-12-26 00:35 - 2013-12-26 00:35 - 00001978 _____ C:\Users\Admin\Desktop\Tiny Hexer.lnk

2013-12-26 00:35 - 2013-12-26 00:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\mirkes.de

2013-12-26 00:35 - 2013-12-26 00:35 - 00000000 ____D C:\Program Files\mirkes.de

2013-12-26 00:09 - 2013-12-26 00:09 - 00007655 _____ C:\Users\Admin\AppData\Local\Resmon.ResmonCfg

2013-12-22 20:57 - 2013-12-22 21:01 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Android

2013-12-19 16:59 - 2014-01-09 17:02 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-12-16 19:07 - 2014-01-06 19:10 - 00001220 _____ C:\Users\Admin\Downloads\Xposed-Disabler-Recovery.zip

2013-12-15 18:32 - 2013-12-15 18:33 - 52386816 _____ C:\Users\Admin\Downloads\modem.bin

2013-12-14 14:42 - 2013-12-16 12:59 - 00000000 ____D C:\Users\Admin\Downloads\wallpaper

2013-12-13 20:21 - 2013-12-13 20:21 - 00966872 _____ C:\Users\Admin\Downloads\DE-SAMSUNGNIZER_SCRIPT_V4.1.zip

2013-12-12 21:18 - 2013-12-14 15:18 - 00012755 _____ C:\Users\Admin\Downloads\lens_flare_lock.ogg

2013-12-12 21:18 - 2013-09-02 08:43 - 00013878 _____ C:\Users\Admin\Downloads\lens_flare_lock1.ogg

2013-12-12 20:44 - 2013-12-12 20:44 - 00000000 ____D C:\ProgramData\Qualcomm

2013-12-12 16:29 - 2013-12-12 16:34 - 15365072 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\Admin\Downloads\USB_Drivers_1.5.27.0.exe

2013-12-11 22:50 - 2013-12-11 22:50 - 01160801 _____ C:\Users\Admin\Downloads\UPDATE-SuperSU-v1.80.zip

2013-12-11 22:47 - 2013-12-11 22:47 - 00464072 _____ C:\Users\Admin\Downloads\Odin3.07.zip

2013-12-11 20:39 - 2013-12-11 20:39 - 00000000 ____D C:\Program Files\Qualcomm

2013-12-11 20:37 - 2014-01-09 20:52 - 00000000 ____D C:\Users\Admin\Downloads\efs.back

2013-12-11 13:22 - 2014-01-09 22:45 - 00000000 ____D C:\Users\Admin\Downloads\cfautoroot

2013-12-11 12:57 - 2013-12-11 13:26 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-12-11 06:55 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2013-12-11 06:55 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2013-12-11 06:52 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-12-11 06:52 - 2013-10-25 05:45 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-12-11 06:52 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-12-11 06:52 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-12-11 06:52 - 2013-10-25 05:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-12-11 06:52 - 2013-10-25 04:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-12-11 06:52 - 2013-10-25 03:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-12-11 06:43 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2013-12-11 06:43 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-12-11 06:43 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll

2013-12-11 06:43 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-12-11 06:43 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

2013-12-11 06:43 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2013-12-11 06:43 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2013-12-11 06:43 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe

2013-12-11 06:43 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2013-12-11 06:43 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2013-12-11 06:43 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
 

==================== One Month Modified Files and Folders =======
 

2014-01-10 19:50 - 2014-01-10 19:50 - 00013574 _____ C:\Users\Admin\Desktop\FRST.txt

2014-01-10 19:50 - 2014-01-10 19:50 - 00000000 ____D C:\Users\Admin\Desktop\FRST-OlderVersion

2014-01-10 19:50 - 2014-01-08 19:00 - 00000000 ____D C:\FRST

2014-01-10 19:50 - 2014-01-08 18:59 - 01066141 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe

2014-01-10 19:06 - 2011-06-30 11:34 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-10 16:06 - 2011-06-30 11:34 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-10 15:45 - 2014-01-10 15:45 - 00000000 ____D C:\Program Files\ESET

2014-01-10 15:43 - 2014-01-10 15:43 - 00987410 _____ C:\Users\Admin\Desktop\SecurityCheck.exe

2014-01-10 15:42 - 2014-01-10 15:42 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe

2014-01-10 14:24 - 2014-01-09 17:44 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Duicef

2014-01-10 08:52 - 2009-07-14 05:34 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-10 08:52 - 2009-07-14 05:34 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-10 08:48 - 2011-06-16 18:01 - 01213888 _____ C:\Windows\WindowsUpdate.log

2014-01-10 08:44 - 2014-01-02 17:20 - 00009511 _____ C:\Windows\setupact.log

2014-01-10 08:44 - 2011-06-16 13:45 - 00000000 ____D C:\ProgramData\NVIDIA

2014-01-10 08:44 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-10 00:24 - 2011-07-02 10:32 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps

2014-01-10 00:23 - 2011-11-26 23:29 - 00000132 _____ C:\Users\Admin\AppData\default.pls

2014-01-09 23:15 - 2014-01-09 23:15 - 01440776 _____ C:\Users\Admin\Downloads\Root_SuperSU.0.98-Busybox.1.20.2-signed.zip

2014-01-09 22:47 - 2011-06-28 08:51 - 00458752 ___SH C:\Users\Admin\Documents\Thumbs.db

2014-01-09 22:45 - 2013-12-11 13:22 - 00000000 ____D C:\Users\Admin\Downloads\cfautoroot

2014-01-09 20:52 - 2013-12-11 20:37 - 00000000 ____D C:\Users\Admin\Downloads\efs.back

2014-01-09 20:52 - 2012-10-05 07:30 - 00000000 ____D C:\Users\Admin\Downloads\BatteryIconCreator

2014-01-09 20:47 - 2014-01-09 20:47 - 00626836 _____ C:\Users\Admin\Downloads\Param_Bin_I9305.zip

2014-01-09 20:46 - 2014-01-09 20:46 - 00468077 _____ C:\Users\Admin\Downloads\Odin3 3.04.zip

2014-01-09 18:19 - 2014-01-09 18:19 - 08007743 _____ C:\Users\Admin\Downloads\philz_touch_6.07.9-i9305.tar (1).md5

2014-01-09 17:44 - 2014-01-09 17:44 - 00000000 ____D C:\Windows\Sun

2014-01-09 17:44 - 2014-01-09 17:44 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Evutp

2014-01-09 17:07 - 2014-01-09 17:07 - 00000000 ____D C:\Windows\ERUNT

2014-01-09 17:02 - 2014-01-09 17:01 - 00000000 ____D C:\AdwCleaner

2014-01-09 17:02 - 2013-12-19 16:59 - 00000000 ____D C:\Program Files\Mozilla Firefox

2014-01-09 17:00 - 2014-01-09 17:00 - 01233962 _____ C:\Users\Admin\Desktop\adwcleaner.exe

2014-01-09 16:50 - 2014-01-09 16:50 - 01037068 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe

2014-01-09 06:45 - 2014-01-08 18:47 - 00000858 _____ C:\Windows\PFRO.log

2014-01-08 23:32 - 2014-01-08 23:32 - 09290061 _____ C:\Users\Admin\Downloads\v1-TW-Edition-ausdim-Kernel-GT-I9505--20140104132045-CWM.zip

2014-01-08 23:08 - 2014-01-08 23:08 - 00100094 _____ C:\ComboFix.txt

2014-01-08 23:08 - 2012-06-30 15:44 - 00000000 ____D C:\Qoobox

2014-01-08 23:07 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini

2014-01-08 22:54 - 2014-01-08 22:54 - 05162489 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe

2014-01-08 20:28 - 2011-06-16 12:29 - 00000000 ____D C:\Intel

2014-01-08 19:06 - 2014-01-08 19:06 - 00377856 _____ C:\Users\Admin\Desktop\5xcq4ty4.exe

2014-01-08 18:57 - 2014-01-08 18:57 - 00000000 _____ C:\Users\Admin\defogger_reenable

2014-01-08 18:57 - 2011-06-16 12:04 - 00000000 ____D C:\Users\Admin

2014-01-08 18:35 - 2014-01-08 18:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes

2014-01-08 18:34 - 2014-01-08 18:34 - 00001070 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2014-01-08 18:31 - 2014-01-08 18:31 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Admin\Desktop\mbam-setup-1.75.0.1300.exe

2014-01-08 18:23 - 2014-01-08 18:23 - 04745728 _____ (AVAST Software) C:\Users\Admin\Desktop\aswMBR.exe

2014-01-08 18:23 - 2014-01-08 18:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Desktop\tdsskiller.exe

