257 infektionen bei malware protector gefunden!!

kann man diese nur beheben wenn man die software kauft??

log habe ich als pdf drangehängt.

vielen dank für eventuelle tips

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

hallo schrauber,

hier die frst

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Nico Mak Computing) C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ATK Hotkey\MsgTranAgt.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(TomTom) C:\Program Files\TomTomNavi\TomTom HOME 2\TomTomHOMEService.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Spigot, Inc.) C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [ATKOSD2] - C:\Program Files\ATKOSD2\ATKOSD2.exe [7737344 2007-10-18] ()
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-10-31] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-10-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [630784 2006-11-22] (Motorola Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-03-01] (Synaptics, Inc.)
HKLM\...\Run: [VMware hqtray] - "C:\Users\Max\Aero-Dienst\hqtray.exe"
HKLM\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3568312 2013-12-06] (AVAST Software)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [SearchSettings] - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [1297728 2013-02-23] (Spigot, Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3568312 2013-12-06] (AVAST Software)
HKLM\...\RunOnce: [20131224] - C:\Program Files\Alwil Software\Avast5\setup\emupdate\7ec99a60-6804-4d81-b457-dc0314d6674f.exe /check [181136 2014-01-29] (AVAST Software)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [451872 2007-06-20] (Hewlett-Packard Company)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [iLivid] - "C:\Users\Max\AppData\Local\iLivid\iLivid.exe" -autorun
MountPoints2: {1ae0b609-3588-11e1-917e-005056c00008} - G:\LaunchU3.exe -a
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUS
URLSearchHook: HKCU - (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = hxxp://search.imesh.com/webResults.html?src=ieb&q={searchTerms}
SearchScopes: HKCU - {C828CD46-D32A-4D7E-84C9-7017CB90B3D0} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: No Name - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - No Name - {B7D3E479-CC68-42B5-A338-938ECE35F419} - No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Winsock: Catalog5 02 C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll [79224] (Juniper Networks)
Winsock: Catalog5 09 C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll [79224] (Juniper Networks)
Winsock: Catalog9 12 C:\Users\Max\Aero-Dienst\vsocklib.dll File Not found ()
Winsock: Catalog9 13 C:\Users\Max\Aero-Dienst\vsocklib.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1

FireFox:
========
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Users\Max\Downloads\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Programme\Programme\adobe reader 10.1\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-2.2 - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com [2014-01-29]
FF Extension: HDvid Codec 3 - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\Extensions\hdvc3@hdvidcodec.com.xpi [2013-06-30]
FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-22]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-11-29]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Google Drive) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-07]
CHR Extension: (YouTube) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-07]
CHR Extension: (Google Search) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-07]
CHR Extension: (GutscheinCodes.de GutscheinFinder) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\didlmjkkjfegblmkekbhgpefajgikncm [2013-06-25]
CHR Extension: (Plus-HD-2.2) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo [2013-11-13]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04]
CHR Extension: (Gmail) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-07]
CHR HKLM\...\Chrome\Extension: [dnllcmllkjofnojidnaknldfehfhehoo] - C:\Program Files\HDvidCodec.com\HDvidCodec10.crx [2013-06-30]

========================== Services (Whitelisted) =================

R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] ()
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-26] (Symantec Corporation)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-12-06] (AVAST Software)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-26] (Symantec Corporation)
R2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R2 TomTomHOMEService; C:\Program Files\TomTomNavi\TomTom HOME 2\TomTomHOMEService.exe [92592 2012-01-23] (TomTom)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [326192 2009-08-14] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [399920 2009-08-14] (VMware, Inc.)
S2 LiveUpdate Notice Ex; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
S3 ufad-ws60; C:\Users\Max\Aero-Dienst\vmware-ufad.exe -d "C:\Users\Max\Aero-Dienst\\" -s ufad-p2v.xml
S2 VMAuthdService; "C:\Users\Max\Aero-Dienst\vmware-authd.exe" [x]

==================== Drivers (Whitelisted) ====================

R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-12-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-12-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2013-12-06] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-12-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-12-06] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-12-06] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [178304 2013-12-06] ()
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32304 2009-08-14] (VMware, Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R1 NEOFLTR_630_14121; C:\Windows\system32\Drivers\NEOFLTR_630_14121.SYS [64480 2009-03-27] (Juniper Networks)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [23216 2009-08-14] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2009-08-14] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [31280 2009-08-14] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26288 2009-08-14] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [857520 2009-08-14] (VMware, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S2 vstor2-ws60; \??\C:\Users\Max\Aero-Dienst\vstor2-ws60.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-29 09:35 - 2014-01-29 09:36 - 00016526 _____ C:\Users\Max\Downloads\FRST.txt
2014-01-29 09:35 - 2014-01-29 09:35 - 00000000 ____D C:\FRST
2014-01-29 09:34 - 2014-01-29 09:35 - 01137152 _____ (Farbar) C:\Users\Max\Downloads\FRST.exe
2014-01-29 09:34 - 2014-01-29 09:34 - 02079744 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2014-01-28 22:36 - 2014-01-28 22:36 - 00091252 _____ C:\Users\Max\Desktop\log.xml
2014-01-28 21:58 - 2014-01-28 21:58 - 00000993 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-01-28 21:58 - 2014-01-28 21:58 - 00000000 ____D C:\Users\Max\AppData\Roaming\Nico Mak Computing
2014-01-28 21:58 - 2014-01-28 21:58 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2014-01-28 21:58 - 2014-01-28 21:58 - 00000000 ____D C:\Program Files\WinZip Malware Protector
2014-01-28 21:58 - 2013-03-15 17:01 - 00016384 _____ C:\Windows\system32\wsusnative32.exe
2014-01-28 21:57 - 2014-01-28 21:57 - 04892480 _____ (WinZip International LLC ) C:\Users\Max\Downloads\wzmp_8.exe
2014-01-27 21:37 - 2014-01-27 21:37 - 00143824 _____ C:\Windows\Minidump\Mini012714-01.dmp
2014-01-25 16:21 - 2014-01-25 16:21 - 00143824 _____ C:\Windows\Minidump\Mini012514-02.dmp
2014-01-25 15:22 - 2014-01-25 15:22 - 00143824 _____ C:\Windows\Minidump\Mini012514-01.dmp
2014-01-22 16:37 - 2014-01-22 16:42 - 00000000 ____D C:\Users\Max\Desktop\Tennisverein
2014-01-22 15:29 - 2014-01-22 15:29 - 00143824 _____ C:\Windows\Minidump\Mini012214-01.dmp
2014-01-20 11:48 - 2014-01-20 11:48 - 00143824 _____ C:\Windows\Minidump\Mini012014-01.dmp
2014-01-17 12:46 - 2014-01-17 12:46 - 00143824 _____ C:\Windows\Minidump\Mini011714-02.dmp
2014-01-17 12:17 - 2014-01-17 12:17 - 00143824 _____ C:\Windows\Minidump\Mini011714-01.dmp
2014-01-13 16:36 - 2014-01-13 16:36 - 00143824 _____ C:\Windows\Minidump\Mini011314-01.dmp
2014-01-09 18:42 - 2014-01-09 18:42 - 00143824 _____ C:\Windows\Minidump\Mini010914-01.dmp
2014-01-03 20:28 - 2014-01-03 20:28 - 00143824 _____ C:\Windows\Minidump\Mini010314-01.dmp

