Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Superfish, Firefox öffnet ein zweites Mal, Browser langsam

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.03.2014, 23:39   #1
ghackl
 
Superfish, Firefox öffnet ein zweites Mal, Browser langsam - Standard

Superfish, Firefox öffnet ein zweites Mal, Browser langsam



Hallo zusammen!
Ich habe folgendes Problem. Irgendwo habe ich mir Malware eingefangen und werde sie nicht los. Adwarecleaner hat nichts gefunden. Ein zusatzlich installiertes Programm habe ich auch nicht entdeckt. Kurz lese ich immer wieder superfisch in der Statuszeile. Firefox öffnet immer mit ein zweites Mal mit irgendeiner Seite zum Spielen. Bei Webseiten, die nicht den ganzen Bildschirm füllen, habe ich links und rechts Einblendungen, die ich nicht haben will. Der Browser ist langsam. Kann mir jemand weiterhelfen.

Die Logdateien sehen wie folgt aus:
frst.exe
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-03-2014
Ran by Gerhard (administrator) on ASTERIX on 01-03-2014 23:00:46
Running from C:\Users\Gerhard\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard Company) C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Dropbox, Inc.) C:\Users\Gerhard\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6265376 2008-08-06] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3764024 2013-12-24] (AVAST Software)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [HPUsageTrackingLEDM] - C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-10-15] (Hewlett-Packard Company)
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3702119738-4214834906-2091399523-1000\...\Run: [iLivid] - "C:\Users\Gerhard\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\S-1-5-21-3702119738-4214834906-2091399523-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKU\S-1-5-21-3702119738-4214834906-2091399523-1000\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3702119738-4214834906-2091399523-1000\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\S-1-5-21-3702119738-4214834906-2091399523-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3702119738-4214834906-2091399523-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
Startup: C:\Users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Gerhard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION
GroupPolicyUsers\S-1-5-21-3702119738-4214834906-2091399523-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3702119738-4214834906-2091399523-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=575&systemid=406&v=a10733-171&apn_uid=8860195133994219&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=575&systemid=406&v=a10733-171&apn_uid=8860195133994219&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = 
BHO: Plus-HD-8.1 - {11111111-1111-1111-1111-110511111108} - C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-bho.dll ()
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426
FF user.js: detected! => C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426\user.js
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Bing
FF Homepage: https://www.google.at/
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=575&systemid=406&v=n10249-171&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=8860195133994219&o=APN10645&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @palmsource.com/installer,version=1.0 - C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF Plugin: @virtools.com/3DviaPlayer - C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Gerhard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-8.1 - C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426\Extensions\8ef36653-7dcd-4c5f-81f5-7870fda4b7b7@67e486b0-922d-4a2d-9e3f-77394107f67c.com [2014-02-16]
FF Extension: SearchNewTab - C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426\Extensions\ft_igtmimv@iyuaab-eoa.co.uk [2013-11-19]
FF Extension: DownloadHelper - C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-12-01]
FF Extension: New tab - C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426\Extensions\{F70FEED1-28F5-E091-0FBD-87574B341B90} [2013-12-18]
FF Extension: Firebug - C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426\Extensions\firebug@software.joehewitt.com.xpi [2013-10-02]
FF Extension: MP4 Downloader - C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426\Extensions\mp4downloader@jeff.net.xpi [2013-11-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012-06-14]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-12-24] (AVAST Software)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP)
S4 AMOptimalDiskService; C:\Program Files\Common Files\OptimalSuite Common\AMDSrv.exe [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe" [X]
S4 SpeedBoosterSvc; C:\Program Files\Common Files\OptimalSuite Common\BoostService.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-03-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-11-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-03-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-03-01] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-03-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2013-12-24] ()
R1 BIOS; C:\Windows\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group)
S3 Cardex; C:\Windows\system32\drivers\TBPANEL.SYS [12256 2007-03-16] (Windows (R) 2000 DDK provider)
R3 Edspport; C:\Windows\System32\DRIVERS\es56tpi.sys [450892 2001-10-19] (Creative Labs,Inc.)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2009-12-22] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 mbmiodrvr; C:\Windows\system32\mbmiodrvr.sys [2944 2004-04-10] (cansoft@livewiredev.com)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
S3 TBPanel; C:\Windows\system32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Gerhard\AppData\Local\Temp\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-01 23:00 - 2014-03-01 23:00 - 00000000 ____D () C:\Users\Gerhard\Downloads\FRST-OlderVersion
2014-03-01 22:58 - 2014-03-01 22:58 - 00050477 _____ () C:\Users\Gerhard\Downloads\Defogger.exe
2014-03-01 22:58 - 2014-03-01 22:58 - 00000450 _____ () C:\Users\Gerhard\Downloads\defogger_disable.log
2014-03-01 22:58 - 2014-03-01 22:58 - 00000000 _____ () C:\Users\Gerhard\defogger_reenable
2014-03-01 22:46 - 2014-03-01 22:46 - 01244192 _____ () C:\Users\Gerhard\Downloads\adwcleaner_3.0.2.0.exe
2014-03-01 20:54 - 2014-03-01 20:55 - 00032962 _____ () C:\Users\Gerhard\Desktop\FRST.txt
2014-03-01 19:52 - 2014-03-01 19:52 - 00283256 _____ (Mozilla) C:\Users\Gerhard\Downloads\Firefox Setup Stub 27.0.1.exe
2014-03-01 19:41 - 2014-03-01 19:41 - 00017389 _____ () C:\Users\Gerhard\.recently-used.xbel
2014-02-19 11:42 - 2014-02-19 11:43 - 17277693 _____ () C:\Users\Gerhard\Downloads\IMG_0739.MOV
2014-02-18 21:13 - 2014-02-18 21:13 - 00000000 ____D () C:\Program Files\VideoLAN
2014-02-17 18:49 - 2014-02-17 18:49 - 00001196 _____ () C:\Users\Gerhard\Desktop\Any Video Converter.lnk
2014-02-17 18:49 - 2014-02-17 18:49 - 00000000 ____D () C:\Users\Gerhard\Documents\Any Video Converter
2014-02-17 18:49 - 2014-02-17 18:49 - 00000000 ____D () C:\Users\Gerhard\AppData\Roaming\AnvSoft
2014-02-17 18:49 - 2014-02-17 18:49 - 00000000 ____D () C:\Program Files\AnvSoft
2014-02-17 18:46 - 2014-02-17 18:48 - 29016168 _____ (Any-Video-Converter.com ) C:\Users\Gerhard\Downloads\any-video-converter-free555.exe
2014-02-16 21:21 - 2014-03-01 22:41 - 00002306 _____ () C:\Windows\Tasks\Plus-HD-8.1-firefoxinstaller.job
2014-02-16 21:21 - 2014-03-01 22:41 - 00001500 _____ () C:\Windows\Tasks\Plus-HD-8.1-updater.job
2014-02-16 21:21 - 2014-03-01 22:41 - 00001456 _____ () C:\Windows\Tasks\Plus-HD-8.1-codedownloader.job
2014-02-16 21:21 - 2014-03-01 22:41 - 00001354 _____ () C:\Windows\Tasks\Plus-HD-8.1-enabler.job
2014-02-16 21:21 - 2014-03-01 22:35 - 00000000 ____D () C:\Program Files\Plus-HD-8.1
2014-02-16 21:21 - 2014-02-16 21:32 - 00000000 ____D () C:\FFOutput
2014-02-16 21:20 - 2014-02-16 21:20 - 00001195 _____ () C:\Users\Gerhard\Desktop\Format Factory.lnk
2014-02-16 21:20 - 2014-02-16 21:20 - 00000000 ____D () C:\Users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-02-16 21:20 - 2014-02-16 21:20 - 00000000 ____D () C:\Program Files\FreeTime
2014-02-16 21:12 - 2014-02-16 21:14 - 50693449 _____ () C:\Users\Gerhard\Desktop\FFSetupNoDVD3-1-1.exe
2014-02-16 21:11 - 2014-02-16 21:11 - 00401760 _____ () C:\Users\Gerhard\Downloads\SoftonicDownloader_fuer_format-factory.exe
2014-02-16 20:53 - 2014-02-16 20:55 - 28093562 _____ () C:\Users\Gerhard\Downloads\internet-video-converter_18319.exe
2014-02-13 07:24 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 07:24 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 07:24 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 07:24 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 07:24 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 07:24 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 07:24 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 07:24 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 07:24 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 07:24 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 07:24 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 07:24 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 07:24 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 07:24 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 07:24 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 07:24 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 07:24 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 07:24 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 07:24 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 07:24 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 07:24 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 07:18 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 07:03 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 07:03 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 07:03 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 07:03 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 07:03 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 07:03 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 07:03 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 07:03 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 07:03 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 07:03 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 07:03 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 07:03 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 07:03 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 07:03 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 18:39 - 2014-02-12 18:39 - 00211392 _____ () C:\Users\Gerhard\Downloads\zusammenfassende_Bsp_Bezugskalk.zip
2014-02-11 20:46 - 2014-02-11 20:50 - 01197568 _____ () C:\Users\Gerhard\Desktop\Lehrinhalte_WKW.ppt
2014-02-09 06:27 - 2014-02-09 06:27 - 01064960 _____ () C:\Users\Gerhard\Desktop\Folien.ppt
2014-02-08 09:32 - 2014-02-08 09:32 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\OpenOffice.org