2014-01-08 18:22 - 2014-01-08 18:22 - 00688992 _____ (Swearware) C:\Users\Admin\Desktop\dds.exe

2014-01-08 18:22 - 2014-01-08 18:22 - 00050477 _____ C:\Users\Admin\Desktop\Defogger.exe

2014-01-08 17:26 - 2014-01-08 17:26 - 00000000 ____D C:\Program Files\EPSViewer

2014-01-08 17:24 - 2014-01-08 17:23 - 07097337 _____ C:\Users\Admin\Downloads\Typenschild.eps

2014-01-07 21:15 - 2014-01-07 21:15 - 08886413 _____ C:\Users\Admin\Downloads\philz_touch_6.08.9-jfltexx.zip

2014-01-06 19:10 - 2013-12-16 19:07 - 00001220 _____ C:\Users\Admin\Downloads\Xposed-Disabler-Recovery.zip

2014-01-06 16:35 - 2014-01-06 00:37 - 579811384 _____ C:\Users\Admin\Downloads\Echoe_Rom_V12_ULTRA_SLIM_by_adl_&_Spevil.zip

2014-01-05 22:33 - 2014-01-05 22:33 - 31776279 _____ C:\Users\Admin\Downloads\BatteryIconCreator_V32.0.zip

2014-01-05 21:22 - 2014-01-05 12:16 - 34695113 _____ C:\Users\Admin\Downloads\oggupdate.zip

2014-01-05 18:01 - 2011-06-16 13:18 - 00010240 _____ C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-01-05 17:59 - 2011-06-16 12:08 - 01658180 _____ C:\Windows\system32\PerfStringBackup.INI

2014-01-05 16:25 - 2014-01-05 16:25 - 00135136 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-03 00:22 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache

2014-01-02 23:37 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF

2014-01-02 22:53 - 2011-06-16 18:58 - 00000000 ____D C:\Windows\Panther

2014-01-02 22:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE

2014-01-02 22:35 - 2014-01-02 22:34 - 00001385 _____ C:\Windows\IE10_main.log

2014-01-02 19:06 - 2014-01-02 19:04 - 25381969 _____ C:\Users\Admin\Downloads\Hot Fudge Theme by HS™ V1.0.zip

2014-01-02 17:20 - 2014-01-02 17:20 - 03871784 _____ C:\Windows\system32\FNTCACHE.DAT

2014-01-02 17:20 - 2014-01-02 17:20 - 00000000 _____ C:\Windows\setuperr.log

2014-01-02 15:43 - 2012-10-01 04:59 - 00000000 ____D C:\Windows\Minidump

2014-01-02 06:45 - 2014-01-02 06:45 - 00000000 ____D C:\Users\Admin\Documents\WEKA

2014-01-01 23:06 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public

2014-01-01 19:50 - 2011-09-03 09:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc

2014-01-01 07:05 - 2009-07-14 05:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2014-01-01 01:49 - 2013-10-22 00:09 - 00000000 ____D C:\Users\Admin\Desktop\van

2013-12-31 16:40 - 2013-12-31 16:42 - 09310082 _____ C:\Users\Admin\Downloads\OGBatteryMod.apk

2013-12-31 16:35 - 2013-12-31 16:37 - 02435595 ____N C:\Users\Admin\Downloads\v12-Stock_SystemUI_OGBatteryMod_ML6.zip

2013-12-31 06:35 - 2012-11-22 08:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-12-30 23:33 - 2012-04-30 06:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-12-30 23:33 - 2011-10-13 07:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-12-30 23:33 - 2011-06-16 12:55 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe

2013-12-29 15:05 - 2013-12-29 15:04 - 00000000 ____D C:\Users\Admin\Downloads\prime 95

2013-12-28 14:42 - 2013-12-28 14:39 - 05348016 _____ C:\Users\Admin\Downloads\VP700M1N2N_18827ad160da44c59eefefb4ce72cc0d.zip

2013-12-26 01:17 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\MSBuild

2013-12-26 00:35 - 2013-12-26 00:35 - 00001978 _____ C:\Users\Admin\Desktop\Tiny Hexer.lnk

2013-12-26 00:35 - 2013-12-26 00:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\mirkes.de

2013-12-26 00:35 - 2013-12-26 00:35 - 00000000 ____D C:\Program Files\mirkes.de

2013-12-26 00:09 - 2013-12-26 00:09 - 00007655 _____ C:\Users\Admin\AppData\Local\Resmon.ResmonCfg

2013-12-24 17:56 - 2013-10-30 09:06 - 00000000 ____D C:\Users\UpdatusUser.MONSTERDIDI

2013-12-24 17:56 - 2012-04-28 07:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-12-22 21:01 - 2013-12-22 20:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Android

2013-12-19 22:14 - 2013-12-31 15:29 - 11739433 _____ C:\Users\Admin\Downloads\SPlanner.apk

2013-12-16 18:08 - 2011-06-16 13:16 - 00000000 ____D C:\Program Files\Google

2013-12-16 13:00 - 2012-06-20 05:38 - 00000000 ____D C:\Users\Admin\Downloads\babe

2013-12-16 12:59 - 2013-12-14 14:42 - 00000000 ____D C:\Users\Admin\Downloads\wallpaper

2013-12-15 18:33 - 2013-12-15 18:32 - 52386816 _____ C:\Users\Admin\Downloads\modem.bin

2013-12-14 15:18 - 2013-12-12 21:18 - 00012755 _____ C:\Users\Admin\Downloads\lens_flare_lock.ogg

2013-12-13 20:21 - 2013-12-13 20:21 - 00966872 _____ C:\Users\Admin\Downloads\DE-SAMSUNGNIZER_SCRIPT_V4.1.zip

2013-12-12 20:44 - 2013-12-12 20:44 - 00000000 ____D C:\ProgramData\Qualcomm

2013-12-12 16:34 - 2013-12-12 16:29 - 15365072 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\Admin\Downloads\USB_Drivers_1.5.27.0.exe

2013-12-12 01:00 - 2011-06-16 13:16 - 00000000 ____D C:\Users\Admin\AppData\Local\Google

2013-12-11 22:50 - 2013-12-11 22:50 - 01160801 _____ C:\Users\Admin\Downloads\UPDATE-SuperSU-v1.80.zip

2013-12-11 22:47 - 2013-12-11 22:47 - 00464072 _____ C:\Users\Admin\Downloads\Odin3.07.zip

2013-12-11 20:39 - 2013-12-11 20:39 - 00000000 ____D C:\Program Files\Qualcomm

2013-12-11 13:26 - 2013-12-11 12:57 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-12-11 09:37 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-12-11 08:49 - 2011-06-17 13:09 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-12-11 06:55 - 2013-07-29 15:42 - 00000000 ____D C:\Windows\system32\MRT

2013-12-11 06:55 - 2011-06-16 13:39 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 

Some content of TEMP:

====================

C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-01-09 10:06
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Vieln Dank und Gruß
Dieter

Java, Adobe und FF habe ich aktualisiert...

Windows brauch ebenso Updates. Bekommste immer noch Post`?

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

C:\Users\Admin\AppData\Roaming\Evutp

HKCU\...\Run: [kywia.exe] - C:\Users\Admin\AppData\Roaming\Evutp\kywia.exe [372736 2013-03-23] ()

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig :)

Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Hi,
ob ich noch Post bekomm werde ich ja jetzt sehen...Kann denn das, was wir jetzt gefunden haben für dieses Verschicken von Mails verantwortlich sein?

Ich abe alles aufgeräumt und deinstalliert. Malware lass ich mal drauf.
Abschließend noch die Log von FRST.
Ich denke du kannst das Abo löschen.

Vielen Dank für Deine Hilfe:daumenhoc

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-01-2014

Ran by Admin (administrator) on MONSTERDIDI on 11-01-2014 15:46:59

Running from C:\Users\Admin\Desktop

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

() C:\Program Files\ASUS\AXSP\1.00.13\atkexComSvc.exe

() C:\Program Files\ASUS\AAHM\1.00.13\aaHMSvc.exe

() C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

(Teruten) C:\Windows\System32\FsUsbExService.Exe

(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\AsRoutineController.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\EPU\EPUHelp.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(SHI Elektronische Medien GmbH) C:\Program Files\WEKA\Kommentierte Betriebsvereinbarungen\SHIWebOnDisk.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\AI Suite II.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)

HKLM\...\Run: [SHIWebOnDiskManager] - C:\Program Files\SHIWebOnDiskManager\SHIWebOnDiskManager.exe [233472 2011-09-23] (SHI Elektronische Medien GmbH)

HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jaureg.exe [232328 2012-01-17] (Sun Microsystems, Inc.)