==================== One Month Modified Files and Folders =======

2014-01-29 09:36 - 2014-01-29 09:35 - 00016526 _____ C:\Users\Max\Downloads\FRST.txt
2014-01-29 09:35 - 2014-01-29 09:35 - 00000000 ____D C:\FRST
2014-01-29 09:35 - 2014-01-29 09:34 - 01137152 _____ (Farbar) C:\Users\Max\Downloads\FRST.exe
2014-01-29 09:34 - 2014-01-29 09:34 - 02079744 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2014-01-29 09:09 - 2008-05-06 20:36 - 02030601 _____ C:\Windows\WindowsUpdate.log
2014-01-29 09:05 - 2009-09-08 19:40 - 00000000 ____D C:\ProgramData\VMware
2014-01-29 09:04 - 2013-11-13 16:39 - 00001878 _____ C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job
2014-01-29 09:04 - 2013-11-13 16:39 - 00001802 _____ C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
2014-01-29 09:04 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-29 09:04 - 2006-11-02 13:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-29 09:04 - 2006-11-02 13:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-29 09:03 - 2008-07-23 16:29 - 00094954 _____ C:\Windows\PFRO.log
2014-01-28 23:09 - 2007-04-18 09:33 - 00000012 _____ C:\Windows\bthservsdp.dat
2014-01-28 23:09 - 2006-11-02 14:01 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-28 22:59 - 2012-12-15 21:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-28 22:43 - 2009-09-21 10:20 - 00000000 ____D C:\Users\Max\Tennis
2014-01-28 22:36 - 2014-01-28 22:36 - 00091252 _____ C:\Users\Max\Desktop\log.xml
2014-01-28 21:58 - 2014-01-28 21:58 - 00000993 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-01-28 21:58 - 2014-01-28 21:58 - 00000000 ____D C:\Users\Max\AppData\Roaming\Nico Mak Computing
2014-01-28 21:58 - 2014-01-28 21:58 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2014-01-28 21:58 - 2014-01-28 21:58 - 00000000 ____D C:\Program Files\WinZip Malware Protector
2014-01-28 21:57 - 2014-01-28 21:57 - 04892480 _____ (WinZip International LLC ) C:\Users\Max\Downloads\wzmp_8.exe
2014-01-28 21:12 - 2008-07-23 15:36 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2014-01-27 21:37 - 2014-01-27 21:37 - 00143824 _____ C:\Windows\Minidump\Mini012714-01.dmp
2014-01-27 21:37 - 2013-11-13 16:28 - 265538409 _____ C:\Windows\MEMORY.DMP
2014-01-27 21:37 - 2009-01-03 10:53 - 00000000 ____D C:\Windows\Minidump
2014-01-25 17:22 - 2012-06-26 18:53 - 00000000 ____D C:\Users\Max\AppData\Roaming\Dropbox
2014-01-25 17:12 - 2012-06-26 19:01 - 00000000 ___RD C:\Users\Max\Dropbox
2014-01-25 16:21 - 2014-01-25 16:21 - 00143824 _____ C:\Windows\Minidump\Mini012514-02.dmp
2014-01-25 15:22 - 2014-01-25 15:22 - 00143824 _____ C:\Windows\Minidump\Mini012514-01.dmp
2014-01-22 16:42 - 2014-01-22 16:37 - 00000000 ____D C:\Users\Max\Desktop\Tennisverein
2014-01-22 15:29 - 2014-01-22 15:29 - 00143824 _____ C:\Windows\Minidump\Mini012214-01.dmp
2014-01-22 14:14 - 2006-11-02 11:33 - 01453664 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-20 11:48 - 2014-01-20 11:48 - 00143824 _____ C:\Windows\Minidump\Mini012014-01.dmp
2014-01-20 11:46 - 2011-11-19 10:21 - 00000000 ____D C:\Users\Max\AppData\Roaming\vlc
2014-01-20 11:43 - 2013-11-29 17:07 - 00000000 ____D C:\Users\Max\AppData\Roaming\HpUpdate
2014-01-20 11:43 - 2013-07-17 17:57 - 00000000 ____D C:\Windows\system32\MRT
2014-01-20 11:43 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-17 12:46 - 2014-01-17 12:46 - 00143824 _____ C:\Windows\Minidump\Mini011714-02.dmp
2014-01-17 12:17 - 2014-01-17 12:17 - 00143824 _____ C:\Windows\Minidump\Mini011714-01.dmp
2014-01-13 16:36 - 2014-01-13 16:36 - 00143824 _____ C:\Windows\Minidump\Mini011314-01.dmp
2014-01-09 18:42 - 2014-01-09 18:42 - 00143824 _____ C:\Windows\Minidump\Mini010914-01.dmp
2014-01-03 20:28 - 2014-01-03 20:28 - 00143824 _____ C:\Windows\Minidump\Mini010314-01.dmp

Files to move or delete:
====================
C:\Users\Max\dotNetFx35setup.exe


Some content of TEMP:
====================
C:\Users\Max\AppData\Local\Temp\IMsetup.exe
C:\Users\Max\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Max\AppData\Local\Temp\Setup(1).exe
C:\Users\Max\AppData\Local\Temp\SweetIMSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 09:11

==================== End Of Log ============================

und die addition



2007 Microsoft Office system (Version: 12.0.4518.1014 - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Air Command 3.0 (Demo) (Version: - )
Apple Mobile Device Support (Version: 2.1.2.7 - Apple Inc.)
Apple Software Update (Version: 2.1.1.116 - Apple Inc.)
ASUS Data Security Manager (Version: 1.00.0006 - ASUS)
ASUS Live Update (Version: 2.5.6 - ASUS)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0019 - ASUS)
Atheros Driver Installation Program (Version: 7.1 - Atheros)
ATK Generic Function Service (Version: 1.00.0008 - ATK)
ATK Hotkey (Version: 1.00.0031 - ATK)
ATKOSD2 (Version: 6.64.1.6 - ATK)
avast! Free Antivirus (Version: 9.0.2008 - Avast Software)
CD Audio MP3 Converter (Version: - )
CMDialog ActiveX Control DLL (Version: 6.0.84.18 - Unknown) Hidden
ffdshow v1.2.4422 [2012-04-09] (Version: 1.2.4422.0 - )
FMS Demonstrator CJ3 v1-0 (Version: v1-0 - Rockwell Collins, Inc.)
FreeRIP v3.1 (Version: 3.091 - MGShareware)
HDVidCodec (Version: 2.1 Build 26473 - hdvidcodec.com) <==== ATTENTION
HP ENVY 4500 series - Grundlegende Software für das Gerät (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
HP ENVY 4500 series Hilfe (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (Version: 1.0.0.7702 - HP)
HP Update (Version: 5.003.003.001 - Hewlett-Packard)
Intel(R) Graphics Media Accelerator Driver (Version: - )
iTunes (Version: 8.0.2.20 - Apple Inc.)
Juniper Networks Secure Application Manager (Version: 6.3.0.14121 - Juniper Networks)
Juniper Networks Setup Client (HKCU Version: 1.3.2.12683 - Juniper Networks)
LightScribe 1.8.13.1 (Version: 1.8.13.1 - LightScribe) Hidden
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.68 - Symantec Corporation)
LiveUpdate Notice (Symantec Corporation) (Version: 1.4.5 - Symantec Corporation)
Macromedia Contribute 3 (Version: 3.0.2.2326 - Macromedia, Inc.)
Macromedia Dreamweaver 8 (Version: 8.0.0.2751 - Macromedia)
Macromedia Extension Manager (Version: 1.7.270 - Ihr Firmenname)
Macromedia Fireworks 8 (Version: 8.0.0.777 - Macromedia)
Macromedia Flash 8 (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (Version: 1.00.0000 - Macromedia)
Macromedia Flash Player 8 (Version: 8.0.22.0 - Macromedia)
Macromedia HomeSite+ (Version: - )
MetaFrame Presentation Server Webclient für Win32 (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Component Category Manager Library (Version: 4.71.1460.1 - Unknown) Hidden
Microsoft Office Access MUI (Dutch) 2007 (Version: 12.0.4518.1017 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Dutch) 2007 (Version: 12.0.4518.1017 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Dutch) 2007 (Version: 12.0.4518.1017 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Dutch) 2007 (Version: 12.0.4518.1017 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Arabic) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Dutch) 2007 (Version: 12.0.4518.1017 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Dutch) 2007 (Version: 12.0.4518.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Dutch) 2007 (Version: 12.0.4518.1017 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Dutch) 2007 (Version: 12.0.4518.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Dutch) 2007 (Version: 12.0.4518.1017 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft OLE 2.40 for Windows NT(TM) and Windows 95(TM) Operating Systems (Version: 2.40.4275.1 - Unknown) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Motorola SM56 Data Fax Modem (Version: - )
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
NB Probe (Version: - )
Nero 7 Essentials (Version: 7.03.0188 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
OpenOffice 4.0.1 (Version: 4.01.9714 - Apache Software Foundation)
PC Connectivity Solution (Version: 7.7.10.0 - Nokia)
PDF Architect (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (Version: 1.7.1 - pdfforge)
pdfforge Toolbar v7.0 (Version: 7.0 - Spigot, Inc.) <==== ATTENTION
Phase 5 HTML-Editor (Version: 5.6.2.2 - Systemberatung Schommer)
Plus-HD-2.2 (Version: 1.30.153.0 - Plus HD) <==== ATTENTION
Power4Gear eXtreme (Version: 1.00.0014 - ATK)
QuarkXPress 6.1 (Version: 6.10.0000 - Quark Inc.)
QuickTime (Version: 7.60.92.0 - Apple Inc.)
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (Version: 6.0.1.5506 - Realtek Semiconductor Corp.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (Version: 3.52.02 - )
SB ATC Simulator Sector Development Kit 1.00 (Version: - Simon's Simulation Software)
Studie zur Verbesserung von HP ENVY 4500 series (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (Version: 9.1.19.0 - Synaptics)
TeamViewer 7 (Version: 7.0.12799 - TeamViewer)
TomTom HOME 2.8.3.2499 (Version: 2.8.3.2499 - TomTom)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2 - TomTom International B.V.)
TopStyle Lite (Version 3.0) (Version: 3.1.0 - Bradbury Software, LLC)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Visual Basic Virtual Machine (Version: 6.0.88.42 - Unknown) Hidden
VLC media player 2.1.0 (Version: 2.1.0 - VideoLAN)
VMware Player (Version: 2.5.3.8888 - VMware, Inc.)
Windows Phone Intro Video (DEU) (Version: 04.07.0975.00 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia Modem (11/03/2006 6.82.0.1) (Version: 11/03/2006 6.82.0.1 - Nokia)
WinFlash (Version: - )
WinRAR 4.00 (32-Bit) (Version: 4.00.0 - win.rar GmbH)
WinZip 12.0 (Version: 12.0.8252 - WinZip Computing, S.L. )
WinZip Malware Protector (Version: 2.1.1000.10798 - WinZip International LLC)
Wireless Console 2 (Version: 2.0.10 - ATK)