==================== One Month Modified Files and Folders =======

2014-03-01 23:00 - 2014-03-01 23:00 - 00000000 ____D () C:\Users\Gerhard\Downloads\FRST-OlderVersion
2014-03-01 23:00 - 2013-12-27 17:55 - 01144320 _____ (Farbar) C:\Users\Gerhard\Downloads\FRST.exe
2014-03-01 23:00 - 2013-12-27 17:55 - 00015330 _____ () C:\Users\Gerhard\Downloads\FRST.txt
2014-03-01 23:00 - 2013-12-27 17:55 - 00000000 ____D () C:\FRST
2014-03-01 22:58 - 2014-03-01 22:58 - 00050477 _____ () C:\Users\Gerhard\Downloads\Defogger.exe
2014-03-01 22:58 - 2014-03-01 22:58 - 00000450 _____ () C:\Users\Gerhard\Downloads\defogger_disable.log
2014-03-01 22:58 - 2014-03-01 22:58 - 00000000 _____ () C:\Users\Gerhard\defogger_reenable
2014-03-01 22:58 - 2010-01-31 19:50 - 00000000 ____D () C:\Users\Gerhard
2014-03-01 22:56 - 2013-09-11 17:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-01 22:56 - 2013-09-11 17:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-01 22:56 - 2013-09-11 17:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-01 22:47 - 2013-09-11 07:15 - 00000000 ____D () C:\AdwCleaner
2014-03-01 22:46 - 2014-03-01 22:46 - 01244192 _____ () C:\Users\Gerhard\Downloads\adwcleaner_3.0.2.0.exe
2014-03-01 22:44 - 2010-02-01 13:56 - 00002093 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-01 22:44 - 2010-01-31 19:58 - 01708925 _____ () C:\Windows\WindowsUpdate.log
2014-03-01 22:43 - 2013-12-24 14:57 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-03-01 22:43 - 2012-10-29 15:46 - 00000000 ____D () C:\Users\Gerhard\AppData\Roaming\Dropbox
2014-03-01 22:43 - 2012-06-14 06:12 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-01 22:43 - 2011-02-03 20:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-01 22:43 - 2010-02-01 13:56 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-01 22:43 - 2010-02-01 13:56 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-01 22:43 - 2010-02-01 13:55 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-01 22:43 - 2010-01-31 19:49 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-01 22:43 - 2010-01-31 19:49 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-01 22:42 - 2012-10-29 16:03 - 00000000 ___RD () C:\Users\Gerhard\Dropbox
2014-03-01 22:41 - 2014-02-16 21:21 - 00002306 _____ () C:\Windows\Tasks\Plus-HD-8.1-firefoxinstaller.job
2014-03-01 22:41 - 2014-02-16 21:21 - 00001500 _____ () C:\Windows\Tasks\Plus-HD-8.1-updater.job
2014-03-01 22:41 - 2014-02-16 21:21 - 00001456 _____ () C:\Windows\Tasks\Plus-HD-8.1-codedownloader.job
2014-03-01 22:41 - 2014-02-16 21:21 - 00001354 _____ () C:\Windows\Tasks\Plus-HD-8.1-enabler.job
2014-03-01 22:36 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-01 22:35 - 2014-02-16 21:21 - 00000000 ____D () C:\Program Files\Plus-HD-8.1
2014-03-01 22:35 - 2013-09-11 10:12 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-01 22:35 - 2013-09-09 14:43 - 14059560 _____ () C:\Windows\setupact.log
2014-03-01 22:35 - 2012-09-26 12:55 - 00000000 ____D () C:\Program Files\Landwirtschafts Simulator 2011
2014-03-01 22:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-03-01 22:34 - 2013-11-19 19:52 - 00000000 ____D () C:\Users\Gerhard\AppData\Roaming\vlc
2014-03-01 22:34 - 2013-10-02 13:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-01 22:34 - 2013-02-07 07:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-01 22:34 - 2012-04-29 15:32 - 00000000 ____D () C:\Program Files\MyFree Codec
2014-03-01 22:34 - 2012-02-13 20:18 - 00000000 ____D () C:\ProgramData\NCH Software
2014-03-01 22:34 - 2012-02-13 20:17 - 00000000 ____D () C:\Program Files\NCH Software
2014-03-01 22:34 - 2012-01-24 18:16 - 00000000 ____D () C:\Users\Gerhard\AppData\Roaming\DVDVideoSoft
2014-03-01 22:34 - 2010-06-15 08:18 - 00000000 ____D () C:\Users\Gerhard\AppData\Roaming\gtk-2.0
2014-03-01 22:34 - 2010-02-11 17:48 - 00000000 ____D () C:\Users\Sandra
2014-03-01 22:34 - 2010-02-01 19:20 - 00000000 ____D () C:\Users\Christoph
2014-03-01 22:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-01 22:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-03-01 22:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-03-01 22:31 - 2013-01-27 09:00 - 00000000 ____D () C:\Users\Gerhard\AppData\Local\Mozilla
2014-03-01 22:31 - 2010-11-17 19:46 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-03-01 20:55 - 2014-03-01 20:54 - 00032962 _____ () C:\Users\Gerhard\Desktop\FRST.txt
2014-03-01 19:52 - 2014-03-01 19:52 - 00283256 _____ (Mozilla) C:\Users\Gerhard\Downloads\Firefox Setup Stub 27.0.1.exe
2014-03-01 19:44 - 2010-06-15 08:12 - 00000000 ____D () C:\Users\Gerhard\.gimp-2.6
2014-03-01 19:41 - 2014-03-01 19:41 - 00017389 _____ () C:\Users\Gerhard\.recently-used.xbel
2014-03-01 19:37 - 2011-02-28 11:45 - 00000000 ____D () C:\Users\Gerhard\Desktop\für Schulwebseite
2014-02-19 11:43 - 2014-02-19 11:42 - 17277693 _____ () C:\Users\Gerhard\Downloads\IMG_0739.MOV
2014-02-18 21:13 - 2014-02-18 21:13 - 00000000 ____D () C:\Program Files\VideoLAN
2014-02-17 20:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-17 18:49 - 2014-02-17 18:49 - 00001196 _____ () C:\Users\Gerhard\Desktop\Any Video Converter.lnk
2014-02-17 18:49 - 2014-02-17 18:49 - 00000000 ____D () C:\Users\Gerhard\Documents\Any Video Converter
2014-02-17 18:49 - 2014-02-17 18:49 - 00000000 ____D () C:\Users\Gerhard\AppData\Roaming\AnvSoft
2014-02-17 18:49 - 2014-02-17 18:49 - 00000000 ____D () C:\Program Files\AnvSoft
2014-02-17 18:48 - 2014-02-17 18:46 - 29016168 _____ (Any-Video-Converter.com ) C:\Users\Gerhard\Downloads\any-video-converter-free555.exe
2014-02-16 21:32 - 2014-02-16 21:21 - 00000000 ____D () C:\FFOutput
2014-02-16 21:20 - 2014-02-16 21:20 - 00001195 _____ () C:\Users\Gerhard\Desktop\Format Factory.lnk
2014-02-16 21:20 - 2014-02-16 21:20 - 00000000 ____D () C:\Users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-02-16 21:20 - 2014-02-16 21:20 - 00000000 ____D () C:\Program Files\FreeTime
2014-02-16 21:15 - 2010-01-31 20:05 - 01507342 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-16 21:14 - 2014-02-16 21:12 - 50693449 _____ () C:\Users\Gerhard\Desktop\FFSetupNoDVD3-1-1.exe
2014-02-16 21:12 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-02-16 21:11 - 2014-02-16 21:11 - 00401760 _____ () C:\Users\Gerhard\Downloads\SoftonicDownloader_fuer_format-factory.exe
2014-02-16 20:55 - 2014-02-16 20:53 - 28093562 _____ () C:\Users\Gerhard\Downloads\internet-video-converter_18319.exe
2014-02-16 19:09 - 2013-02-24 18:59 - 00000000 ____D () C:\Users\Gerhard\Documents\Eigene Scans
2014-02-13 07:22 - 2013-08-01 13:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-13 07:20 - 2011-12-30 08:41 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-13 07:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-12 18:39 - 2014-02-12 18:39 - 00211392 _____ () C:\Users\Gerhard\Downloads\zusammenfassende_Bsp_Bezugskalk.zip
2014-02-11 20:50 - 2014-02-11 20:46 - 01197568 _____ () C:\Users\Gerhard\Desktop\Lehrinhalte_WKW.ppt
2014-02-09 15:27 - 2013-01-02 13:54 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\.minecraft
2014-02-09 06:27 - 2014-02-09 06:27 - 01064960 _____ () C:\Users\Gerhard\Desktop\Folien.ppt
2014-02-08 09:32 - 2014-02-08 09:32 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\OpenOffice.org
2014-02-06 11:38 - 2014-02-13 07:24 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 11:20 - 2014-02-13 07:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 11:19 - 2014-02-13 07:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 11:01 - 2014-02-13 07:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 11:00 - 2014-02-13 07:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 07:24 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 10:52 - 2014-02-13 07:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 07:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 10:49 - 2014-02-13 07:24 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 10:47 - 2014-02-13 07:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 10:47 - 2014-02-13 07:24 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 10:46 - 2014-02-13 07:24 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 10:34 - 2014-02-13 07:24 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 10:25 - 2014-02-13 07:24 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 10:25 - 2014-02-13 07:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 10:13 - 2014-02-13 07:24 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 07:24 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 07:24 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 09:41 - 2014-02-13 07:24 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 09:36 - 2014-02-13 07:24 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:34 - 2014-02-13 07:24 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