HKCU\...\Run: [kywia.exe] - C:\Users\Admin\AppData\Roaming\Evutp\kywia.exe [372736 2013-03-23] ()

HKCU\...\Policies\Explorer: [NoCDBurning] 0
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {426ED343-66B1-4eb2-BD46-51F2AB7D269B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB

SearchScopes: HKCU - {292B7515-673D-41ef-A07A-854E5F903682} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}

SearchScopes: HKCU - {426ED343-66B1-4eb2-BD46-51F2AB7D269B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear

BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\IPS\ipsbho.dll (Symantec Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File

Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab

DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default

FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onuftrsm.default\user.js

FF NewTab: about:blank

FF SearchEngineOrder.3: Bing 

FF Homepage: google.de

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video

FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video

FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\IPSFF
 

========================== Services (Whitelisted) =================
 

R2 asComSvc; C:\Program Files\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()

R2 asHmComSvc; C:\Program Files\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()

R2 AsSysCtrlService; C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()

R2 NAV; C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14650144 2013-10-18] (NVIDIA Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-08-24] ()

R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [98280 2011-01-27] (ASMedia Technology Inc)

R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [304616 2011-01-27] (ASMedia Technology Inc)

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\BASHDefs\20131218.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)

R1 ccSet_NAV; C:\Windows\system32\drivers\NAV\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)

R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-07-18] ()

R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\IPSDefs\20140110.001\IDSvix86.sys [394456 2013-12-13] (Symantec Corporation)

R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\VirusDefs\20140110.017\NAVENG.SYS [93272 2014-01-03] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\VirusDefs\20140110.017\NAVEX15.SYS [1612376 2014-01-03] (Symantec Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [33568 2013-09-28] (NVIDIA Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\NAV\1404000.028\SRTSP.SYS [603224 2013-05-15] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NAV\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)

S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [182680 2013-10-28] (DEVGURU Co., LTD.(www.devguru.co.kr))

S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2007-10-25] ()

R0 SymDS; C:\Windows\System32\drivers\NAV\1404000.028\SYMDS.SYS [367704 2013-05-20] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NAV\1404000.028\SYMEFA.SYS [934488 2013-05-22] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-23] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NAV\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NAV\1404000.028\SYMNETS.SYS [339544 2013-04-24] (Symantec Corporation)

S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [x]

S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-11 15:46 - 2014-01-11 15:47 - 00013650 _____ C:\Users\Admin\Desktop\FRST.txt

2014-01-11 15:46 - 2014-01-11 15:46 - 00000000 ____D C:\FRST

2014-01-11 15:43 - 2014-01-11 15:43 - 00001349 _____ C:\DelFix.txt

2014-01-11 15:34 - 2014-01-11 15:34 - 00000614 _____ C:\Users\Admin\Desktop\Fixlist.lnk

2014-01-11 15:34 - 2014-01-11 15:34 - 00000146 _____ C:\Users\Admin\Downloads\Fixlist.txt

2014-01-11 00:12 - 2014-01-11 00:13 - 00000000 ____D C:\Program Files\Mozilla Firefox

2014-01-11 00:11 - 2014-01-11 00:11 - 00001988 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk

2014-01-11 00:08 - 2014-01-11 00:07 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-01-11 00:07 - 2014-01-11 00:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-01-11 00:07 - 2014-01-11 00:07 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-01-11 00:07 - 2014-01-11 00:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-01-10 19:50 - 2014-01-11 15:46 - 00000000 ____D C:\Users\Admin\Desktop\FRST-OlderVersion

2014-01-09 23:15 - 2014-01-09 23:15 - 01440776 _____ C:\Users\Admin\Downloads\Root_SuperSU.0.98-Busybox.1.20.2-signed.zip

2014-01-09 20:47 - 2014-01-09 20:47 - 00626836 _____ C:\Users\Admin\Downloads\Param_Bin_I9305.zip

2014-01-09 20:46 - 2014-01-09 20:46 - 00468077 _____ C:\Users\Admin\Downloads\Odin3 3.04.zip

2014-01-09 18:19 - 2014-01-09 18:19 - 08007743 _____ C:\Users\Admin\Downloads\philz_touch_6.07.9-i9305.tar (1).md5

2014-01-09 17:44 - 2014-01-11 15:05 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Duicef

2014-01-09 17:44 - 2014-01-09 17:44 - 00000000 ____D C:\Windows\Sun

2014-01-09 17:44 - 2014-01-09 17:44 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Evutp

2014-01-09 17:07 - 2014-01-11 15:43 - 00000000 ____D C:\Windows\ERUNT

2014-01-08 23:32 - 2014-01-08 23:32 - 09290061 _____ C:\Users\Admin\Downloads\v1-TW-Edition-ausdim-Kernel-GT-I9505--20140104132045-CWM.zip

2014-01-08 18:59 - 2014-01-10 19:50 - 01066141 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe

2014-01-08 18:47 - 2014-01-11 00:05 - 00001640 _____ C:\Windows\PFRO.log

2014-01-08 18:35 - 2014-01-08 18:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes

2014-01-08 18:34 - 2014-01-08 18:34 - 00001070 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2014-01-08 18:34 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-01-08 17:26 - 2014-01-08 17:26 - 00000000 ____D C:\Program Files\EPSViewer

2014-01-08 17:23 - 2014-01-08 17:24 - 07097337 _____ C:\Users\Admin\Downloads\Typenschild.eps

2014-01-07 21:15 - 2014-01-07 21:15 - 08886413 _____ C:\Users\Admin\Downloads\philz_touch_6.08.9-jfltexx.zip

2014-01-06 00:37 - 2014-01-06 16:35 - 579811384 _____ C:\Users\Admin\Downloads\Echoe_Rom_V12_ULTRA_SLIM_by_adl_&_Spevil.zip

2014-01-05 22:33 - 2014-01-05 22:33 - 31776279 _____ C:\Users\Admin\Downloads\BatteryIconCreator_V32.0.zip

2014-01-05 16:25 - 2014-01-05 16:25 - 00135136 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-05 12:16 - 2014-01-05 21:22 - 34695113 _____ C:\Users\Admin\Downloads\oggupdate.zip

2014-01-02 22:34 - 2014-01-02 22:35 - 00001385 _____ C:\Windows\IE10_main.log

2014-01-02 19:04 - 2014-01-02 19:06 - 25381969 _____ C:\Users\Admin\Downloads\Hot Fudge Theme by HS™ V1.0.zip

2014-01-02 17:20 - 2014-01-11 08:48 - 00009847 _____ C:\Windows\setupact.log

2014-01-02 17:20 - 2014-01-02 17:20 - 03871784 _____ C:\Windows\system32\FNTCACHE.DAT

2014-01-02 17:20 - 2014-01-02 17:20 - 00000000 _____ C:\Windows\setuperr.log

2014-01-02 06:45 - 2014-01-02 06:45 - 00000000 ____D C:\Users\Admin\Documents\WEKA

2013-12-31 16:42 - 2013-12-31 16:40 - 09310082 _____ C:\Users\Admin\Downloads\OGBatteryMod.apk

2013-12-31 16:37 - 2013-12-31 16:35 - 02435595 ____N C:\Users\Admin\Downloads\v12-Stock_SystemUI_OGBatteryMod_ML6.zip

2013-12-31 15:29 - 2013-12-19 22:14 - 11739433 _____ C:\Users\Admin\Downloads\SPlanner.apk

2013-12-29 15:04 - 2013-12-29 15:05 - 00000000 ____D C:\Users\Admin\Downloads\prime 95

2013-12-28 14:39 - 2013-12-28 14:42 - 05348016 _____ C:\Users\Admin\Downloads\VP700M1N2N_18827ad160da44c59eefefb4ce72cc0d.zip

2013-12-26 00:35 - 2013-12-26 00:35 - 00001978 _____ C:\Users\Admin\Desktop\Tiny Hexer.lnk

2013-12-26 00:35 - 2013-12-26 00:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\mirkes.de

2013-12-26 00:35 - 2013-12-26 00:35 - 00000000 ____D C:\Program Files\mirkes.de

2013-12-26 00:09 - 2013-12-26 00:09 - 00007655 _____ C:\Users\Admin\AppData\Local\Resmon.ResmonCfg

2013-12-22 20:57 - 2013-12-22 21:01 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Android

2013-12-16 19:07 - 2014-01-06 19:10 - 00001220 _____ C:\Users\Admin\Downloads\Xposed-Disabler-Recovery.zip

2013-12-15 18:32 - 2013-12-15 18:33 - 52386816 _____ C:\Users\Admin\Downloads\modem.bin

2013-12-14 14:42 - 2013-12-16 12:59 - 00000000 ____D C:\Users\Admin\Downloads\wallpaper