==================== Restore Points =========================

08-01-2014 18:44:19 Windows Update
17-01-2014 10:53:16 Windows Update
20-01-2014 10:41:26 Windows Update
22-01-2014 17:50:49 Geplanter Prüfpunkt
25-01-2014 13:59:03 Windows Update
28-01-2014 20:17:15 Windows Update

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {168FF066-0390-4E7C-A7F1-0E2D4CB4B359} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-12-06] (AVAST Software)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {24729BF5-B86B-48B8-8679-E2565E4A4A7B} - System32\Tasks\Plus-HD-2.2-chromeinstaller => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe [2013-11-13] (Plus HD) <==== ATTENTION
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3FF183BA-580E-41D7-A307-5EBCA8DE1EEB} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {5373153B-03A0-4701-A5B4-4957DFCF9D76} - System32\Tasks\Plus-HD-2.2-codedownloader => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe [2013-11-13] (Plus HD) <==== ATTENTION
Task: {65BA0D3C-6389-4403-A773-C9EF0DCE127A} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2013-02-08] (Hewlett-Packard Co.)
Task: {89144DB6-705B-442B-82C6-3A6B99AF9CF6} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing)
Task: {A9551933-80D3-4F51-92A4-7196555F8483} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {B292B4E1-F2E1-4B6D-8617-3C61B616B5D3} - System32\Tasks\Plus-HD-2.2-firefoxinstaller => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe [2013-11-13] (Plus HD) <==== ATTENTION
Task: {C40C5AD2-9F69-43CF-B17D-DA1B46F57232} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job => ?
Task: C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2008-05-06 23:22 - 2007-06-15 18:28 - 00147456 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
2008-05-06 23:22 - 2007-06-02 01:08 - 00143360 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
2009-01-15 19:34 - 2011-03-02 11:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2005-06-27 09:42 - 2005-06-27 09:42 - 00167936 _____ () C:\Program Files\Macromedia\FlashPaper 2\FlashPaperContextMenu.dll
2008-05-06 23:22 - 2007-08-08 10:52 - 00331776 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
2014-01-28 21:58 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files\WinZip Malware Protector\System.Data.SQLite.dll
2014-01-28 21:58 - 2013-07-15 16:53 - 01717936 _____ () C:\Program Files\WinZip Malware Protector\aspsys.dll
2006-11-22 10:31 - 2006-11-22 10:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56fra.dll
2006-11-22 10:31 - 2006-11-22 10:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56brz.dll
2006-11-22 10:31 - 2006-11-22 10:31 - 00053248 _____ () C:\Program Files\Motorola\SMSERIAL\sm56chs.dll
2006-11-22 10:31 - 2006-11-22 10:31 - 00053248 _____ () C:\Program Files\Motorola\SMSERIAL\sm56cht.dll
2006-11-22 10:31 - 2006-11-22 10:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56ger.dll
2006-11-22 10:31 - 2006-11-22 10:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56ita.dll
2006-11-22 10:31 - 2006-11-22 10:31 - 00057344 _____ () C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll
2006-11-22 10:31 - 2006-11-22 10:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56esp.dll
2006-11-22 10:31 - 2006-11-22 10:31 - 00053248 _____ () C:\Program Files\Motorola\SMSERIAL\sm56kor.dll
2006-11-22 10:31 - 2006-11-22 10:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll
2013-12-06 17:07 - 2013-12-06 17:07 - 19336120 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2007-02-16 16:40 - 2007-02-16 16:40 - 01466368 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-02-16 16:40 - 2007-02-16 16:40 - 05521408 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2013-12-20 13:04 - 2013-12-20 13:05 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-12-11 18:00 - 2013-12-11 18:00 - 16242056 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:C176AF6C

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Nokia 6500c
Description: Nokia Windows Portable Device Driver
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2014 04:24:25 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\LG2EC9QQ.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (01/25/2014 04:24:25 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\LG2EC9QQ.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (01/25/2014 04:24:25 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\LG2EC9QQ.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (01/25/2014 04:24:25 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\LG2EC9QQ.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (01/25/2014 04:24:25 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\LG2EC9QQ.DEFAULT\CACHE\6> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (01/25/2014 04:24:25 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\LG2EC9QQ.DEFAULT\CACHE\6> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (01/25/2014 04:24:25 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\LG2EC9QQ.DEFAULT\CACHE\5> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (01/25/2014 04:24:25 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\LG2EC9QQ.DEFAULT\CACHE\5> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (01/25/2014 04:24:25 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\LG2EC9QQ.DEFAULT\CACHE\4> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (01/25/2014 04:24:25 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\LG2EC9QQ.DEFAULT\CACHE\4> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)


System errors:
=============
Error: (01/29/2014 09:05:38 AM) (Source: Service Control Manager) (User: )
Description: VMware Authorization Service%%2

Error: (01/29/2014 09:05:38 AM) (Source: Service Control Manager) (User: )
Description: Vstor2 WS60 Virtual Storage Driver%%2

Error: (01/28/2014 09:13:26 PM) (Source: Service Control Manager) (User: )
Description: VMware Authorization Service%%2

Error: (01/28/2014 09:13:26 PM) (Source: Service Control Manager) (User: )
Description: Vstor2 WS60 Virtual Storage Driver%%2

Error: (01/27/2014 08:22:07 PM) (Source: Service Control Manager) (User: )
Description: VMware Authorization Service%%2

Error: (01/27/2014 08:22:07 PM) (Source: Service Control Manager) (User: )
Description: Vstor2 WS60 Virtual Storage Driver%%2

Error: (01/25/2014 04:23:33 PM) (Source: Service Control Manager) (User: )
Description: VMware Authorization Service%%2

Error: (01/25/2014 04:23:33 PM) (Source: Service Control Manager) (User: )
Description: Vstor2 WS60 Virtual Storage Driver%%2

Error: (01/25/2014 04:21:55 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 25.01.2014 um 16:20:53 unerwartet heruntergefahren.

Error: (01/25/2014 03:24:35 PM) (Source: Service Control Manager) (User: )
Description: VMware Authorization Service%%2


Microsoft Office Sessions:
=========================
Error: (02/18/2009 05:48:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 26 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/18/2009 05:48:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/18/2009 05:47:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 64 seconds with 60 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2013-04-08 18:10:48.840
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2012-01-03 17:57:44.729
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2011-12-05 22:21:24.127
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2011-12-05 19:43:29.517
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2011-11-29 19:12:00.825
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2011-11-29 18:27:41.019
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2011-01-02 19:55:58.247
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2011-01-02 14:38:09.019
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2010-12-30 14:53:33.633
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2010-12-28 12:12:04.812
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 3062.48 MB
Available physical RAM: 1466.16 MB
Total Pagefile: 6343.2 MB
Available Pagefile: 4643.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.48 MB

==================== Drives ================================

Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:16.92 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:108.63 GB) (Free:72.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 6C2421E8)
Partition 1: (Not Active) - (Size=8 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=109 GB) - (Type=OF Extended)

==================== End Of Log ============================


vielen dank für deine schnelle antwort!!!