Files to move or delete:
====================
C:\ProgramData\qjaxlkio.dss
C:\Users\Gerhard\FRST.exe
C:\Users\Gerhard\nitro_pdf_professional6_de.exe
C:\Users\Public\[freeware.de]Core-Temp-setup.exe


Some content of TEMP:
====================
C:\Users\Gerhard\AppData\Local\Temp\7z920.exe
C:\Users\Gerhard\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Gerhard\AppData\Local\Temp\bi_cleaner.exe
C:\Users\Gerhard\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Gerhard\AppData\Local\Temp\plus-hd-8-1.exe
C:\Users\Gerhard\AppData\Local\Temp\SIntf16.dll
C:\Users\Gerhard\AppData\Local\Temp\SIntf32.dll
C:\Users\Gerhard\AppData\Local\Temp\SIntfNT.dll
C:\Users\Sandra\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Sandra\AppData\Local\Temp\i4jdel0.exe
C:\Users\Sandra\AppData\Local\Temp\SIntf16.dll
C:\Users\Sandra\AppData\Local\Temp\SIntf32.dll
C:\Users\Sandra\AppData\Local\Temp\SIntfNT.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-01 12:48

==================== End Of Log ============================
         
addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-03-2014
Ran by Gerhard at 2014-03-01 23:02:27
Running from C:\Users\Gerhard\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