2013-12-13 20:21 - 2013-12-13 20:21 - 00966872 _____ C:\Users\Admin\Downloads\DE-SAMSUNGNIZER_SCRIPT_V4.1.zip

2013-12-12 21:18 - 2013-12-14 15:18 - 00012755 _____ C:\Users\Admin\Downloads\lens_flare_lock.ogg

2013-12-12 21:18 - 2013-09-02 08:43 - 00013878 _____ C:\Users\Admin\Downloads\lens_flare_lock1.ogg

2013-12-12 20:44 - 2013-12-12 20:44 - 00000000 ____D C:\ProgramData\Qualcomm

2013-12-12 16:29 - 2013-12-12 16:34 - 15365072 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\Admin\Downloads\USB_Drivers_1.5.27.0.exe
 

==================== One Month Modified Files and Folders =======
 

2014-01-11 15:47 - 2014-01-11 15:46 - 00013650 _____ C:\Users\Admin\Desktop\FRST.txt

2014-01-11 15:46 - 2014-01-11 15:46 - 00000000 ____D C:\FRST

2014-01-11 15:46 - 2014-01-10 19:50 - 00000000 ____D C:\Users\Admin\Desktop\FRST-OlderVersion

2014-01-11 15:43 - 2014-01-11 15:43 - 00001349 _____ C:\DelFix.txt

2014-01-11 15:43 - 2014-01-09 17:07 - 00000000 ____D C:\Windows\ERUNT

2014-01-11 15:41 - 2012-06-30 15:44 - 00000000 ____D C:\Windows\erdnt

2014-01-11 15:39 - 2011-06-16 12:04 - 00000000 ____D C:\Users\Admin

2014-01-11 15:34 - 2014-01-11 15:34 - 00000614 _____ C:\Users\Admin\Desktop\Fixlist.lnk

2014-01-11 15:34 - 2014-01-11 15:34 - 00000146 _____ C:\Users\Admin\Downloads\Fixlist.txt

2014-01-11 15:06 - 2011-06-30 11:34 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-11 15:05 - 2014-01-09 17:44 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Duicef

2014-01-11 08:56 - 2009-07-14 05:34 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-11 08:56 - 2009-07-14 05:34 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-11 08:52 - 2011-06-16 18:01 - 01240296 _____ C:\Windows\WindowsUpdate.log

2014-01-11 08:48 - 2014-01-02 17:20 - 00009847 _____ C:\Windows\setupact.log

2014-01-11 08:48 - 2012-04-28 07:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2014-01-11 08:48 - 2011-06-30 11:34 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-11 08:48 - 2011-06-16 13:45 - 00000000 ____D C:\ProgramData\NVIDIA

2014-01-11 08:48 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-11 00:13 - 2014-01-11 00:12 - 00000000 ____D C:\Program Files\Mozilla Firefox

2014-01-11 00:11 - 2014-01-11 00:11 - 00001988 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk

2014-01-11 00:11 - 2011-06-16 12:07 - 00000000 ____D C:\ProgramData\Adobe

2014-01-11 00:07 - 2014-01-11 00:08 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-01-11 00:07 - 2014-01-11 00:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-01-11 00:07 - 2014-01-11 00:07 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-01-11 00:07 - 2014-01-11 00:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-01-11 00:07 - 2012-04-08 07:15 - 00000000 ____D C:\Program Files\Java

2014-01-11 00:05 - 2014-01-08 18:47 - 00001640 _____ C:\Windows\PFRO.log

2014-01-10 22:07 - 2011-07-02 10:32 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps

2014-01-10 19:50 - 2014-01-08 18:59 - 01066141 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe

2014-01-10 00:23 - 2011-11-26 23:29 - 00000132 _____ C:\Users\Admin\AppData\default.pls

2014-01-09 23:15 - 2014-01-09 23:15 - 01440776 _____ C:\Users\Admin\Downloads\Root_SuperSU.0.98-Busybox.1.20.2-signed.zip

2014-01-09 22:47 - 2011-06-28 08:51 - 00458752 ___SH C:\Users\Admin\Documents\Thumbs.db

2014-01-09 22:45 - 2013-12-11 13:22 - 00000000 ____D C:\Users\Admin\Downloads\cfautoroot

2014-01-09 20:52 - 2013-12-11 20:37 - 00000000 ____D C:\Users\Admin\Downloads\efs.back

2014-01-09 20:52 - 2012-10-05 07:30 - 00000000 ____D C:\Users\Admin\Downloads\BatteryIconCreator

2014-01-09 20:47 - 2014-01-09 20:47 - 00626836 _____ C:\Users\Admin\Downloads\Param_Bin_I9305.zip

2014-01-09 20:46 - 2014-01-09 20:46 - 00468077 _____ C:\Users\Admin\Downloads\Odin3 3.04.zip

2014-01-09 18:19 - 2014-01-09 18:19 - 08007743 _____ C:\Users\Admin\Downloads\philz_touch_6.07.9-i9305.tar (1).md5

2014-01-09 17:44 - 2014-01-09 17:44 - 00000000 ____D C:\Windows\Sun

2014-01-09 17:44 - 2014-01-09 17:44 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Evutp

2014-01-08 23:32 - 2014-01-08 23:32 - 09290061 _____ C:\Users\Admin\Downloads\v1-TW-Edition-ausdim-Kernel-GT-I9505--20140104132045-CWM.zip

2014-01-08 23:07 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini

2014-01-08 20:28 - 2011-06-16 12:29 - 00000000 ____D C:\Intel

2014-01-08 18:35 - 2014-01-08 18:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes

2014-01-08 18:34 - 2014-01-08 18:34 - 00001070 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2014-01-08 17:26 - 2014-01-08 17:26 - 00000000 ____D C:\Program Files\EPSViewer

2014-01-08 17:24 - 2014-01-08 17:23 - 07097337 _____ C:\Users\Admin\Downloads\Typenschild.eps

2014-01-07 21:15 - 2014-01-07 21:15 - 08886413 _____ C:\Users\Admin\Downloads\philz_touch_6.08.9-jfltexx.zip

2014-01-06 19:10 - 2013-12-16 19:07 - 00001220 _____ C:\Users\Admin\Downloads\Xposed-Disabler-Recovery.zip

2014-01-06 16:35 - 2014-01-06 00:37 - 579811384 _____ C:\Users\Admin\Downloads\Echoe_Rom_V12_ULTRA_SLIM_by_adl_&_Spevil.zip

2014-01-05 22:33 - 2014-01-05 22:33 - 31776279 _____ C:\Users\Admin\Downloads\BatteryIconCreator_V32.0.zip

2014-01-05 21:22 - 2014-01-05 12:16 - 34695113 _____ C:\Users\Admin\Downloads\oggupdate.zip

2014-01-05 18:01 - 2011-06-16 13:18 - 00010240 _____ C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-01-05 17:59 - 2011-06-16 12:08 - 01658180 _____ C:\Windows\system32\PerfStringBackup.INI

2014-01-05 16:25 - 2014-01-05 16:25 - 00135136 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-03 00:22 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache

2014-01-02 23:37 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF

2014-01-02 22:53 - 2011-06-16 18:58 - 00000000 ____D C:\Windows\Panther

2014-01-02 22:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE

2014-01-02 22:35 - 2014-01-02 22:34 - 00001385 _____ C:\Windows\IE10_main.log

2014-01-02 19:06 - 2014-01-02 19:04 - 25381969 _____ C:\Users\Admin\Downloads\Hot Fudge Theme by HS™ V1.0.zip

2014-01-02 17:20 - 2014-01-02 17:20 - 03871784 _____ C:\Windows\system32\FNTCACHE.DAT

2014-01-02 17:20 - 2014-01-02 17:20 - 00000000 _____ C:\Windows\setuperr.log

2014-01-02 15:43 - 2012-10-01 04:59 - 00000000 ____D C:\Windows\Minidump

2014-01-02 06:45 - 2014-01-02 06:45 - 00000000 ____D C:\Users\Admin\Documents\WEKA

2014-01-01 23:06 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public

2014-01-01 19:50 - 2011-09-03 09:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc

2014-01-01 07:05 - 2009-07-14 05:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2014-01-01 01:49 - 2013-10-22 00:09 - 00000000 ____D C:\Users\Admin\Desktop\van

2013-12-31 16:40 - 2013-12-31 16:42 - 09310082 _____ C:\Users\Admin\Downloads\OGBatteryMod.apk

2013-12-31 16:35 - 2013-12-31 16:37 - 02435595 ____N C:\Users\Admin\Downloads\v12-Stock_SystemUI_OGBatteryMod_ML6.zip