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop

• Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

FRST Additions Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-01-2014
Ran by Max at 2014-01-29 09:36:26
Running from C:\Users\Max\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

2007 Microsoft Office system (Version: 12.0.4518.1014 - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Air Command 3.0 (Demo) (Version:  - )
Apple Mobile Device Support (Version: 2.1.2.7 - Apple Inc.)
Apple Software Update (Version: 2.1.1.116 - Apple Inc.)
ASUS Data Security Manager (Version: 1.00.0006 - ASUS)
ASUS Live Update (Version: 2.5.6 - ASUS)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0019 - ASUS)
Atheros Driver Installation Program (Version: 7.1 - Atheros)
ATK Generic Function Service (Version: 1.00.0008 - ATK)
ATK Hotkey (Version: 1.00.0031 - ATK)
ATKOSD2 (Version: 6.64.1.6 - ATK)
avast! Free Antivirus (Version: 9.0.2008 - Avast Software)
CD Audio MP3 Converter (Version:  - )
CMDialog ActiveX Control DLL (Version: 6.0.84.18 - Unknown) Hidden
ffdshow v1.2.4422 [2012-04-09] (Version: 1.2.4422.0 - )
FMS Demonstrator CJ3 v1-0 (Version: v1-0 - Rockwell Collins, Inc.)
FreeRIP v3.1 (Version: 3.091 - MGShareware)
HDVidCodec (Version: 2.1 Build 26473 - hdvidcodec.com) <==== ATTENTION
HP ENVY 4500 series - Grundlegende Software für das Gerät (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
HP ENVY 4500 series Hilfe (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (Version: 1.0.0.7702 - HP)
HP Update (Version: 5.003.003.001 - Hewlett-Packard)
Intel(R) Graphics Media Accelerator Driver (Version:  - )
iTunes (Version: 8.0.2.20 - Apple Inc.)
Juniper Networks Secure Application Manager (Version: 6.3.0.14121 - Juniper Networks)
Juniper Networks Setup Client (HKCU Version: 1.3.2.12683 - Juniper Networks)
LightScribe  1.8.13.1 (Version: 1.8.13.1 - hxxp://www.lightscribe.com) Hidden
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.68 - Symantec Corporation)
LiveUpdate Notice (Symantec Corporation) (Version: 1.4.5 - Symantec Corporation)
Macromedia Contribute 3 (Version: 3.0.2.2326 - Macromedia, Inc.)
Macromedia Dreamweaver 8 (Version: 8.0.0.2751 - Macromedia)
Macromedia Extension Manager (Version: 1.7.270 - Ihr Firmenname)
Macromedia Fireworks 8 (Version: 8.0.0.777 - Macromedia)
Macromedia Flash 8 (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (Version: 1.00.0000 - Macromedia)
Macromedia Flash Player 8 (Version: 8.0.22.0 - Macromedia)
Macromedia HomeSite+ (Version:  - )
MetaFrame Presentation Server Webclient für Win32 (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Component Category Manager Library (Version: 4.71.1460.1 - Unknown) Hidden
Microsoft Office Access MUI (Dutch) 2007 (Version: 12.0.4518.1017 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Dutch) 2007 (Version: 12.0.4518.1017 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Dutch) 2007 (Version: 12.0.4518.1017 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Dutch) 2007 (Version: 12.0.4518.1017 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Arabic) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Dutch) 2007 (Version: 12.0.4518.1017 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Dutch) 2007 (Version: 12.0.4518.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Dutch) 2007 (Version: 12.0.4518.1017 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Dutch) 2007 (Version: 12.0.4518.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Dutch) 2007 (Version: 12.0.4518.1017 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft OLE 2.40  for Windows NT(TM) and Windows 95(TM) Operating Systems (Version: 2.40.4275.1 - Unknown) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Motorola SM56 Data Fax Modem (Version:  - )
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
NB Probe (Version:  - )
Nero 7 Essentials (Version: 7.03.0188 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
OpenOffice 4.0.1 (Version: 4.01.9714 - Apache Software Foundation)
PC Connectivity Solution (Version: 7.7.10.0 - Nokia)
PDF Architect (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (Version: 1.7.1 - pdfforge)
pdfforge Toolbar v7.0 (Version: 7.0 - Spigot, Inc.) <==== ATTENTION
Phase 5 HTML-Editor (Version: 5.6.2.2 - Systemberatung Schommer)
Plus-HD-2.2 (Version: 1.30.153.0 - Plus HD) <==== ATTENTION
Power4Gear eXtreme (Version: 1.00.0014 - ATK)
QuarkXPress 6.1 (Version: 6.10.0000 - Quark Inc.)
QuickTime (Version: 7.60.92.0 - Apple Inc.)
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (Version: 6.0.1.5506 - Realtek Semiconductor Corp.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (Version: 3.52.02 - )
SB ATC Simulator Sector Development Kit 1.00 (Version:  - Simon's Simulation Software)
Studie zur Verbesserung von HP ENVY 4500 series (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (Version: 9.1.19.0 - Synaptics)
TeamViewer 7 (Version: 7.0.12799 - TeamViewer)
TomTom HOME 2.8.3.2499 (Version: 2.8.3.2499 - TomTom)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2 - TomTom International B.V.)
TopStyle Lite (Version 3.0) (Version: 3.1.0 - Bradbury Software, LLC)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Visual Basic Virtual Machine (Version: 6.0.88.42 - Unknown) Hidden
VLC media player 2.1.0 (Version: 2.1.0 - VideoLAN)
VMware Player (Version: 2.5.3.8888 - VMware, Inc.)
Windows Phone Intro Video (DEU) (Version: 04.07.0975.00 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia Modem  (11/03/2006 6.82.0.1) (Version: 11/03/2006 6.82.0.1 - Nokia)
WinFlash (Version:  - )
WinRAR 4.00 (32-Bit) (Version: 4.00.0 - win.rar GmbH)
WinZip 12.0 (Version: 12.0.8252 - WinZip Computing, S.L. )
WinZip Malware Protector (Version: 2.1.1000.10798 - WinZip International LLC)
Wireless Console 2 (Version: 2.0.10 - ATK)

==================== Restore Points  =========================

08-01-2014 18:44:19 Windows Update
17-01-2014 10:53:16 Windows Update
20-01-2014 10:41:26 Windows Update
22-01-2014 17:50:49 Geplanter Prüfpunkt
25-01-2014 13:59:03 Windows Update
28-01-2014 20:17:15 Windows Update

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {168FF066-0390-4E7C-A7F1-0E2D4CB4B359} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-12-06] (AVAST Software)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {24729BF5-B86B-48B8-8679-E2565E4A4A7B} - System32\Tasks\Plus-HD-2.2-chromeinstaller => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe [2013-11-13] (Plus HD) <==== ATTENTION
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3FF183BA-580E-41D7-A307-5EBCA8DE1EEB} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {5373153B-03A0-4701-A5B4-4957DFCF9D76} - System32\Tasks\Plus-HD-2.2-codedownloader => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe [2013-11-13] (Plus HD) <==== ATTENTION
Task: {65BA0D3C-6389-4403-A773-C9EF0DCE127A} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2013-02-08] (Hewlett-Packard Co.)
Task: {89144DB6-705B-442B-82C6-3A6B99AF9CF6} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing)
Task: {A9551933-80D3-4F51-92A4-7196555F8483} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {B292B4E1-F2E1-4B6D-8617-3C61B616B5D3} - System32\Tasks\Plus-HD-2.2-firefoxinstaller => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe [2013-11-13] (Plus HD) <==== ATTENTION
Task: {C40C5AD2-9F69-43CF-B17D-DA1B46F57232} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job => ?
Task: C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2008-05-06 23:22 - 2007-06-15 18:28 - 00147456 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
2008-05-06 23:22 - 2007-06-02 01:08 - 00143360 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
2009-01-15 19:34 - 2011-03-02 11:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2005-06-27 09:42 - 2005-06-27 09:42 - 00167936 _____ () C:\Program Files\Macromedia\FlashPaper 2\FlashPaperContextMenu.dll
2008-05-06 23:22 - 2007-08-08 10:52 - 00331776 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
2014-01-28 21:58 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files\WinZip Malware Protector\System.Data.SQLite.dll
2014-01-28 21:58 - 2013-07-15 16:53 - 01717936 _____ () C:\Program Files\WinZip Malware Protector\aspsys.dll
2006-11-22 10:31 - 2006-11-22 10:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56fra.dll
2006-11-22 10:31 - 2006-11-22 10:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56brz.dll
2006-11-22 10:31 - 2006-11-22 10:31 - 00053248 _____ () C:\Program Files\Motorola\SMSERIAL\sm56chs.dll
2006-11-22 10:31 - 2006-11-22 10:31 - 00053248 _____ () C:\Program Files\Motorola\SMSERIAL\sm56cht.dll
2006-11-22 10:31 - 2006-11-22 10:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56ger.dll
2006-11-22 10:31 - 2006-11-22 10:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56ita.dll
2006-11-22 10:31 - 2006-11-22 10:31 - 00057344 _____ () C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll
2006-11-22 10:31 - 2006-11-22 10:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56esp.dll
2006-11-22 10:31 - 2006-11-22 10:31 - 00053248 _____ () C:\Program Files\Motorola\SMSERIAL\sm56kor.dll
2006-11-22 10:31 - 2006-11-22 10:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll
2013-12-06 17:07 - 2013-12-06 17:07 - 19336120 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2007-02-16 16:40 - 2007-02-16 16:40 - 01466368 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-02-16 16:40 - 2007-02-16 16:40 - 05521408 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2013-12-20 13:04 - 2013-12-20 13:05 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-12-11 18:00 - 2013-12-11 18:00 - 16242056 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:C176AF6C