3DVIA player 5.0.0.20 (HKLM\...\{F06365EC-061E-48C3-B761-E1816658D618}) (Version: 5.0.20 - 3DVIA)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Any Video Converter 5.5.5 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assistant 5.05.013 (HKLM\...\Assistant) (Version: 5.5.13.0 - Medion)
Audacity 1.3.14 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2013 - Avast Software)
Brick-Force  (HKLM\...\Brick-Force) (Version:  - Infernum Productions AG)
CeeBot4 (HKLM\...\CEEBOT4) (Version:  - )
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
CuteFTP 8 Home (HKLM\...\{949DBB22-2FB7-4de1-804C-23D495A988D8}) (Version: 8.3.3 - GlobalSCAPE)
Demo RepertoriX 2009 Plus (HKLM\...\Demo RepertoriX 2009 Plus) (Version:  - )
DemoAugen (HKLM\...\{BF601748-2CD3-401E-93A9-4A831E0B8C49}) (Version: 2013.0 - )
DER HOBBIT  (HKLM\...\InstallShield_{023FFB0A-C5DB-4930-B3E4-D48266C21738}) (Version: 1.00.000 - Sierra)
Der Hobbit (Version: 1.00.000 - Sierra) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die Rache der Sumpfhühner SE (HKLM\...\Die Rache der Sumpfhühner SE) (Version:  - )
Download Manager (HKLM\...\{9FF889B0-2F9A-495d-9C65-9F0710310A82DM}) (Version: 2, 0, 0, 210 - Software.com)
DriveImage XML (Private Edition) (HKLM\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.30 - Runtime Software)
Driver Detective (HKLM\...\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}) (Version: 8.0.1 - PC Drivers HeadQuarters)
Driving Speed 2.0 (HKLM\...\Driving Speed 2_is1) (Version:  - WheelSpin Studios)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
e-törn 1.0 (HKLM\...\e-törn) (Version: 1.0 - UpperImage - Agentur für Neue Medien)
FileZilla Client 3.3.1 (HKLM\...\FileZilla Client) (Version: 3.3.1 - )
FormatFactory 3.1.1 (HKLM\...\FormatFactory) (Version: 3.1.1 - Free Time)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
GanttProject (HKLM\...\GanttProject) (Version:  - )
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version:  - )
HappyFoto-Designer 2.7 (HKLM\...\HappyFoto-Designer_is1) (Version:  - )
Harry Potter und die Heiligtümer des Todes(TM) - Teil 2 (HKLM\...\{F0C9E8E9-C54B-48C1-9192-F5D49633AB5D}) (Version: 1.0.0.0 - Electronic Arts)
HOFER Bestellsoftware 4.9.6 (HKLM\...\HOFER Bestellsoftware) (Version: 4.9.6 - ORWO Net)
HotPotatoes v 6.3.0.4 (HKLM\...\hotpot_is1) (Version:  - HalfBaked)
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
HP OrderReminder (HKLM\...\HP OrderReminder) (Version: 2.1 - )
hppLaserJetService (Version: 001.003.000145 - Hewlett-Packard) Hidden
hppM1130M1210SeriesLaserJetService (Version: 001.003.00073 - Hewlett-Packard) Hidden
hppusgM1130M1210Series (Version: 1.0.0.2 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Image Resizer Powertoy Clone for Windows (HKLM\...\{C38D079C-950D-4F18-BF7B-CE58DE86D3BD}) (Version: 2.1.1 - Brice Lambson)
Iminent (Version: 6.35.31.0 - Iminent) Hidden <==== ATTENTION
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Landwirtschafts Simulator 2011 (HKLM\...\FarmingSimulator2011_PLATINUMDE_is1) (Version: 1.0 - GIANTS Software)
LaserJet 1018 (HKLM\...\HP-LaserJet 1018) (Version:  - )
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MORE! 2 DVD-ROM (HKLM\...\MORE! 2 DVD-ROM) (Version: V1.0 - Helbling Languages)
Motherboard Monitor 5 (HKLM\...\Motherboard Monitor 5_is1) (Version: 5 - Alexander van Kaam)
Motherboard Monitor 5 Languages (HKLM\...\Motherboard Monitor 5.3.7.0 Languages_is1) (Version: 5 - Alexander van Kaam)
Movies Toolbar for Firefox (Dist. by Somoto Ltd.) (HKLM\...\somotomoviestoolbar1FF) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION
Mozilla Firefox 26.0 (x86 de) (HKLM\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NVIDIA 3D Vision Controller Driver (Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 280.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 280.19 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Oblivion (HKLM\...\{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}) (Version: 1.2.0416 - Bethesda Softworks)
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Outlook Backup Assistant 5 (Testversion) (HKLM\...\812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1) (Version: 5.0 - Priotecs IT GmbH)
Pacific Hawk 1.0 (HKLM\...\Pacific Hawk) (Version: 1.0 - Team6 game studios)
Palm Desktop by ACCESS (HKLM\...\{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}) (Version: 6.4.0.0 - Ihr Firmenname)
PC Connectivity Solution (HKLM\...\{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}) (Version: 8.47.7.0 - Nokia)
PDF Editor 3 (HKLM\...\PDF Editor 3) (Version:  - )
PE Builder 3.1.10a (HKLM\...\PE Builder_is1) (Version:  - Bart Lagerweij)
Phase 5 HTML-Editor (HKLM\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Plus-HD-8.1 (HKLM\...\Plus-HD-8.1) (Version: 1.34.1.29 - Plus HD) <==== ATTENTION
Radiopath für Netbooks 1.0  (HKLM\...\Radiopath für Netbooks) (Version: 1.0 - D-ReSearch Privatverlag)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
Ski Challenge 12 (AT) (HKCU\...\sc12-AT_MAIN) (Version:  - )
Skype™ 6.0 (HKLM\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
SLOW-PCfighter (Version: 1.2.61 - SPAMfighter ApS) Hidden
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
Toonworks v1.3 (HKLM\...\Toonworks) (Version:  - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Vtune 7.21 (HKLM\...\MySSID_is1) (Version:  - )
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DE}) (Version: 18.0.10661 - WinZip Computing, S.L. )
XAMPP 1.8.1 (HKLM\...\xampp) (Version:  - )

==================== Restore Points  =========================

22-09-2013 06:27:14 Removed Skype Toolbars
24-09-2013 11:31:31 Windows Update
26-09-2013 13:05:04 Removed Adobe Reader 9.3.2 - Deutsch.
28-09-2013 10:12:20 Windows Update
01-10-2013 17:18:16 Windows Update
08-10-2013 12:17:18 Windows Update
11-10-2013 05:38:28 Windows Update
11-10-2013 13:06:06 Windows Update
15-10-2013 15:20:22 Windows Update
19-10-2013 07:55:41 Windows Update
22-10-2013 09:26:05 Windows Update
22-10-2013 16:35:05 Removed Scan To
25-10-2013 17:17:04 Windows Update
26-10-2013 04:53:46 Automatic System Cleaner v2.5
26-10-2013 05:27:21 Windows Update
30-10-2013 06:06:34 Windows Update
05-11-2013 06:09:46 Windows Update
06-11-2013 06:27:14 Windows Update
08-11-2013 06:20:30 Windows Update
12-11-2013 14:51:38 Windows Update
14-11-2013 11:38:17 Windows Update
14-11-2013 17:15:29 Windows Update
20-11-2013 05:20:49 Windows Update
23-11-2013 05:37:48 Windows Update
24-11-2013 08:31:28 avast! antivirus system restore point
26-11-2013 06:22:57 Windows Update
29-11-2013 17:53:17 Windows Update
03-12-2013 13:11:04 Windows Update
07-12-2013 06:18:29 Windows Update
08-12-2013 06:39:13 WinZip 18.0 wird installiert
11-12-2013 05:56:55 Windows Update
12-12-2013 20:57:20 Windows Update
17-12-2013 16:28:23 Windows Update
20-12-2013 15:33:15 Installed Samsung Kies
24-12-2013 13:55:42 avast! antivirus system restore point
25-12-2013 06:11:25 Windows Update
01-01-2014 05:36:46 Windows Update
07-01-2014 16:30:25 Windows Update
10-01-2014 16:55:49 Windows Update
14-01-2014 05:58:25 Windows Update
15-01-2014 06:21:44 Windows Update
21-01-2014 16:38:26 Windows Update
28-01-2014 06:02:19 Windows Update
04-02-2014 06:53:46 Geplanter Prüfpunkt
04-02-2014 16:46:37 Windows Update
11-02-2014 14:26:21 Windows Update
13-02-2014 06:17:24 Windows Update
18-02-2014 06:21:45 Windows Update
21-02-2014 15:30:14 Windows Update
25-02-2014 06:20:44 Windows Update
25-02-2014 15:55:40 Windows Update
01-03-2014 05:28:44 Windows Update
01-03-2014 21:27:23 Wiederherstellungsvorgang
01-03-2014 21:36:53 avast! antivirus system restore point
01-03-2014 21:43:09 avast! antivirus system restore point
01-03-2014 21:44:00 Windows Update