2013-12-31 06:35 - 2012-11-22 08:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-12-30 23:33 - 2012-04-30 06:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-12-30 23:33 - 2011-10-13 07:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-12-30 23:33 - 2011-06-16 12:55 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe

2013-12-29 15:05 - 2013-12-29 15:04 - 00000000 ____D C:\Users\Admin\Downloads\prime 95

2013-12-28 14:42 - 2013-12-28 14:39 - 05348016 _____ C:\Users\Admin\Downloads\VP700M1N2N_18827ad160da44c59eefefb4ce72cc0d.zip

2013-12-26 01:17 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\MSBuild

2013-12-26 00:35 - 2013-12-26 00:35 - 00001978 _____ C:\Users\Admin\Desktop\Tiny Hexer.lnk

2013-12-26 00:35 - 2013-12-26 00:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\mirkes.de

2013-12-26 00:35 - 2013-12-26 00:35 - 00000000 ____D C:\Program Files\mirkes.de

2013-12-26 00:09 - 2013-12-26 00:09 - 00007655 _____ C:\Users\Admin\AppData\Local\Resmon.ResmonCfg

2013-12-24 17:56 - 2013-10-30 09:06 - 00000000 ____D C:\Users\UpdatusUser.MONSTERDIDI

2013-12-22 21:01 - 2013-12-22 20:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Android

2013-12-19 22:14 - 2013-12-31 15:29 - 11739433 _____ C:\Users\Admin\Downloads\SPlanner.apk

2013-12-16 18:08 - 2011-06-16 13:16 - 00000000 ____D C:\Program Files\Google

2013-12-16 13:00 - 2012-06-20 05:38 - 00000000 ____D C:\Users\Admin\Downloads\babe

2013-12-16 12:59 - 2013-12-14 14:42 - 00000000 ____D C:\Users\Admin\Downloads\wallpaper

2013-12-15 18:33 - 2013-12-15 18:32 - 52386816 _____ C:\Users\Admin\Downloads\modem.bin

2013-12-14 15:18 - 2013-12-12 21:18 - 00012755 _____ C:\Users\Admin\Downloads\lens_flare_lock.ogg

2013-12-13 20:21 - 2013-12-13 20:21 - 00966872 _____ C:\Users\Admin\Downloads\DE-SAMSUNGNIZER_SCRIPT_V4.1.zip

2013-12-12 20:44 - 2013-12-12 20:44 - 00000000 ____D C:\ProgramData\Qualcomm

2013-12-12 16:34 - 2013-12-12 16:29 - 15365072 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\Admin\Downloads\USB_Drivers_1.5.27.0.exe

2013-12-12 01:00 - 2011-06-16 13:16 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
 

Some content of TEMP:

====================

C:\Users\Admin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-01-09 10:06
 

==================== End Of Log ============================

--- --- ---

Meist werden die Accounts einfach online gehackt, aber es war schon Malware drauf :). Auf jeden Fall Passwort ändern.

Tach,
ich muss nochmal nachhaken.
Ich werde die Datei "kywia.exe" nicht los. Es ist ein Eintrag im Autostart und einer in der Reg.

Was ist das überhaupt? Ich finde im Netz keine Infos darüber.

Außerdem machte mein Norton vorgestern Theater

Code:

Kategorie: E-Mail-Fehler

Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion

30.01.2014 13:59:12,Hoch,"Ihre E-Mail konnte nicht gesendet werden, weil die Verbindung zu Ihrem Mail-Server unterbrochen wurde. Öffnen Sie Ihren E-Mail-Client, und senden Sie die Nachricht aus dem Ordner Gesendete Nachrichten erneut.",Fehler,Keine Aktion erforderlich

Gruss Dieter

Hier nochmal ein FRST
Die Mails die a verschickt werden sollten sind MIT SICHERHEIT keine von mir. Bei den Adressen...
Die will ich jetzt hier nicht posten.

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2014 03

Ran by Admin (administrator) on MONSTERDIDI on 01-02-2014 14:13:57

Running from C:\Users\Admin\Desktop

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) ===================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

() C:\Program Files\ASUS\AXSP\1.00.13\atkexComSvc.exe

() C:\Program Files\ASUS\AAHM\1.00.13\aaHMSvc.exe

() C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

(Teruten) C:\Windows\System32\FsUsbExService.Exe

(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Secunia) C:\Program Files\Secunia\PSI\sua.exe

(Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\AsRoutineController.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(SHI Elektronische Medien GmbH) C:\Program Files\WEKA\Kommentierte Betriebsvereinbarungen\SHIWebOnDisk.exe

(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\EPU\EPUHelp.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\AI Suite II.exe

(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)

HKLM\...\Run: [SHIWebOnDiskManager] - C:\Program Files\SHIWebOnDiskManager\SHIWebOnDiskManager.exe [233472 2011-09-23] (SHI Elektronische Medien GmbH)

HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap.dll [982232 2013-12-10] (NVIDIA Corporation)

HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jaureg.exe [232328 2012-01-17] (Sun Microsystems, Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [NvBackend] - C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)

HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)

HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)

HKU\S-1-5-21-1507968218-3757338369-1811197512-1000\...\Policies\Explorer: [NoCDBurning] 0

AppInit_DLLs: Ô => File Not Found
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {426ED343-66B1-4eb2-BD46-51F2AB7D269B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB

SearchScopes: HKCU - {292B7515-673D-41ef-A07A-854E5F903682} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}

SearchScopes: HKCU - {426ED343-66B1-4eb2-BD46-51F2AB7D269B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear

BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File

Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab

DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2cv569w2.default

FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2cv569w2.default\user.js

FF NewTab: about:blank

FF SearchEngineOrder.3: Bing 

FF Homepage: google.de

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\cgpcfg.dll (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\CgpCore.dll (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\confmgr.dll ()

FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\ctxlogging.dll ()

FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\ctxmui.dll (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\icafile.dll (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\icalogon.dll (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\msvcm80.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\msvcp80.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\msvcr80.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npicaN.dll ()

FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\sslsdk_b.dll (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\TcpPServ.dll (Citrix Systems, Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: NoScript - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2cv569w2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-31]

FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2cv569w2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-31]

FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video

FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-06-16]

FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-06-16]

FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\IPSFF [2013-10-09]
 

========================== Services (Whitelisted) =================
 

R2 asComSvc; C:\Program Files\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()

R2 asHmComSvc; C:\Program Files\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()

R2 AsSysCtrlService; C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()

R2 NAV; C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)

R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation)

S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)

R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587912 2013-04-03] (Crawler.com)
 

==================== Drivers (Whitelisted) ====================
 

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-08-24] ()

R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [98280 2011-01-27] (ASMedia Technology Inc)

R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [304616 2011-01-27] (ASMedia Technology Inc)

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\BASHDefs\20140121.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)

R1 ccSet_NAV; C:\Windows\system32\drivers\NAV\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)

R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-07-18] ()

R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\IPSDefs\20140131.001\IDSvix86.sys [394456 2014-01-21] (Symantec Corporation)

R3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)

R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\VirusDefs\20140131.002\NAVENG.SYS [93272 2014-01-03] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\VirusDefs\20140131.002\NAVEX15.SYS [1612376 2014-01-03] (Symantec Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation)

S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)

R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] ()

R1 SRTSP; C:\Windows\System32\Drivers\NAV\1404000.028\SRTSP.SYS [603224 2013-05-15] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NAV\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)

S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [182680 2013-10-28] (DEVGURU Co., LTD.(www.devguru.co.kr))

S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2007-10-25] ()

R0 SymDS; C:\Windows\System32\drivers\NAV\1404000.028\SYMDS.SYS [367704 2013-05-20] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NAV\1404000.028\SYMEFA.SYS [934488 2013-05-22] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-23] (Symantec Corporation)

R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [36512 2013-03-04] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NAV\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NAV\1404000.028\SYMNETS.SYS [339544 2013-04-24] (Symantec Corporation)

S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [x]

S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-02-01 14:13 - 2014-02-01 14:13 - 00017567 _____ () C:\Users\Admin\Desktop\FRST.txt

2014-02-01 14:12 - 2014-02-01 14:12 - 01137152 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe

2014-02-01 12:43 - 2013-03-04 19:14 - 00036512 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys

2014-02-01 11:37 - 2014-02-01 12:05 - 00000000 ____D () C:\ProgramData\Spyware Terminator

2014-02-01 11:37 - 2014-02-01 11:37 - 00001011 _____ () C:\Users\Public\Desktop\Spyware Terminator 2012.lnk

2014-02-01 11:37 - 2014-02-01 11:37 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Spyware Terminator

2014-02-01 11:37 - 2014-02-01 11:37 - 00000000 ____D () C:\Program Files\Spyware Terminator

2014-02-01 11:37 - 2011-06-21 11:24 - 00032768 _____ () C:\Windows\system32\Drivers\sp_rsdrv2.sys

2014-01-31 18:51 - 2008-03-28 13:32 - 00039936 _____ (AVM GmbH) C:\Windows\system32\capi2032.dll

2014-01-31 16:05 - 2014-01-15 16:38 - 00000590 _____ () C:\Users\Admin\Documents\indexfile.txt

2014-01-31 15:50 - 2014-01-31 15:50 - 00001108 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-01-31 15:50 - 2014-01-31 15:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-01-25 20:15 - 2014-01-25 20:15 - 00000988 _____ () C:\Users\Public\Desktop\MozBackup.lnk

2014-01-25 20:15 - 2014-01-25 20:15 - 00000000 ____D () C:\Program Files\MozBackup

2014-01-22 17:06 - 2014-01-31 18:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\FRITZ!