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Nokia 6500c
Description: Nokia Windows Portable Device Driver
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2014 04:24:25 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\LG2EC9QQ.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (01/25/2014 04:24:25 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\LG2EC9QQ.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (01/25/2014 04:24:25 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\LG2EC9QQ.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (01/25/2014 04:24:25 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\LG2EC9QQ.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (01/25/2014 04:24:25 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\LG2EC9QQ.DEFAULT\CACHE\6> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (01/25/2014 04:24:25 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\LG2EC9QQ.DEFAULT\CACHE\6> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (01/25/2014 04:24:25 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\LG2EC9QQ.DEFAULT\CACHE\5> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (01/25/2014 04:24:25 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\LG2EC9QQ.DEFAULT\CACHE\5> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (01/25/2014 04:24:25 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\LG2EC9QQ.DEFAULT\CACHE\4> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (01/25/2014 04:24:25 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\MAX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\LG2EC9QQ.DEFAULT\CACHE\4> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (01/29/2014 09:05:38 AM) (Source: Service Control Manager) (User: )
Description: VMware Authorization Service%%2

Error: (01/29/2014 09:05:38 AM) (Source: Service Control Manager) (User: )
Description: Vstor2 WS60 Virtual Storage Driver%%2

Error: (01/28/2014 09:13:26 PM) (Source: Service Control Manager) (User: )
Description: VMware Authorization Service%%2

Error: (01/28/2014 09:13:26 PM) (Source: Service Control Manager) (User: )
Description: Vstor2 WS60 Virtual Storage Driver%%2

Error: (01/27/2014 08:22:07 PM) (Source: Service Control Manager) (User: )
Description: VMware Authorization Service%%2

Error: (01/27/2014 08:22:07 PM) (Source: Service Control Manager) (User: )
Description: Vstor2 WS60 Virtual Storage Driver%%2

Error: (01/25/2014 04:23:33 PM) (Source: Service Control Manager) (User: )
Description: VMware Authorization Service%%2

Error: (01/25/2014 04:23:33 PM) (Source: Service Control Manager) (User: )
Description: Vstor2 WS60 Virtual Storage Driver%%2

Error: (01/25/2014 04:21:55 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 25.01.2014 um 16:20:53 unerwartet heruntergefahren.

Error: (01/25/2014 03:24:35 PM) (Source: Service Control Manager) (User: )
Description: VMware Authorization Service%%2


Microsoft Office Sessions:
=========================
Error: (02/18/2009 05:48:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 26 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/18/2009 05:48:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/18/2009 05:47:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 64 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-04-08 18:10:48.840
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-01-03 17:57:44.729
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-12-05 22:21:24.127
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-12-05 19:43:29.517
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-11-29 19:12:00.825
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-11-29 18:27:41.019
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-01-02 19:55:58.247
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-01-02 14:38:09.019
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-12-30 14:53:33.633
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-12-28 12:12:04.812
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 52%
Total physical RAM: 3062.48 MB
Available physical RAM: 1466.16 MB
Total Pagefile: 6343.2 MB
Available Pagefile: 4643.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.48 MB

==================== Drives ================================

Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:16.92 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:108.63 GB) (Free:72.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 6C2421E8)
Partition 1: (Not Active) - (Size=8 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=109 GB) - (Type=OF Extended)

==================== End Of Log ============================
         

--- --- ---



FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2014
Ran by Max (administrator) on MAX-PC on 29-01-2014 09:35:40
Running from C:\Users\Max\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Nico Mak Computing) C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ATK Hotkey\MsgTranAgt.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(TomTom) C:\Program Files\TomTomNavi\TomTom HOME 2\TomTomHOMEService.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Spigot, Inc.) C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [ATKOSD2] - C:\Program Files\ATKOSD2\ATKOSD2.exe [7737344 2007-10-18] ()
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-10-31] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-10-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [630784 2006-11-22] (Motorola Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-03-01] (Synaptics, Inc.)
HKLM\...\Run: [VMware hqtray] - "C:\Users\Max\Aero-Dienst\hqtray.exe"
HKLM\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3568312 2013-12-06] (AVAST Software)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [SearchSettings] - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [1297728 2013-02-23] (Spigot, Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3568312 2013-12-06] (AVAST Software)
HKLM\...\RunOnce: [20131224] - C:\Program Files\Alwil Software\Avast5\setup\emupdate\7ec99a60-6804-4d81-b457-dc0314d6674f.exe /check [181136 2014-01-29] (AVAST Software)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [451872 2007-06-20] (Hewlett-Packard Company)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [iLivid] - "C:\Users\Max\AppData\Local\iLivid\iLivid.exe" -autorun
MountPoints2: {1ae0b609-3588-11e1-917e-005056c00008} - G:\LaunchU3.exe -a
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
URLSearchHook: HKCU - (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} -  No File
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = hxxp://search.imesh.com/webResults.html?src=ieb&q={searchTerms}
SearchScopes: HKCU - {C828CD46-D32A-4D7E-84C9-7017CB90B3D0} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: No Name - {B922D405-6D13-4A2B-AE89-08A030DA4402} -  No File
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {B7D3E479-CC68-42B5-A338-938ECE35F419} -  No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Winsock: Catalog5 02 C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll [79224] (Juniper Networks)
Winsock: Catalog5 09 C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll [79224] (Juniper Networks)
Winsock: Catalog9 12 C:\Users\Max\Aero-Dienst\vsocklib.dll File Not found ()
Winsock: Catalog9 13 C:\Users\Max\Aero-Dienst\vsocklib.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1

FireFox:
========
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Users\Max\Downloads\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Programme\Programme\adobe reader 10.1\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-2.2 - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com [2014-01-29]
FF Extension: HDvid Codec 3 - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\Extensions\hdvc3@hdvidcodec.com.xpi [2013-06-30]
FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-22]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-11-29]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Google Drive) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-07]
CHR Extension: (YouTube) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-07]
CHR Extension: (Google Search) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-07]
CHR Extension: (GutscheinCodes.de GutscheinFinder) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\didlmjkkjfegblmkekbhgpefajgikncm [2013-06-25]
CHR Extension: (Plus-HD-2.2) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo [2013-11-13]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04]
CHR Extension: (Gmail) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-07]
CHR HKLM\...\Chrome\Extension: [dnllcmllkjofnojidnaknldfehfhehoo] - C:\Program Files\HDvidCodec.com\HDvidCodec10.crx [2013-06-30]

========================== Services (Whitelisted) =================

R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] ()
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-26] (Symantec Corporation)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-12-06] (AVAST Software)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-26] (Symantec Corporation)
R2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R2 TomTomHOMEService; C:\Program Files\TomTomNavi\TomTom HOME 2\TomTomHOMEService.exe [92592 2012-01-23] (TomTom)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [326192 2009-08-14] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [399920 2009-08-14] (VMware, Inc.)
S2 LiveUpdate Notice Ex; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
S3 ufad-ws60; C:\Users\Max\Aero-Dienst\vmware-ufad.exe -d "C:\Users\Max\Aero-Dienst\\" -s ufad-p2v.xml
S2 VMAuthdService; "C:\Users\Max\Aero-Dienst\vmware-authd.exe" [x]