==================== Hosts content: ==========================

2006-11-02 11:23 - 2013-09-19 18:18 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {16801CE5-B1AA-49D7-9A63-972FA48C6789} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {46DFE082-F259-4B2D-BFCE-6DAF3777B59C} - System32\Tasks\Plus-HD-8.1-updater => C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-updater.exe [2014-02-16] () <==== ATTENTION
Task: {4BB46668-3F6B-409D-8DB3-94333546E251} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {4D2FA8EF-B929-4F1B-862E-65B3E199DC7D} - System32\Tasks\PCCleaner1ClickMaint => C:\Program Files\Covus Freemium\Free Computer Cleaner\1Click.exe
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {51446F00-5C38-47D5-8FDF-A7AB7857B15F} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-03-01] (AVAST Software)
Task: {6025FA92-F539-4D97-8479-D2D7DA6F08E0} - System32\Tasks\Plus-HD-8.1-codedownloader => C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-codedownloader.exe [2014-02-16] (Plus HD) <==== ATTENTION
Task: {81F03AA6-D95C-43A2-A875-E8AEEAE8EC2B} - System32\Tasks\Freemium1ClickMaint => C:\Users\Gerhard\Downloads\1Click.exe
Task: {C90BE978-C4DE-4DB3-A5BF-0F2DD5ABB4F0} - System32\Tasks\Plus-HD-8.1-firefoxinstaller => C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-firefoxinstaller.exe [2014-02-16] (Plus HD) <==== ATTENTION
Task: {D28DB9DA-0A25-4569-AAAA-CCE71134525C} - System32\Tasks\Plus-HD-8.1-enabler => C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-enabler.exe [2014-02-16] () <==== ATTENTION
Task: {E265B993-C1DD-46DA-9CF3-11098A57748B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-01] (Adobe Systems Incorporated)
Task: {E50E0429-5FAF-4FED-89C4-85E279DB4586} - System32\Tasks\{AB0CFDF8-A5CC-4B3B-85B0-9C45C75BD066} => C:\Program Files\Skype\Phone\Skype.exe [2012-11-09] (Skype Technologies S.A.)
Task: {F652EAA4-D1AB-4E98-B4E7-0937C088A0E6} - System32\Tasks\Advanced System Optimizer => C:\Program Files\Advanced System Optimizer 3\ASO3.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Plus-HD-8.1-codedownloader.job => C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-8.1-enabler.job => C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-8.1-firefoxinstaller.job => C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-8.1-updater.job => C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-updater.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-02-18 07:16 - 2014-02-17 22:49 - 02180608 _____ () C:\Program Files\Alwil Software\Avast5\defs\14021701\algo.dll
2014-03-01 22:39 - 2014-03-01 19:29 - 02186240 _____ () C:\Program Files\Alwil Software\Avast5\defs\14030102\algo.dll
2013-09-03 17:39 - 2012-09-18 14:26 - 00169472 _____ () C:\Windows\System32\zlhp1020.dll
2013-02-16 10:32 - 2012-09-29 13:24 - 00167936 ____N () C:\Windows\System32\HPM1210LM.DLL
2013-09-03 17:40 - 2012-09-18 14:26 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\pphp1020.dll
2013-02-16 10:32 - 2012-09-29 13:24 - 00069632 ____N () C:\Windows\system32\spool\PRTPROCS\W32X86\HPM1210PP.dll
2009-10-15 11:13 - 2009-10-15 11:13 - 00061440 _____ () C:\Program Files\HP\HPLaserJetService\HPTools.dll
2009-10-15 11:13 - 2009-10-15 11:13 - 00964096 _____ () C:\Program Files\HP\HPLaserJetService\LEDMXMLObjects.dll
2012-12-24 06:53 - 2012-12-24 06:53 - 00081920 _____ () C:\Windows\system32\mvusbews.DLL
2010-01-03 22:46 - 2010-01-03 22:46 - 00094208 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2013-11-24 09:33 - 2013-11-24 09:33 - 19336120 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2009-10-15 18:44 - 2009-10-15 18:44 - 00067128 _____ () C:\Program Files\HP\HP UT LEDM\bin\HPTools.dll
2009-10-15 18:44 - 2009-10-15 18:44 - 00075320 _____ () C:\Program Files\HP\HP UT LEDM\bin\HPToolkit.dll
2009-10-15 18:43 - 2009-10-15 18:43 - 00140856 _____ () C:\Program Files\HP\HP UT LEDM\bin\DMBaseObjects.dll
2009-10-15 18:43 - 2009-10-15 18:43 - 00240128 _____ () C:\Program Files\HP\HP UT LEDM\bin\LEDMMapperObjects.dll
2009-10-15 18:44 - 2009-10-15 18:44 - 00969784 _____ () C:\Program Files\HP\HP UT LEDM\bin\LEDMXMLObjects.dll
2014-02-15 07:10 - 2014-02-15 07:10 - 01945088 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\25ed27f5e6d0ec5da303cea46673dc1f\Kies.UI.ni.dll
2014-02-15 07:10 - 2014-02-15 07:10 - 00079360 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\83a2428c1864fdb6663bd4cd02091560\Kies.MVVM.ni.dll
2014-02-15 07:10 - 2014-02-15 07:10 - 00189952 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d65d7332c5c2b7edcf305e54a9d5a3ac\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-02-15 07:11 - 2014-02-15 07:11 - 00362496 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\6f8a0a0a93cda6b767b24c064dfb9d2c\DevicePhoto.ni.dll
2014-02-15 07:11 - 2014-02-15 07:11 - 00296960 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\1811ff55663bebc012a32e336e579c8f\DeviceVideo.ni.dll
2014-02-15 07:11 - 2014-02-15 07:11 - 00612352 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\9d29c778be4a7969f8dd2d6edeed7125\DevicePodcast.ni.dll
2014-02-15 07:11 - 2014-02-15 07:11 - 00307200 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\0e258a54f63222c3ca6e8572dcba6d0c\DummyStorePlugin.ni.dll
2014-02-15 07:11 - 2014-02-15 07:11 - 14972928 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\75d52558f4fa49ea12601d7b2e878d53\Kies.Theme.ni.dll
2014-02-15 07:10 - 2014-02-15 07:10 - 00582144 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c2a047dbbc796fd679db4e7f699b23ef\Kies.Common.DeviceServiceLib.FileService.ni.dll
2014-02-15 07:10 - 2014-02-15 07:10 - 00046592 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\e0f4f08d2e7ce762334d814387531baf\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
2014-02-15 07:10 - 2014-02-15 07:10 - 01002496 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\5cb2a4efb8700613bd8cff573696a543\DeviceCommonLib.ni.dll
2014-02-15 07:10 - 2014-02-15 07:10 - 00232960 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\e4efdbb3089032946ef763a3b815b4c7\ASF_cSharpAPI.ni.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Gerhard\AppData\Roaming\Dropbox\bin\libcef.dll
2013-10-02 13:16 - 2013-12-21 17:33 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-06 06:56 - 2014-02-06 06:56 - 16287624 ____N () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll
2006-10-26 21:30 - 2006-10-26 21:30 - 00065312 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2006-10-27 15:35 - 2006-10-27 15:35 - 00436512 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2006-10-26 13:56 - 2006-10-26 13:56 - 00757008 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2012-01-09 18:01 - 2007-01-31 11:33 - 00032768 _____ () C:\Program Files\Vtune\TBPanelExt.dll
2010-06-16 13:49 - 2002-04-22 02:15 - 00139264 ____N () C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AMOptimalDiskService => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: dgdersvc => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: SearchAnonymizer => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SpeedBoosterSvc => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk => C:\Windows\pss\HotSync Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Gerhard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Gerhard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Game Alarm.lnk => C:\Windows\pss\Game Alarm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Gerhard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Device Detection => C:\Program Files\HappyFoto-Designer\dd.exe
MSCONFIG\startupreg: EssSpkPhone => essspk.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TBPanel => C:\Program Files\Vtune\TBPanel.exe /A

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/01/2014 10:36:52 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {6129bc6a-c489-4cd6-b3b3-a1d5632bab24}