2014-01-22 17:06 - 2014-01-31 18:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\FRITZ!

2014-01-22 17:03 - 2014-01-22 17:03 - 00000952 _____ () C:\Users\Public\Desktop\FRITZ!fax.lnk

2014-01-22 17:02 - 2014-01-22 17:05 - 00000000 ____D () C:\Program Files\FRITZ!

2014-01-22 17:02 - 2014-01-22 17:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\FRITZ!fax für FRITZ!Box

2014-01-22 17:02 - 2014-01-22 17:02 - 00000000 ____D () C:\ProgramData\ISDNWatch

2014-01-22 17:02 - 2007-09-07 10:04 - 00451888 _____ (Blue Sky Software Corporation.) C:\Windows\system32\HHActiveX.dll

2014-01-22 17:02 - 2007-09-07 09:59 - 00054576 _____ (AVM Berlin GmbH) C:\Windows\system32\FritzPort.dll

2014-01-22 17:02 - 2007-09-07 09:59 - 00054576 _____ (AVM Berlin GmbH) C:\Windows\system32\FritzColorPort.dll

2014-01-22 17:02 - 2007-09-07 09:59 - 00050480 _____ (AVM Berlin) C:\Windows\system32\AvmColorFaxRender.dll

2014-01-22 17:02 - 2007-09-07 09:59 - 00046384 _____ (AVM Berlin) C:\Windows\system32\AvmFaxRender.dll

2014-01-22 17:02 - 2007-09-07 09:59 - 00042288 _____ (AVM Berlin GmbH) C:\Windows\system32\Fridru32.dll

2014-01-22 17:02 - 2007-09-07 09:59 - 00024880 _____ (AVM Berlin) C:\Windows\system32\FritzVistaMon.dll

2014-01-22 17:02 - 2007-09-07 09:59 - 00024880 _____ (AVM Berlin) C:\Windows\system32\FritzVistaColorMon.dll

2014-01-22 17:01 - 2014-01-22 17:01 - 00000226 _____ () C:\Windows\setup.log

2014-01-22 17:01 - 1998-11-17 12:44 - 00328704 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe

2014-01-21 21:38 - 2013-12-19 21:26 - 22960416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll

2014-01-21 21:38 - 2013-12-19 21:26 - 17560352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2014-01-21 21:38 - 2013-12-19 21:26 - 15877216 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll

2014-01-21 21:38 - 2013-12-19 21:26 - 15230352 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll

2014-01-21 21:38 - 2013-12-19 21:26 - 10471712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2014-01-21 21:38 - 2013-12-19 21:26 - 09700224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2014-01-21 21:38 - 2013-12-19 21:26 - 09657464 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2014-01-21 21:38 - 2013-12-19 21:26 - 02947872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2014-01-21 21:38 - 2013-12-19 21:26 - 02747680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2014-01-21 21:38 - 2013-12-19 21:26 - 01049888 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3233221.dll

2014-01-21 21:38 - 2013-12-19 21:26 - 00893728 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3233221.dll

2014-01-21 21:38 - 2013-12-19 21:26 - 00852768 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll

2014-01-21 21:38 - 2013-12-19 21:26 - 00847648 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll

2014-01-21 21:38 - 2013-12-19 21:26 - 00266984 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim32.dll

2014-01-21 21:38 - 2013-12-19 21:26 - 00141336 _____ (NVIDIA Corporation) C:\Windows\system32\nvinit.dll

2014-01-21 21:38 - 2013-11-28 14:38 - 00162592 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys

2014-01-21 21:38 - 2013-11-28 14:38 - 00028448 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap32.dll

2014-01-21 21:38 - 2013-11-22 09:36 - 00895264 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco3220103.dll

2014-01-21 21:30 - 2014-01-21 21:37 - 205489232 _____ (NVIDIA Corporation) C:\Users\Admin\Downloads\332.21-desktop-win8-win7-winvista-32bit-international-whql.exe

2014-01-21 21:20 - 2014-01-21 21:20 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA Corporation

2014-01-21 21:20 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll

2014-01-21 21:20 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll

2014-01-21 21:20 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll

2014-01-21 21:19 - 2013-12-05 09:42 - 00034080 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys

2014-01-21 17:00 - 2014-01-21 17:00 - 00000000 ____D () C:\Users\Admin\Documents\Fax

2014-01-20 23:23 - 2014-01-20 23:23 - 00000000 ____D () C:\Program Files\Smart Projects

2014-01-20 23:21 - 2014-01-20 23:21 - 04410000 _____ (Smart Projects ) C:\Users\Admin\Downloads\install_isobuster.exe

2014-01-20 19:40 - 2014-01-20 19:44 - 00000000 ____D () C:\broth

2014-01-20 18:03 - 2014-01-20 18:03 - 00047156 _____ () C:\Windows\system32\cc_20140120_180322.reg

2014-01-17 18:23 - 2014-01-17 18:23 - 00002456 _____ () C:\{0199B7C0-A581-4743-A18B-C5A4FEFED1D6}

2014-01-17 18:21 - 2014-01-17 18:21 - 00002456 _____ () C:\{7849480E-9B9F-4256-BE84-1789038890E5}

2014-01-17 18:19 - 2014-01-17 18:19 - 00002304 _____ () C:\{6CBD6F37-B445-4FF2-B547-37919BE51DFD}

2014-01-17 18:18 - 2014-01-17 18:18 - 00002312 _____ () C:\{736F3E79-700F-40D5-B8AB-9308463DF28E}

2014-01-15 16:40 - 2014-01-15 16:40 - 00145560 _____ () C:\Users\Admin\Documents\cookies.txt

2014-01-15 16:40 - 2014-01-15 16:40 - 00000215 _____ () C:\Users\Admin\Documents\feeds.opml

2014-01-15 12:49 - 2014-01-15 12:50 - 25011165 _____ () C:\Users\Admin\Downloads\Mod.phone Dialer negro.zip

2014-01-15 06:43 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2014-01-15 06:43 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2014-01-15 06:43 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2014-01-15 06:43 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2014-01-15 06:43 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2014-01-15 06:43 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2014-01-15 06:43 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2014-01-15 06:43 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2014-01-15 06:43 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-01-12 09:58 - 2014-01-12 09:59 - 08627440 _____ () C:\Users\Admin\Downloads\hacker_v7_tw_4.3_leak.zip

2014-01-11 19:21 - 2014-01-11 19:21 - 00257144 _____ () C:\Windows\msxml4-KB2758694-enu.LOG

2014-01-11 19:07 - 2014-01-11 19:07 - 00448512 _____ (OldTimer Tools) C:\Users\Admin\Desktop\TFC.exe

2014-01-11 16:24 - 2014-01-11 16:24 - 00000000 ____D () C:\Program Files\MPC-HC

2014-01-11 15:57 - 2014-01-11 15:57 - 00000000 ____D () C:\Users\Admin\AppData\Local\Secunia PSI

2014-01-11 15:56 - 2014-01-11 15:56 - 00000000 ____D () C:\Program Files\Secunia

2014-01-11 15:46 - 2014-02-01 14:13 - 00000000 ____D () C:\FRST

2014-01-11 15:43 - 2014-01-11 15:43 - 00001349 _____ () C:\DelFix.txt

2014-01-11 00:12 - 2014-01-31 15:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-01-11 00:11 - 2014-01-11 00:11 - 00001988 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk

2014-01-11 00:08 - 2014-01-11 00:07 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-01-11 00:07 - 2014-01-11 00:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-01-11 00:07 - 2014-01-11 00:07 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-01-11 00:07 - 2014-01-11 00:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-01-09 23:15 - 2014-01-09 23:15 - 01440776 _____ () C:\Users\Admin\Downloads\Root_SuperSU.0.98-Busybox.1.20.2-signed.zip