==================== Drivers (Whitelisted) ====================

R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-12-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-12-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2013-12-06] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-12-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-12-06] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-12-06] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [178304 2013-12-06] ()
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32304 2009-08-14] (VMware, Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R1 NEOFLTR_630_14121; C:\Windows\system32\Drivers\NEOFLTR_630_14121.SYS [64480 2009-03-27] (Juniper Networks)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [23216 2009-08-14] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2009-08-14] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [31280 2009-08-14] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26288 2009-08-14] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [857520 2009-08-14] (VMware, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S2 vstor2-ws60; \??\C:\Users\Max\Aero-Dienst\vstor2-ws60.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-29 09:35 - 2014-01-29 09:36 - 00016526 _____ C:\Users\Max\Downloads\FRST.txt
2014-01-29 09:35 - 2014-01-29 09:35 - 00000000 ____D C:\FRST
2014-01-29 09:34 - 2014-01-29 09:35 - 01137152 _____ (Farbar) C:\Users\Max\Downloads\FRST.exe
2014-01-29 09:34 - 2014-01-29 09:34 - 02079744 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2014-01-28 22:36 - 2014-01-28 22:36 - 00091252 _____ C:\Users\Max\Desktop\log.xml
2014-01-28 21:58 - 2014-01-28 21:58 - 00000993 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-01-28 21:58 - 2014-01-28 21:58 - 00000000 ____D C:\Users\Max\AppData\Roaming\Nico Mak Computing
2014-01-28 21:58 - 2014-01-28 21:58 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2014-01-28 21:58 - 2014-01-28 21:58 - 00000000 ____D C:\Program Files\WinZip Malware Protector
2014-01-28 21:58 - 2013-03-15 17:01 - 00016384 _____ C:\Windows\system32\wsusnative32.exe
2014-01-28 21:57 - 2014-01-28 21:57 - 04892480 _____ (WinZip International LLC                                    ) C:\Users\Max\Downloads\wzmp_8.exe
2014-01-27 21:37 - 2014-01-27 21:37 - 00143824 _____ C:\Windows\Minidump\Mini012714-01.dmp
2014-01-25 16:21 - 2014-01-25 16:21 - 00143824 _____ C:\Windows\Minidump\Mini012514-02.dmp
2014-01-25 15:22 - 2014-01-25 15:22 - 00143824 _____ C:\Windows\Minidump\Mini012514-01.dmp
2014-01-22 16:37 - 2014-01-22 16:42 - 00000000 ____D C:\Users\Max\Desktop\Tennisverein
2014-01-22 15:29 - 2014-01-22 15:29 - 00143824 _____ C:\Windows\Minidump\Mini012214-01.dmp
2014-01-20 11:48 - 2014-01-20 11:48 - 00143824 _____ C:\Windows\Minidump\Mini012014-01.dmp
2014-01-17 12:46 - 2014-01-17 12:46 - 00143824 _____ C:\Windows\Minidump\Mini011714-02.dmp
2014-01-17 12:17 - 2014-01-17 12:17 - 00143824 _____ C:\Windows\Minidump\Mini011714-01.dmp
2014-01-13 16:36 - 2014-01-13 16:36 - 00143824 _____ C:\Windows\Minidump\Mini011314-01.dmp
2014-01-09 18:42 - 2014-01-09 18:42 - 00143824 _____ C:\Windows\Minidump\Mini010914-01.dmp
2014-01-03 20:28 - 2014-01-03 20:28 - 00143824 _____ C:\Windows\Minidump\Mini010314-01.dmp

==================== One Month Modified Files and Folders =======

2014-01-29 09:36 - 2014-01-29 09:35 - 00016526 _____ C:\Users\Max\Downloads\FRST.txt
2014-01-29 09:35 - 2014-01-29 09:35 - 00000000 ____D C:\FRST
2014-01-29 09:35 - 2014-01-29 09:34 - 01137152 _____ (Farbar) C:\Users\Max\Downloads\FRST.exe
2014-01-29 09:34 - 2014-01-29 09:34 - 02079744 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2014-01-29 09:09 - 2008-05-06 20:36 - 02030601 _____ C:\Windows\WindowsUpdate.log
2014-01-29 09:05 - 2009-09-08 19:40 - 00000000 ____D C:\ProgramData\VMware
2014-01-29 09:04 - 2013-11-13 16:39 - 00001878 _____ C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job
2014-01-29 09:04 - 2013-11-13 16:39 - 00001802 _____ C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
2014-01-29 09:04 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-29 09:04 - 2006-11-02 13:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-29 09:04 - 2006-11-02 13:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-29 09:03 - 2008-07-23 16:29 - 00094954 _____ C:\Windows\PFRO.log
2014-01-28 23:09 - 2007-04-18 09:33 - 00000012 _____ C:\Windows\bthservsdp.dat
2014-01-28 23:09 - 2006-11-02 14:01 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-28 22:59 - 2012-12-15 21:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-28 22:43 - 2009-09-21 10:20 - 00000000 ____D C:\Users\Max\Tennis
2014-01-28 22:36 - 2014-01-28 22:36 - 00091252 _____ C:\Users\Max\Desktop\log.xml
2014-01-28 21:58 - 2014-01-28 21:58 - 00000993 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-01-28 21:58 - 2014-01-28 21:58 - 00000000 ____D C:\Users\Max\AppData\Roaming\Nico Mak Computing
2014-01-28 21:58 - 2014-01-28 21:58 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2014-01-28 21:58 - 2014-01-28 21:58 - 00000000 ____D C:\Program Files\WinZip Malware Protector
2014-01-28 21:57 - 2014-01-28 21:57 - 04892480 _____ (WinZip International LLC                                    ) C:\Users\Max\Downloads\wzmp_8.exe
2014-01-28 21:12 - 2008-07-23 15:36 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2014-01-27 21:37 - 2014-01-27 21:37 - 00143824 _____ C:\Windows\Minidump\Mini012714-01.dmp
2014-01-27 21:37 - 2013-11-13 16:28 - 265538409 _____ C:\Windows\MEMORY.DMP
2014-01-27 21:37 - 2009-01-03 10:53 - 00000000 ____D C:\Windows\Minidump
2014-01-25 17:22 - 2012-06-26 18:53 - 00000000 ____D C:\Users\Max\AppData\Roaming\Dropbox
2014-01-25 17:12 - 2012-06-26 19:01 - 00000000 ___RD C:\Users\Max\Dropbox
2014-01-25 16:21 - 2014-01-25 16:21 - 00143824 _____ C:\Windows\Minidump\Mini012514-02.dmp
2014-01-25 15:22 - 2014-01-25 15:22 - 00143824 _____ C:\Windows\Minidump\Mini012514-01.dmp
2014-01-22 16:42 - 2014-01-22 16:37 - 00000000 ____D C:\Users\Max\Desktop\Tennisverein
2014-01-22 15:29 - 2014-01-22 15:29 - 00143824 _____ C:\Windows\Minidump\Mini012214-01.dmp
2014-01-22 14:14 - 2006-11-02 11:33 - 01453664 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-20 11:48 - 2014-01-20 11:48 - 00143824 _____ C:\Windows\Minidump\Mini012014-01.dmp
2014-01-20 11:46 - 2011-11-19 10:21 - 00000000 ____D C:\Users\Max\AppData\Roaming\vlc
2014-01-20 11:43 - 2013-11-29 17:07 - 00000000 ____D C:\Users\Max\AppData\Roaming\HpUpdate
2014-01-20 11:43 - 2013-07-17 17:57 - 00000000 ____D C:\Windows\system32\MRT
2014-01-20 11:43 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-17 12:46 - 2014-01-17 12:46 - 00143824 _____ C:\Windows\Minidump\Mini011714-02.dmp
2014-01-17 12:17 - 2014-01-17 12:17 - 00143824 _____ C:\Windows\Minidump\Mini011714-01.dmp
2014-01-13 16:36 - 2014-01-13 16:36 - 00143824 _____ C:\Windows\Minidump\Mini011314-01.dmp
2014-01-09 18:42 - 2014-01-09 18:42 - 00143824 _____ C:\Windows\Minidump\Mini010914-01.dmp
2014-01-03 20:28 - 2014-01-03 20:28 - 00143824 _____ C:\Windows\Minidump\Mini010314-01.dmp

Files to move or delete:
====================
C:\Users\Max\dotNetFx35setup.exe


Some content of TEMP:
====================
C:\Users\Max\AppData\Local\Temp\IMsetup.exe
C:\Users\Max\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Max\AppData\Local\Temp\Setup(1).exe
C:\Users\Max\AppData\Local\Temp\SweetIMSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 09:11

==================== End Of Log ============================
         

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code: Alles auswählenAufklappen