Error: (03/01/2014 00:48:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (02/25/2014 04:42:18 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 27.0.1.5156, Zeitstempel: 0x52fc0fcf
Name des fehlerhaften Moduls: mozalloc.dll, Version: 27.0.1.5156, Zeitstempel: 0x52fbe972
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000119c
ID des fehlerhaften Prozesses: 0x83c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (02/22/2014 04:12:45 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (02/19/2014 08:26:29 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (02/17/2014 08:03:52 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/17/2014 08:02:13 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (02/15/2014 07:56:49 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/15/2014 07:55:24 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (02/10/2014 06:55:19 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (03/01/2014 10:42:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (03/01/2014 10:42:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (03/01/2014 10:42:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (03/01/2014 10:42:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (03/01/2014 10:42:03 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (03/01/2014 10:42:03 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (03/01/2014 10:41:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (03/01/2014 10:41:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (03/01/2014 10:41:55 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (03/01/2014 10:27:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535


Microsoft Office Sessions:
=========================
Error: (12/13/2013 07:22:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 253 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/12/2013 09:56:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4499 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (12/11/2013 01:26:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2486 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (08/09/2013 00:52:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17416 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (07/08/2013 00:11:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 234 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (03/22/2013 10:19:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 906 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (03/21/2013 08:45:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 768 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (07/10/2012 00:08:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 37 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/10/2012 00:06:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/10/2012 00:06:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 60 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 3583.24 MB
Available physical RAM: 1932.06 MB
Total Pagefile: 7166.48 MB
Available Pagefile: 5317.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:492.98 GB) (Free:286.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DarstellendeGeom) (CDROM) (Total:0.4 GB) (Free:0 GB) UDF
Drive e: (Fotos) (Fixed) (Total:97.66 GB) (Free:87.39 GB) NTFS
Drive f: (Daten ab 2010) (Fixed) (Total:195.31 GB) (Free:186.1 GB) NTFS
Drive g: (Volume) (Fixed) (Total:145.36 GB) (Free:21.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 838EECBD)
Partition 1: (Active) - (Size=493 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=341 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
gmer.log
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-01 23:26:50
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-6 ST31000520AS rev.CC32 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Gerhard\AppData\Local\Temp\kxddrpow.sys


---- System - GMER 2.1 ----

SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwAddBootEntry [0x9221DAD0]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwAssignProcessToJobObject [0x9221E5AE]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwCreateEvent [0x9222A5E0]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwCreateEventPair [0x9222A62C]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwCreateIoCompletion [0x9222A7C6]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwCreateMutant [0x9222A54E]
SSDT   \??\C:\Windows\system32\drivers\aswSP.sys                                                                  ZwCreateSection [0x922D4386]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwCreateSemaphore [0x9222A596]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwCreateThread [0x9221EAE4]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwCreateThreadEx [0x9221ED00]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwCreateTimer [0x9222A780]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwDebugActiveProcess [0x9221F39C]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwDeleteBootEntry [0x9221DB36]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwDuplicateObject [0x92222B32]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwLoadDriver [0x9221D71E]
SSDT   \??\C:\Windows\system32\drivers\aswSP.sys                                                                  ZwMapViewOfSection [0x922D4466]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwModifyBootEntry [0x9221DB9C]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwNotifyChangeKey [0x92222F28]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwNotifyChangeMultipleKeys [0x9221FE2C]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwOpenEvent [0x9222A60A]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwOpenEventPair [0x9222A64E]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwOpenIoCompletion [0x9222A7EA]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwOpenMutant [0x9222A574]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwOpenProcess [0x9222242C]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwOpenSection [0x9222A6FE]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwOpenSemaphore [0x9222A5BE]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwOpenThread [0x92222814]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwOpenTimer [0x9222A7A4]
SSDT   \??\C:\Windows\system32\drivers\aswSP.sys                                                                  ZwProtectVirtualMemory [0x922D420A]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwQueryObject [0x9221FCF8]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwQueueApcThreadEx [0x9221FA06]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwSetBootEntryOrder [0x9221DC02]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwSetBootOptions [0x9221DC68]
SSDT   \??\C:\Windows\system32\drivers\aswSP.sys                                                                  ZwSetContextThread [0x922D4562]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwSetSystemInformation [0x9221D7B8]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwSetSystemPowerState [0x9221D98E]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwShutdownSystem [0x9221D91C]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwSuspendProcess [0x9221F566]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwSuspendThread [0x9221F6C8]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwSystemDebugControl [0x9221DA16]
SSDT   \??\C:\Windows\system32\drivers\aswSP.sys                                                                  ZwTerminateProcess [0x922D42D8]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwTerminateThread [0x9221F1F6]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwVdmControl [0x9221DCCE]
SSDT   \??\C:\Windows\system32\drivers\aswSnx.sys                                                                 ZwWriteVirtualMemory [0x9221E60A]

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                   8327FA15 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                     832B9212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                        832C0460 4 Bytes  [D0, DA, 21, 92]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                        832C04E8 4 Bytes  [AE, E5, 21, 92] {SCASB ; IN EAX, 0x21; XCHG EDX, EAX}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                        832C053C 8 Bytes  [E0, A5, 22, 92, 2C, A6, 22, ...] {LOOPNZ 0xffffffa7; AND DL, [EDX-0x6ddd59d4]}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                        832C0548 4 Bytes  [C6, A7, 22, 92]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                                        832C0564 4 Bytes  [4E, A5, 22, 92]
.text  ...                                                                                                        
PAGE   ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                                8347B4DF 4 Bytes  CALL 92220513 \??\C:\Windows\system32\drivers\aswSnx.sys
PAGE   ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                               83495347 4 Bytes  CALL 92220529 \??\C:\Windows\system32\drivers\aswSnx.sys

---- User code sections - GMER 2.1 ----

.text  C:\Program Files\Microsoft LifeCam\MSCamS32.exe[112] kernel32.dll!GetBinaryTypeW + 70                      768369E4 1 Byte  [62]
.text  C:\Windows\system32\csrss.exe[480] kernel32.dll!GetBinaryTypeW + 70                                        768369E4 1 Byte  [62]
.text  C:\Windows\system32\csrss.exe[540] kernel32.dll!GetBinaryTypeW + 70                                        768369E4 1 Byte  [62]
.text  C:\Windows\system32\wininit.exe[548] kernel32.dll!GetBinaryTypeW + 70                                      768369E4 1 Byte  [62]
.text  C:\Windows\system32\winlogon.exe[596] kernel32.dll!GetBinaryTypeW + 70                                     768369E4 1 Byte  [62]
.text  ...                                                                                                        
.text  C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2708] ntdll.dll!DbgBreakPoint           77914108 1 Byte  [C3]
.text  C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2708] kernel32.dll!GetBinaryTypeW + 70  768369E4 1 Byte  [62]
.text  C:\Windows\system32\AUDIODG.EXE[2948] kernel32.dll!GetBinaryTypeW + 70                                     768369E4 1 Byte  [62]
.text  C:\Windows\WindowsMobile\wmdc.exe[2964] kernel32.dll!GetBinaryTypeW + 70                                   768369E4 1 Byte  [62]
.text  C:\Windows\system32\taskhost.exe[3288] kernel32.dll!GetBinaryTypeW + 70                                    768369E4 1 Byte  [62]
.text  C:\Windows\system32\Dwm.exe[3324] kernel32.dll!GetBinaryTypeW + 70                                         768369E4 1 Byte  [62]
.text  ...                                                                                                        

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations                          ???[do??\???? ?????????????????????1????????????????????????? ????????????????b??????.?g?\?????????????????s_n??????????????????????????????????? ?????????????????????,????????\?#?????????? ??OLYMPUS C750UZ USB Device???????????????????????????????? ?????????????????????1??L????????? ??????ver??? ?????????????????????1????????????&????????????????????t???????????u??? ??????????????????? ???????/???????? ???????"?????n???g????????????????????????????????????????????????????}??????????? ?????????????????????7??$?????&?????????shot????&??????1???????e??aswMonFlt Instance?psh??? ?????????????????????7???????????????????????7B-??????????????????320700???????????????F??s0??? ?????????????????????,????????X?$?????????? ???????????????????????????????????????f???  ??????????????0??STORAGE\Volume??65????????????N?????????????????{00000000-0000-0000-0000-000000000000}?2fc????4?????????????????????????????????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App
Reg    HKLM\SOFTWARE\Classes\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32@                          %SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}

---- EOF - GMER 2.1 ----
         
Für Hilfe wäre ich sehr dankbar.