2014-01-09 20:47 - 2014-01-09 20:47 - 00626836 _____ () C:\Users\Admin\Downloads\Param_Bin_I9305.zip

2014-01-09 20:46 - 2014-01-09 20:46 - 00468077 _____ () C:\Users\Admin\Downloads\Odin3 3.04.zip

2014-01-09 18:19 - 2014-01-09 18:19 - 08007743 _____ () C:\Users\Admin\Downloads\philz_touch_6.07.9-i9305.tar (1).md5

2014-01-09 17:44 - 2014-02-01 12:06 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Duicef

2014-01-09 17:44 - 2014-01-09 17:44 - 00000000 ____D () C:\Windows\Sun

2014-01-09 17:07 - 2014-01-11 15:43 - 00000000 ____D () C:\Windows\ERUNT

2014-01-08 23:32 - 2014-01-08 23:32 - 09290061 _____ () C:\Users\Admin\Downloads\v1-TW-Edition-ausdim-Kernel-GT-I9505--20140104132045-CWM.zip

2014-01-08 18:47 - 2014-01-21 09:41 - 00002208 _____ () C:\Windows\PFRO.log

2014-01-08 18:35 - 2014-01-08 18:35 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes

2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-01-08 17:26 - 2014-01-08 17:26 - 00000000 ____D () C:\Program Files\EPSViewer

2014-01-08 17:23 - 2014-01-08 17:24 - 07097337 _____ () C:\Users\Admin\Downloads\Typenschild.eps

2014-01-07 21:15 - 2014-01-07 21:15 - 08886413 _____ () C:\Users\Admin\Downloads\philz_touch_6.08.9-jfltexx.zip

2014-01-06 00:37 - 2014-01-06 16:35 - 579811384 _____ () C:\Users\Admin\Downloads\Echoe_Rom_V12_ULTRA_SLIM_by_adl_&_Spevil.zip

2014-01-05 22:33 - 2014-01-05 22:33 - 31776279 _____ () C:\Users\Admin\Downloads\BatteryIconCreator_V32.0.zip

2014-01-05 16:25 - 2014-01-05 16:25 - 00135136 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-05 12:16 - 2014-01-05 21:22 - 34695113 _____ () C:\Users\Admin\Downloads\oggupdate.zip

2014-01-02 22:34 - 2014-01-02 22:35 - 00001385 _____ () C:\Windows\IE10_main.log

2014-01-02 19:04 - 2014-01-02 19:06 - 25381969 _____ () C:\Users\Admin\Downloads\Hot Fudge Theme by HS™ V1.0.zip

2014-01-02 17:20 - 2014-02-01 12:18 - 00018140 _____ () C:\Windows\setupact.log

2014-01-02 17:20 - 2014-01-15 13:41 - 03871784 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-01-02 17:20 - 2014-01-02 17:20 - 00000000 _____ () C:\Windows\setuperr.log

2014-01-02 06:45 - 2014-01-02 06:45 - 00000000 ____D () C:\Users\Admin\Documents\WEKA
 

==================== One Month Modified Files and Folders =======
 

2014-02-01 14:14 - 2014-02-01 14:13 - 00017567 _____ () C:\Users\Admin\Desktop\FRST.txt

2014-02-01 14:13 - 2014-01-11 15:46 - 00000000 ____D () C:\FRST

2014-02-01 14:12 - 2014-02-01 14:12 - 01137152 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe

2014-02-01 14:06 - 2011-06-30 11:34 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-01 12:26 - 2009-07-14 05:34 - 00015120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-01 12:26 - 2009-07-14 05:34 - 00015120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-01 12:20 - 2011-06-30 11:34 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-01 12:18 - 2014-01-02 17:20 - 00018140 _____ () C:\Windows\setupact.log

2014-02-01 12:18 - 2011-06-16 13:45 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-02-01 12:18 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-01 12:06 - 2014-01-09 17:44 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Duicef

2014-02-01 12:06 - 2011-06-16 18:01 - 01787957 _____ () C:\Windows\WindowsUpdate.log

2014-02-01 12:05 - 2014-02-01 11:37 - 00000000 ____D () C:\ProgramData\Spyware Terminator

2014-02-01 11:37 - 2014-02-01 11:37 - 00001011 _____ () C:\Users\Public\Desktop\Spyware Terminator 2012.lnk

2014-02-01 11:37 - 2014-02-01 11:37 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Spyware Terminator

2014-02-01 11:37 - 2014-02-01 11:37 - 00000000 ____D () C:\Program Files\Spyware Terminator

2014-01-31 18:56 - 2014-01-22 17:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\FRITZ!

2014-01-31 18:34 - 2014-01-22 17:06 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\FRITZ!

2014-01-31 18:34 - 2011-06-28 08:51 - 00470528 ___SH () C:\Users\Admin\Documents\Thumbs.db

2014-01-31 15:51 - 2014-01-11 00:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-01-31 15:51 - 2011-06-17 12:39 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mozilla

2014-01-31 15:50 - 2014-01-31 15:50 - 00001108 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-01-31 15:50 - 2014-01-31 15:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-01-26 21:02 - 2011-06-16 12:08 - 01658180 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-01-25 20:15 - 2014-01-25 20:15 - 00000988 _____ () C:\Users\Public\Desktop\MozBackup.lnk

2014-01-25 20:15 - 2014-01-25 20:15 - 00000000 ____D () C:\Program Files\MozBackup

2014-01-22 17:05 - 2014-01-22 17:02 - 00000000 ____D () C:\Program Files\FRITZ!

2014-01-22 17:03 - 2014-01-22 17:03 - 00000952 _____ () C:\Users\Public\Desktop\FRITZ!fax.lnk

2014-01-22 17:02 - 2014-01-22 17:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\FRITZ!fax für FRITZ!Box

2014-01-22 17:02 - 2014-01-22 17:02 - 00000000 ____D () C:\ProgramData\ISDNWatch

2014-01-22 17:02 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Help

2014-01-22 17:01 - 2014-01-22 17:01 - 00000226 _____ () C:\Windows\setup.log

2014-01-21 21:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-01-21 21:41 - 2011-06-16 13:45 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2014-01-21 21:37 - 2014-01-21 21:30 - 205489232 _____ (NVIDIA Corporation) C:\Users\Admin\Downloads\332.21-desktop-win8-win7-winvista-32bit-international-whql.exe

2014-01-21 21:21 - 2013-10-30 09:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA

2014-01-21 21:20 - 2014-01-21 21:20 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA Corporation

2014-01-21 21:20 - 2011-06-17 19:05 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation

2014-01-21 21:19 - 2013-10-30 09:06 - 00000000 ____D () C:\Users\UpdatusUser.MONSTERDIDI

2014-01-21 17:00 - 2014-01-21 17:00 - 00000000 ____D () C:\Users\Admin\Documents\Fax

2014-01-21 09:41 - 2014-01-08 18:47 - 00002208 _____ () C:\Windows\PFRO.log

2014-01-20 23:23 - 2014-01-20 23:23 - 00000000 ____D () C:\Program Files\Smart Projects

2014-01-20 23:21 - 2014-01-20 23:21 - 04410000 _____ (Smart Projects ) C:\Users\Admin\Downloads\install_isobuster.exe

2014-01-20 19:44 - 2014-01-20 19:40 - 00000000 ____D () C:\broth

2014-01-20 18:03 - 2014-01-20 18:03 - 00047156 _____ () C:\Windows\system32\cc_20140120_180322.reg

2014-01-20 18:00 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32

2014-01-17 18:23 - 2014-01-17 18:23 - 00002456 _____ () C:\{0199B7C0-A581-4743-A18B-C5A4FEFED1D6}

2014-01-17 18:21 - 2014-01-17 18:21 - 00002456 _____ () C:\{7849480E-9B9F-4256-BE84-1789038890E5}

2014-01-17 18:19 - 2014-01-17 18:19 - 00002304 _____ () C:\{6CBD6F37-B445-4FF2-B547-37919BE51DFD}

2014-01-17 18:18 - 2014-01-17 18:18 - 00002312 _____ () C:\{736F3E79-700F-40D5-B8AB-9308463DF28E}

2014-01-15 16:44 - 2011-06-16 12:22 - 00000000 ____D () C:\totalcmd

2014-01-15 16:40 - 2014-01-15 16:40 - 00145560 _____ () C:\Users\Admin\Documents\cookies.txt

2014-01-15 16:40 - 2014-01-15 16:40 - 00000215 _____ () C:\Users\Admin\Documents\feeds.opml