ATTFilter

Combofix Logfile:

	
Code: 

Alles auswählenAufklappen 
ATTFilter

  
	
ComboFix 14-02-01.01 - Max 01.02.2014  17:01:57.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3062.1327 [GMT 1:00]
ausgeführt von:: c:\users\Max\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\MySearch
c:\program files\MySearch\bar\1.bin\NPMYSRCH.DLL
c:\program files\MySearch\bar\1.bin\S4BAR.DLL
c:\program files\MySearch\bar\1.bin\S4FFXTBR.JAR
c:\program files\MySearch\bar\1.bin\S4FFXTBR.MANIFEST
c:\program files\MySearch\bar\1.bin\S4NTSTBR.JAR
c:\program files\MySearch\bar\1.bin\S4NTSTBR.MANIFEST
c:\program files\MySearch\bar\1.bin\S4PLUGIN.DLL
c:\program files\MySearch\bar\Cache\0013C293
c:\program files\MySearch\bar\Cache\0013C522
c:\program files\MySearch\bar\Cache\0013C65A.bmp
c:\program files\MySearch\bar\Cache\0013C7A2.bmp
c:\program files\MySearch\bar\Cache\files.ini
c:\program files\MySearch\bar\History\search2
c:\program files\MySearch\bar\Settings\prevcfg2.htm
c:\program files\SearchProtect
c:\program files\SearchProtect\EULA.txt
c:\program files\SearchProtect\Main\bin\CltMngSvc.exe
c:\program files\SearchProtect\Main\bin\SPTool.dll
c:\program files\SearchProtect\Main\bin\SPtool.dll_1391265659300
c:\program files\SearchProtect\Main\bin\uninstall.exe
c:\program files\SearchProtect\Main\rep\SystemRepository.dat
c:\program files\SearchProtect\SearchProtect\bin\cltmng.exe
c:\program files\SearchProtect\SearchProtect\bin\SPTool64.exe
c:\program files\SearchProtect\SearchProtect\bin\SPVC32.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC64.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
c:\program files\SearchProtect\UI\bin\cltmngui.exe
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.css
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.html
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.js
c:\program files\SearchProtect\UI\dialogs\bubble\defaults.js
c:\program files\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files\SearchProtect\UI\dialogs\Images\bg.png
c:\program files\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\hez.png
c:\program files\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files\SearchProtect\UI\dialogs\Images\v.png
c:\program files\SearchProtect\UI\dialogs\Images\x.png
c:\program files\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files\SearchProtect\UI\dialogs\libs\main.js
c:\program files\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files\SearchProtect\UI\dialogs\protection\protection.css
c:\program files\SearchProtect\UI\dialogs\protection\protection.html
c:\program files\SearchProtect\UI\dialogs\protection\protection.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files\SearchProtect\UI\dialogs\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files\SearchProtect\UI\dialogs\settings\settings.css
c:\program files\SearchProtect\UI\dialogs\settings\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\settings.js
c:\program files\SearchProtect\UI\dialogs\style.css
c:\program files\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\background.html
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\crossriderManifest.json
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\manifest.xml
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins.json
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\1_base.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\101_cortica_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\102_dealply_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\103_intext_5_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\105_corticas_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\108_icm_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\116_ads_only_5_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\119_similar_web_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\120_luck_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\125_arcadi2_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\129_widdit_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\135_arcadi3_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\138_getdeal_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\142_intext_fa_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\17_jQuery.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\170_icm1_5_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\175_coolmirage_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\21_debug.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\22_resources.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\28_initializer.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\47_resources_background.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\64_appApiMessage.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\7_hooks.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\72_appApiValidation.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\92_superfish_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\userCode\background.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\extensionData\userCode\extension.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\icons\actions\1.png
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\icons\icon128.png
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\icons\icon16.png
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\icons\icon48.png
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\api\chrome.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\api\cookie.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\api\message.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\api\pageAction.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\api\pageActionBG.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\background.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\lib\app_api.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\lib\bg_app_api.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\lib\consts.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\lib\cookie_store.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\lib\crossriderAPI.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\lib\delegate.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\lib\events.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\lib\extensionDataStore.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\lib\installer.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\lib\logFile.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\lib\logging.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\lib\onBGDocumentLoad.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\lib\popupResource\newPopup.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\lib\popupResource\popup.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\lib\reports.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\lib\storageWrapper.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\lib\updateManager.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\lib\util.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\lib\xhr.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\js\main.js
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\manifest.json
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.89_0\popup.html
c:\users\Max\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome.manifest
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\api.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\api\asyncDB.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\api\background.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\api\browserAction.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\api\contextMenu.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\api\dbManager.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\api\dom_bg.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\api\fileManager.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\api\firefox.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\api\firefoxNotifications.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\api\firefoxOmnibox.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\api\message.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\api\pageAction.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\api\request.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\api\tabs.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\api\webRequest.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\api\windowsMessagingHandler.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\background.html
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\baseObject.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\browser.xul
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\addressBarChangeObserver.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\console.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\consts.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\delegate.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\extensionDataStore.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\folderIOWrapper.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\httpObserver.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\IDBWrapper.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\installer.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\logFile.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\prefs.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\progressListenerObserver.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\registry.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\reloadObserver.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\reports.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\requestObject.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\searchSettings.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\uninstallObserver.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\updateManager.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\utils.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core\xhr.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\dialog.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\ffCoreFilesIndex.txt
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\main.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\options.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\options.xul
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\platformVersion.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\search_dialog.xul
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\defaults\preferences\prefs.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\manifest.xml
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins.json
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\1_base.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\102_dealply_m.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\103_intext_5_m.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\105_corticas_m.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\108_icm_m.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\119_similar_web_m.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\123_intext_adv_m.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\17_jQuery.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\180_bpo_serp_m.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\182_openUrl.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\184_noproblemppc_m.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\189_active_sanity.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\191_ciuvo_m.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\195_icm_convertmedia_m.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\207_dbWrapper.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\208_gam_manager.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\21_debug.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\22_resources.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\28_initializer.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\47_resources_background.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\64_appApiMessage.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\7_hooks.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\72_appApiValidation.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\98_omniCommands.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\userCode\background.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\userCode\extension.js
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\install.rdf
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\locale\en-US\translations.dtd
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\skin\button1.png
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\skin\button2.png
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\skin\button3.png
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\skin\button4.png
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\skin\button5.png
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\skin\crossrider_statusbar.png
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\skin\icon128.png
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\skin\icon16.png
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\skin\icon24.png
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\skin\icon48.png
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\skin\panelarrow-up.png
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\skin\popup.html
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\skin\skin.css
c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\skin\update.css
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-01-01 bis 2014-02-01  ))))))))))))))))))))))))))))))
.
.
2014-02-01 16:30 . 2014-02-01 16:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-02-01 14:38 . 2014-02-01 14:39	--------	d-----w-	c:\users\Max\AppData\Local\SearchProtect
2014-02-01 14:37 . 2014-02-01 14:38	--------	d-----w-	c:\users\Max\AppData\Local\DownloadGuide
2014-02-01 14:32 . 2013-12-04 02:57	7760024	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B3657D41-C29D-4E9D-8EA4-52C8320B240C}\mpengine.dll
2014-01-29 08:35 . 2014-01-29 08:37	--------	d-----w-	C:\FRST
2014-01-28 20:58 . 2014-01-28 20:58	--------	d-----w-	c:\users\Max\AppData\Roaming\Nico Mak Computing
2014-01-28 20:58 . 2014-01-28 20:58	--------	d-----w-	c:\programdata\Nico Mak Computing
2014-01-28 20:58 . 2014-01-28 20:58	--------	d-----w-	c:\program files\WinZip Malware Protector
2014-01-28 20:58 . 2013-03-15 16:01	16384	----a-w-	c:\windows\system32\wsusnative32.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-01 16:32 . 2008-07-23 14:36	45056	----a-w-	c:\windows\system32\acovcnt.exe
2013-12-18 05:13 . 2012-07-22 20:44	231584	------w-	c:\windows\system32\MpSigStub.exe
2013-12-11 17:00 . 2012-12-15 20:52	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-12-11 17:00 . 2011-07-11 08:06	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-06 16:07 . 2013-03-05 08:29	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-12-06 16:07 . 2013-03-05 08:29	178304	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-12-06 16:07 . 2011-05-22 08:03	774392	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-12-06 16:07 . 2010-06-07 13:53	57672	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-12-06 16:07 . 2010-06-07 13:53	54832	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2013-12-06 16:07 . 2010-06-07 13:53	403440	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-12-06 16:07 . 2010-06-07 13:53	35656	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-12-06 16:07 . 2010-06-07 13:53	70384	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-12-06 16:07 . 2010-07-06 08:39	43152	----a-w-	c:\windows\avastSS.scr
2013-12-06 16:07 . 2010-06-07 13:53	269216	----a-w-	c:\windows\system32\aswBoot.exe
2013-11-14 22:50 . 2013-12-13 16:25	1806848	----a-w-	c:\windows\system32\jscript9.dll
2013-11-14 22:42 . 2013-12-13 16:25	1129472	----a-w-	c:\windows\system32\wininet.dll
2013-11-14 22:42 . 2013-12-13 16:25	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2013-11-14 22:38 . 2013-12-13 16:25	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2013-11-14 22:38 . 2013-12-13 16:25	420864	----a-w-	c:\windows\system32\vbscript.dll
2013-11-14 22:35 . 2013-12-13 16:25	2382848	----a-w-	c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-06 16:07	321752	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-12 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2013-12-06 3568312]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-02-23 1297728]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2013-12-06 3568312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57	153136	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-02-06 14:01	413696	----a-w-	c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 15:38	583048	----a-w-	c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-01-23 04:43	247728	----a-w-	c:\program files\TomTomNavi\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-15 17:00]
.
2014-02-01 c:\windows\Tasks\Plus-HD-2.2-chromeinstaller.job
- c:\program files\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe [2013-11-13 15:39]
.
2014-02-01 c:\windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
- c:\program files\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe [2013-11-13 15:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPF367472C-B6AF-4230-804C-0440BFE5F6E9&SSPV=
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~3\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.82.1
FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\
FF - prefs.js: browser.search.selectedEngine - Conduit Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPF367472C-B6AF-4230-804C-0440BFE5F6E9&SSPV=
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-iLivid - c:\users\Max\AppData\Local\iLivid\iLivid.exe
HKLM-Run-VMware hqtray - c:\users\Max\Aero-Dienst\hqtray.exe
HKU-Default-Run-Nokia.PCSync - c:\users\Max\Nokia PC Suite 6\PcSync2.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-iTunesHelper - c:\users\Max\Downloads\iTunesHelper.exe
AddRemove-Air Command 3.0 (Demo) - c:\users\max\desktop\wohnung\spiel\Uninst.isu
AddRemove-CD Audio MP3 Converter - c:\progra~3\CDAUDI~1\UNWISE.EXE
AddRemove-SBATC Sim SDK_is1 - c:\users\Max\Fluglotsen\ATC Sim\SBATC SDK\unins000.exe
AddRemove-SearchProtect - c:\progra~1\SearchProtect\Main\bin\uninstall.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4000)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\WinZip Malware Protector\WinZipMalwareProtector.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\PDF Architect\HelperService.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\PDF Architect\ConversionService.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\TomTomNavi\TomTom HOME 2\TomTomHOMEService.exe
c:\windows\system32\vmnat.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-02-01  17:41:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-02-01 16:40
.
Vor Suchlauf: 10 Verzeichnis(se), 16.930.320.384 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 18.394.681.344 Bytes frei
.
- - End Of File - - 29C4916BC38AB4A9D03E94CF8597B1BF
         