MfG

Alt 02.03.2014, 07:20   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Superfish, Firefox öffnet ein zweites Mal, Browser langsam - Standard

Superfish, Firefox öffnet ein zweites Mal, Browser langsam



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 02.03.2014, 08:11   #3
ghackl
 
Superfish, Firefox öffnet ein zweites Mal, Browser langsam - Standard

Superfish, Firefox öffnet ein zweites Mal, Browser langsam



Hallo!
Danke für deine Hilfe! Ich denke es funktioniert jetzt wieder.
Hier die Datei
Code:
ATTFilter
ComboFix 14-02-24.02 - Gerhard 02.03.2014   7:30.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.43.1031.18.3583.2625 [GMT 1:00]
ausgeführt von:: c:\users\Gerhard\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\qjaxlkio.dss
c:\users\Gerhard\Documents\Der Hobbit \Ein unerwartetes Fest - 1.hobbit
c:\users\Gerhard\Documents\Der Hobbit \Ein unerwartetes Fest - 1.xbmp
c:\users\Gerhard\Documents\Der Hobbit \Hammelbraten - 1.hobbit
c:\users\Gerhard\Documents\Der Hobbit \Hammelbraten - 1.xbmp
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome.manifest
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\asyncDB.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\background.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\browserAction.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\contextMenu.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\dbManager.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\dom_bg.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\fileManager.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\firefox.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\firefoxNotifications.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\firefoxOmnibox.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\message.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\pageAction.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\request.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\tabs.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\webRequest.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\windowsMessagingHandler.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\background.html
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\baseObject.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\browser.xul
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\addressBarChangeObserver.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\console.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\consts.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\delegate.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\extensionDataStore.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\folderIOWrapper.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\httpObserver.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\IDBWrapper.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\installer.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\logFile.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\prefs.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\progressListenerObserver.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\registry.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\reloadObserver.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\reports.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\requestObject.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\searchSettings.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\uninstallObserver.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\updateManager.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\utils.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\xhr.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\dialog.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\ffCoreFilesIndex.txt
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\main.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\options.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\options.xul
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\platformVersion.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\search_dialog.xul
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\defaults\preferences\prefs.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\manifest.xml
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins.json
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\1_base.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\102_dealply_m.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\103_intext_5_m.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\105_corticas_m.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\108_icm_m.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\119_similar_web_m.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\123_intext_adv_m.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\17_jQuery.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\180_bpo_serp_m.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\182_openUrl.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\184_noproblemppc_m.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\191_ciuvo_m.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\195_icm_convertmedia_m.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\207_dbWrapper.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\208_gam_manager.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\21_debug.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\22_resources.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\220_icm_base_m.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\226_set_campaign_id_m.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\28_initializer.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\47_resources_background.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\64_appApiMessage.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\7_hooks.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\72_appApiValidation.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\98_omniCommands.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\userCode\background.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\userCode\extension.js
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\install.rdf
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\locale\en-US\translations.dtd
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\button1.png
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\button2.png
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\button3.png
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\button4.png
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\button5.png
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\crossrider_statusbar.png
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\icon128.png
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\icon16.png
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\icon24.png
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\icon48.png
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\panelarrow-up.png
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\popup.html
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\skin.css
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\2nlhl12j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\update.css
c:\users\Sandra\Documents\Der Hobbit \Drüber hin und drunter durch - 1.hobbit
c:\users\Sandra\Documents\Der Hobbit \Drüber hin und drunter durch - 1.xbmp
c:\users\Sandra\Documents\Der Hobbit \Drüber hin und drunter durch - 2.hobbit
c:\users\Sandra\Documents\Der Hobbit \Drüber hin und drunter durch - 2.xbmp
c:\users\Sandra\Documents\Der Hobbit \Drüber hin und drunter durch - 3.hobbit
c:\users\Sandra\Documents\Der Hobbit \Drüber hin und drunter durch - 3.xbmp
c:\users\Sandra\Documents\Der Hobbit \Drüber hin und drunter durch - 4.hobbit
c:\users\Sandra\Documents\Der Hobbit \Drüber hin und drunter durch - 4.xbmp
c:\users\Sandra\Documents\Der Hobbit \Drüber hin und drunter durch - 5.hobbit
c:\users\Sandra\Documents\Der Hobbit \Drüber hin und drunter durch - 5.xbmp
c:\users\Sandra\Documents\Der Hobbit \Drüber hin und drunter durch - 6.hobbit
c:\users\Sandra\Documents\Der Hobbit \Drüber hin und drunter durch - 6.xbmp
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 1.hobbit
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 1.xbmp
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 2.hobbit
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 2.xbmp
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 3.hobbit
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 3.xbmp
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 4.hobbit
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 4.xbmp
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 5.hobbit
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 5.xbmp
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 6.hobbit
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 6.xbmp
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 7.hobbit
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 7.xbmp
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 1.hobbit
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 1.xbmp
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 2.hobbit
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 2.xbmp
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 3.hobbit
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 3.xbmp
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 4.hobbit
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 4.xbmp
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 5.hobbit
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 5.xbmp
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 6.hobbit
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 6.xbmp
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 1.hobbit
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 1.xbmp
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 2.hobbit
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 2.xbmp
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 3.hobbit
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 3.xbmp
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 4.hobbit
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 4.xbmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-02-02 bis 2014-03-02  ))))))))))))))))))))))))))))))
.
.
2014-03-02 06:38 . 2014-03-02 06:52	--------	d-----w-	c:\users\Gerhard\AppData\Local\temp
2014-03-02 06:38 . 2014-03-02 06:38	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-03-02 06:38 . 2014-03-02 06:38	--------	d-----w-	c:\users\Sandra\AppData\Local\temp
2014-03-02 06:38 . 2014-03-02 06:38	--------	d-----w-	c:\users\Public\AppData\Local\temp
2014-03-02 06:38 . 2014-03-02 06:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-03-02 06:38 . 2014-03-02 06:38	--------	d-----w-	c:\users\Christoph\AppData\Local\temp
2014-03-02 06:12 . 2014-03-02 06:12	--------	d-----w-	c:\windows\ERUNT
2014-03-02 06:04 . 2014-03-02 06:04	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E223091-613F-4C48-8CFD-D07202A5E073}\offreg.dll
2014-03-01 22:42 . 2014-03-01 22:42	--------	d-----w-	c:\windows\Migration
2014-03-01 21:44 . 2014-02-17 00:32	7947048	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E223091-613F-4C48-8CFD-D07202A5E073}\mpengine.dll
2014-02-18 20:13 . 2014-02-18 20:13	--------	d-----w-	c:\program files\VideoLAN
2014-02-17 18:34 . 2014-02-17 18:34	--------	d-----w-	c:\users\Gerhard\AppData\Local\fontconfig
2014-02-17 17:49 . 2014-02-17 17:49	--------	d-----w-	c:\users\Gerhard\AppData\Roaming\AnvSoft
2014-02-17 17:49 . 2014-02-17 17:49	--------	d-----w-	c:\program files\AnvSoft
2014-02-16 20:21 . 2014-02-16 20:32	--------	d-----w-	C:\FFOutput
2014-02-16 20:20 . 2014-03-02 06:07	--------	d-----w-	c:\program files\FreeTime
2014-02-13 06:18 . 2013-12-21 08:56	454656	----a-w-	c:\windows\system32\vbscript.dll
2014-02-08 08:32 . 2014-02-08 08:32	--------	d-----w-	c:\users\Sandra\AppData\Roaming\OpenOffice.org
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-01 21:56 . 2013-09-11 16:29	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-01 21:56 . 2013-09-11 16:29	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-03-01 21:43 . 2013-12-24 13:57	64168	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-03-01 21:43 . 2012-06-14 05:12	775952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2014-03-01 21:43 . 2010-02-01 12:56	410784	----a-w-	c:\windows\system32\drivers\aswSP.sys
2014-03-01 21:43 . 2010-02-01 12:56	67824	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-03-01 21:43 . 2011-02-03 19:38	43152	----a-w-	c:\windows\avastSS.scr
2014-03-01 21:43 . 2010-02-01 12:55	270240	----a-w-	c:\windows\system32\aswBoot.exe
2014-01-27 08:58 . 2010-01-31 13:55	231584	------w-	c:\windows\system32\MpSigStub.exe
2013-12-24 13:57 . 2013-09-11 12:53	180248	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2003-03-21 12:45 . 2011-01-11 18:49	250544	----a-w-	c:\program files\Common Files\keyhelp.ocx
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-01 21:43	259464	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Gerhard\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Gerhard\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Gerhard\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Gerhard\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-11-06 1564528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-06 6265376]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-03-01 3767096]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-11-06 311152]
"HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-10-15 30264]
.
c:\users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Gerhard\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-6-16 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoEncryptOnMove"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Gerhard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Gerhard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Game Alarm.lnk]
path=c:\users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk
backup=c:\windows\pss\Game Alarm.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Gerhard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57	959904	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detection]
2011-12-20 14:00	1052848	----a-w-	c:\program files\HappyFoto-Designer\dd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EssSpkPhone]
2001-10-19 10:49	49152	----a-w-	c:\windows\essspk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47	31016	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2013-11-06 09:55	311152	----a-w-	c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32	253816	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2011-08-02 14:38	2248704	----a-w-	c:\program files\Vtune\TBPANEL.exe
.
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-10-28 87064]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-02-06 108032]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2012-12-24 17408]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 114280]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-10-28 182680]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1343400]
R3 XDva397;XDva397;c:\windows\system32\XDva397.sys [x]
R4 AMOptimalDiskService;appsmaker OptimalDisk Service;c:\program files\Common Files\OptimalSuite Common\AMDSrv.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-10-19 160944]
R4 SpeedBoosterSvc;appsmaker OptimalPC SpeedBooster Service;c:\program files\Common Files\OptimalSuite Common\BoostService.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-03-01 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-03-01 410784]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-03-16 13696]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-03-01 67824]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-22 217088]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2009-10-15 136192]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-05-18 99896]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-03-01 64168]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 30576]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11 21:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1;127.0.0.1;127.0.0.1
uSearchAssistant = hxxp://www.google.com
Trusted Zone: oepul.at\www
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
HKCU-Run-iLivid - c:\users\Gerhard\AppData\Local\iLivid\iLivid.exe
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1 - c:\program files\Outlook Backup Assistant\unins000.exe
AddRemove-somotomoviestoolbar1FF - c:\progra~1\MOVIES~1\SAFETY~1\SRTOOL~1\FF\uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-MyFreeCodec - c:\program files\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-03-02  07:55:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-03-02 06:55
.
Vor Suchlauf: 27 Verzeichnis(se), 308.162.682.880 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 308.323.631.104 Bytes frei
.
- - End Of File - - 0280C087160EF0ED98B89AE908C6EA4F
A36C5E4F47E84449FF07ED3517B43A31
         