2014-01-15 16:38 - 2014-01-31 16:05 - 00000590 _____ () C:\Users\Admin\Documents\indexfile.txt

2014-01-15 13:41 - 2014-01-02 17:20 - 03871784 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-01-15 13:38 - 2013-07-29 15:42 - 00000000 ____D () C:\Windows\system32\MRT

2014-01-15 13:38 - 2011-06-17 13:09 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-01-15 13:36 - 2011-06-16 13:39 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-01-15 12:50 - 2014-01-15 12:49 - 25011165 _____ () C:\Users\Admin\Downloads\Mod.phone Dialer negro.zip

2014-01-14 17:01 - 2013-10-22 00:09 - 00000000 ____D () C:\Users\Admin\Desktop\van

2014-01-14 16:57 - 2011-07-02 10:32 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps

2014-01-14 16:52 - 2013-11-27 09:04 - 00002675 _____ () C:\Users\Public\Desktop\QuickSteuer 2014.lnk

2014-01-13 13:08 - 2013-12-11 13:22 - 00000000 ____D () C:\Users\Admin\Downloads\cfautoroot

2014-01-12 18:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles

2014-01-12 09:59 - 2014-01-12 09:58 - 08627440 _____ () C:\Users\Admin\Downloads\hacker_v7_tw_4.3_leak.zip

2014-01-11 19:23 - 2012-11-22 08:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-01-11 19:21 - 2014-01-11 19:21 - 00257144 _____ () C:\Windows\msxml4-KB2758694-enu.LOG

2014-01-11 19:07 - 2014-01-11 19:07 - 00448512 _____ (OldTimer Tools) C:\Users\Admin\Desktop\TFC.exe

2014-01-11 19:03 - 2011-09-03 09:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc

2014-01-11 16:24 - 2014-01-11 16:24 - 00000000 ____D () C:\Program Files\MPC-HC

2014-01-11 16:21 - 2011-06-16 12:07 - 00000000 ____D () C:\Program Files\Adobe

2014-01-11 16:19 - 2011-09-19 20:30 - 00000000 ____D () C:\Program Files\MSXML 4.0

2014-01-11 16:18 - 2011-06-16 12:55 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe

2014-01-11 16:16 - 2012-04-08 07:15 - 00000000 ____D () C:\Program Files\Java

2014-01-11 16:03 - 2011-06-16 12:11 - 00000000 ____D () C:\Windows\system32\Adobe

2014-01-11 16:02 - 2012-04-30 06:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-01-11 16:02 - 2011-10-13 07:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-01-11 15:57 - 2014-01-11 15:57 - 00000000 ____D () C:\Users\Admin\AppData\Local\Secunia PSI

2014-01-11 15:56 - 2014-01-11 15:56 - 00000000 ____D () C:\Program Files\Secunia

2014-01-11 15:43 - 2014-01-11 15:43 - 00001349 _____ () C:\DelFix.txt

2014-01-11 15:43 - 2014-01-09 17:07 - 00000000 ____D () C:\Windows\ERUNT

2014-01-11 15:41 - 2012-06-30 15:44 - 00000000 ____D () C:\Windows\erdnt

2014-01-11 15:39 - 2011-06-16 12:04 - 00000000 ____D () C:\Users\Admin

2014-01-11 00:11 - 2014-01-11 00:11 - 00001988 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk

2014-01-11 00:11 - 2011-06-16 12:07 - 00000000 ____D () C:\ProgramData\Adobe

2014-01-11 00:07 - 2014-01-11 00:08 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-01-11 00:07 - 2014-01-11 00:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-01-11 00:07 - 2014-01-11 00:07 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-01-11 00:07 - 2014-01-11 00:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-01-10 00:23 - 2011-11-26 23:29 - 00000132 _____ () C:\Users\Admin\AppData\default.pls

2014-01-09 23:15 - 2014-01-09 23:15 - 01440776 _____ () C:\Users\Admin\Downloads\Root_SuperSU.0.98-Busybox.1.20.2-signed.zip

2014-01-09 20:52 - 2013-12-11 20:37 - 00000000 ____D () C:\Users\Admin\Downloads\efs.back

2014-01-09 20:52 - 2012-10-05 07:30 - 00000000 ____D () C:\Users\Admin\Downloads\BatteryIconCreator

2014-01-09 20:47 - 2014-01-09 20:47 - 00626836 _____ () C:\Users\Admin\Downloads\Param_Bin_I9305.zip

2014-01-09 20:46 - 2014-01-09 20:46 - 00468077 _____ () C:\Users\Admin\Downloads\Odin3 3.04.zip

2014-01-09 18:19 - 2014-01-09 18:19 - 08007743 _____ () C:\Users\Admin\Downloads\philz_touch_6.07.9-i9305.tar (1).md5

2014-01-09 17:44 - 2014-01-09 17:44 - 00000000 ____D () C:\Windows\Sun

2014-01-08 23:32 - 2014-01-08 23:32 - 09290061 _____ () C:\Users\Admin\Downloads\v1-TW-Edition-ausdim-Kernel-GT-I9505--20140104132045-CWM.zip

2014-01-08 23:07 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini

2014-01-08 20:28 - 2011-06-16 12:29 - 00000000 ____D () C:\Intel

2014-01-08 18:35 - 2014-01-08 18:35 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes

2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-01-08 17:26 - 2014-01-08 17:26 - 00000000 ____D () C:\Program Files\EPSViewer

2014-01-08 17:24 - 2014-01-08 17:23 - 07097337 _____ () C:\Users\Admin\Downloads\Typenschild.eps

2014-01-07 21:15 - 2014-01-07 21:15 - 08886413 _____ () C:\Users\Admin\Downloads\philz_touch_6.08.9-jfltexx.zip

2014-01-06 19:10 - 2013-12-16 19:07 - 00001220 _____ () C:\Users\Admin\Downloads\Xposed-Disabler-Recovery.zip

2014-01-06 16:35 - 2014-01-06 00:37 - 579811384 _____ () C:\Users\Admin\Downloads\Echoe_Rom_V12_ULTRA_SLIM_by_adl_&_Spevil.zip

2014-01-05 22:33 - 2014-01-05 22:33 - 31776279 _____ () C:\Users\Admin\Downloads\BatteryIconCreator_V32.0.zip

2014-01-05 21:22 - 2014-01-05 12:16 - 34695113 _____ () C:\Users\Admin\Downloads\oggupdate.zip

2014-01-05 18:01 - 2011-06-16 13:18 - 00010240 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-01-05 16:25 - 2014-01-05 16:25 - 00135136 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-03 00:22 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache

2014-01-02 23:37 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF

2014-01-02 22:53 - 2011-06-16 18:58 - 00000000 ____D () C:\Windows\Panther

2014-01-02 22:48 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE

2014-01-02 22:35 - 2014-01-02 22:34 - 00001385 _____ () C:\Windows\IE10_main.log

2014-01-02 19:06 - 2014-01-02 19:04 - 25381969 _____ () C:\Users\Admin\Downloads\Hot Fudge Theme by HS™ V1.0.zip

2014-01-02 17:20 - 2014-01-02 17:20 - 00000000 _____ () C:\Windows\setuperr.log

2014-01-02 15:43 - 2012-10-01 04:59 - 00000000 ____D () C:\Windows\Minidump

2014-01-02 06:45 - 2014-01-02 06:45 - 00000000 ____D () C:\Users\Admin\Documents\WEKA
 

Some content of TEMP:

====================

C:\Users\Admin\AppData\Local\Temp\InstallPlugin_11_9_900_170.exe

C:\Users\Admin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Admin\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Admin\AppData\Local\Temp\nvStInst.exe

C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-01-29 00:31
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Hast du den Fix mit FRST gemacht vor dem All Clean?

Dann sollte die Datei auch weg sein. mach den Fix bitte nochmal, poste das Fixlog.

Hi,
hm egal was ich vorher gemacht habe, ich habe seiner Zeit den Fix auf jeden Fall gemacht, jetzt ist er weg.

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-02-2014 03

Ran by Admin at 2014-02-03 10:38:14 Run:1

Running from C:\Users\Admin\Desktop

Boot Mode: Normal
 

==============================================
 

Content of fixlist:

*****************

C:\Users\Admin\AppData\Roaming\Evutp

HKCU\...\Run: [kywia.exe] - C:\Users\Admin\AppData\Roaming\Evutp\kywia.exe [372736 2013-03-23] ()

         

*****************
 

"C:\Users\Admin\AppData\Roaming\Evutp" => File/Directory not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\kywia.exe => Value not found.
 

==== End of Fixlog ====

Kann ich denn jetzt die beiden Dateien löschen (Fixlist und Fixlog) ?

Danke dir:daumenhoc