Danke
__________________

Alt 03.03.2014, 08:13   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Superfish, Firefox öffnet ein zweites Mal, Browser langsam - Standard

Superfish, Firefox öffnet ein zweites Mal, Browser langsam



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Superfish, Firefox öffnet ein zweites Mal, Browser langsam
antivirus, bildschirm, browser, desktop, downloader, excel, fehler, firefox, flash player, format, freemium, helper, homepage, langsam, malware, mozilla, ntdll.dll, olympus, programm, realtek, registry, rundll, scan, security, sierra, software, svchost.exe, system, taskhost.exe, windows



Ähnliche Themen: Superfish, Firefox öffnet ein zweites Mal, Browser langsam


  1. Chrome (Win 8.1) öffnet selbständig Tabs mit Werbung (Verdacht auf Superfish)
    Log-Analyse und Auswertung - 21.03.2015 (27)
  2. Windows 7: Firefox - superfish.com
    Plagegeister aller Art und deren Bekämpfung - 20.03.2015 (10)
  3. Windows 7: Mysearchcom öffnet sich Mozilla Firefox Browser
    Log-Analyse und Auswertung - 27.01.2015 (15)
  4. Rechner vollig langsam ,Browser Firefox öffnet ständig Werbung
    Plagegeister aller Art und deren Bekämpfung - 30.10.2014 (11)
  5. Browser öffnet Seiten extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 07.02.2014 (11)
  6. Firefox in Zweitfenster, öffnet immer noch Virus Browser
    Plagegeister aller Art und deren Bekämpfung - 10.12.2013 (21)
  7. Zweites Fenster öffnet sich bei Firefox -appround.biz-Was ist das?
    Plagegeister aller Art und deren Bekämpfung - 29.03.2013 (7)
  8. superfish Deal Finder Malware im Firefox Broser
    Log-Analyse und Auswertung - 20.09.2012 (1)
  9. Browser öffnet falsche Seiten und ist unerträglich langsam
    Log-Analyse und Auswertung - 01.02.2012 (2)
  10. PC Langsam, Browser öffnet falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 11.10.2010 (2)
  11. Browser öffnet ständig Werbung / Internet langsam
    Log-Analyse und Auswertung - 03.06.2010 (3)
  12. FF öffnet immer zweites Fenter mit Werbung
    Log-Analyse und Auswertung - 03.01.2009 (1)
  13. Firefox öffnet ständig zweites Fenster
    Plagegeister aller Art und deren Bekämpfung - 21.12.2008 (4)
  14. Firefox öffnet selbstständig neue Browser
    Plagegeister aller Art und deren Bekämpfung - 26.11.2008 (14)
  15. FireFox Öffnet neuen browser mit werbung
    Mülltonne - 07.10.2008 (0)
  16. Brauche dringend hilfe:-( Firefox öffnet ständig zweites Fenster
    Plagegeister aller Art und deren Bekämpfung - 15.06.2008 (1)
  17. Browser Öffnet sich 100x Firefox
    Mülltonne - 26.01.2008 (0)

Zum Thema Superfish, Firefox öffnet ein zweites Mal, Browser langsam - Hallo zusammen! Ich habe folgendes Problem. Irgendwo habe ich mir Malware eingefangen und werde sie nicht los. Adwarecleaner hat nichts gefunden. Ein zusatzlich installiertes Programm habe ich auch nicht entdeckt. - Superfish, Firefox öffnet ein zweites Mal, Browser langsam...
Archiv
Du betrachtest: Superfish, Firefox öffnet ein zweites Mal, Browser langsam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.