 
--- --- ---
64B1E91C5C6C2157642651010728F90F
         

hallo schrauber,

super anleitung von dir.
hoffe das war jetzt etwas besser zu entschlüsseln.

Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.02.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Max :: MAX-PC [Administrator]

Schutz: Aktiviert

02.02.2014 18:56:07
mbam-log-2014-02-02 (18-56-07).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 210947
Laufzeit: 8 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 8
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Plus-HD-2.2 (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\dnllcmllkjofnojidnaknldfehfhehoo (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.ConduitSearchProtect) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.2 (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B7D3E479-CC68-42B5-A338-938ECE35F419} (Adware.Softomate) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{B7D3E479-CC68-42B5-A338-938ECE35F419} (Adware.Softomate) -> Daten: yäÓ·h̵B£8“ŽÎ5ô -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: 49799130234705951588775982869220687880 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: 49799130234705951588775982869220687880 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bösartig: (hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPF367472C-B6AF-4230-804C-0440BFE5F6E9&SSPV=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 5
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\AppData\Roaming\OpenCandy\B924F5D7B75941ECA6876FBB917EAC86 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Plus-HD-2.2 (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\hdvidcodec.com (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 33
C:\Users\Max\Downloads\pso-fgx264(1).exe (PUP.Optional.OneClickDownloader.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\Downloads\pso-fgx264.exe (PUP.Optional.OneClickDownloader.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\Downloads\Setup(1).exe (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\Downloads\setup.exe (PUP.Optional.AirInstaller) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\Downloads\iLividSetup-r1073-n-bf.exe (PUP.Optional.Bandoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\AppData\Local\DownloadGuide\SPIdentifier.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\AppData\Local\DownloadGuide\Offers\Lollipop.exe (Adware.Linkular) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\AppData\Local\DownloadGuide\Offers\sp-downloader.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\HDVidCodec.lnk (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\Uninstall.lnk (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\AppData\Roaming\OpenCandy\B924F5D7B75941ECA6876FBB917EAC86\5682.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\AppData\Roaming\OpenCandy\B924F5D7B75941ECA6876FBB917EAC86\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\AppData\Roaming\OpenCandy\B924F5D7B75941ECA6876FBB917EAC86\GutscheinCodes.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\AppData\Roaming\OpenCandy\B924F5D7B75941ECA6876FBB917EAC86\OCBrowserHelper_1.0.6.124.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Plus-HD-2.2\33036.crx (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Plus-HD-2.2\33036.xpi (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-helper.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Plus-HD-2.2\Uninstall.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Plus-HD-2.2\utils.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\hdvidcodec.com\b.bmp (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\hdvidcodec.com\finish.bmp (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\hdvidcodec.com\FinishHDVID.exe (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\hdvidcodec.com\HDVidCodec.exe (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\hdvidcodec.com\HDvidCodec10.crx (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\hdvidcodec.com\HDvidCodecIE.exe (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\hdvidcodec.com\hdvidextsetup.exe (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\hdvidcodec.com\hdvid_temp.bmp (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\hdvidcodec.com\uninst.exe (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

AdwCleaner Logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v3.018 - Bericht erstellt am 02/02/2014 um 19:31:56
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Max - MAX-PC
# Gestartet von : C:\Users\Max\Downloads\adwcleaner(1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\FreeRIP
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\Common Files\spigot
Ordner Gelöscht : C:\Users\Max\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Max\AppData\Local\Searchprotect
Ordner Gelöscht : C:\Users\Max\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Max\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Max\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\didlmjkkjfegblmkekbhgpefajgikncm
Ordner Gelöscht : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\searchplugins\conduit-search.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Imesh
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Plus-HD-2.2
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE7785D6-045F-44FB-A1E4-3FA555874415}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BE7785D6-045F-44FB-A1E4-3FA555874415}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iMesh MediaBar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-2.2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16526

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SPF367472C-B6AF-4230-804C-0440BFE5F6E9");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Conduit Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Conduit Search");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPF367472C-B6AF-4230-804C-0440BFE5F6E9&SSPV=");
Zeile gelöscht : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//static.ciuvo.com/media[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1425245a60cf0a93d066bc821df29a0f");
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

*************************

AdwCleaner[R0].txt - [6681 octets] - [02/02/2014 19:25:42]
AdwCleaner[S0].txt - [6488 octets] - [02/02/2014 19:31:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6548 octets] ##########
         

--- --- ---

[/CODE]

JRT Logfile:

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Max on 02.02.2014 at 19:43:51,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\caphyon



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Max\appdata\local\hdvid codec v1"



~~~ FireFox

Successfully deleted: [File] C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\lg2ec9qq.default\extensions\hdvc3@hdvidcodec.com.xpi
Successfully deleted: [Folder] C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\lg2ec9qq.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
Emptied folder: C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\lg2ec9qq.default\minidumps [27 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.02.2014 at 19:48:41,73
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

--- --- ---

[/CODE]


FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2014
Ran by Max (administrator) on MAX-PC on 02-02-2014 19:51:28
Running from C:\Users\Max\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(Nico Mak Computing) C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Program Files\ATK Hotkey\MsgTranAgt.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(TomTom) C:\Program Files\TomTomNavi\TomTom HOME 2\TomTomHOMEService.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
() C:\Program Files\ATK Hotkey\WDC.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ATKOSD2] - C:\Program Files\ATKOSD2\ATKOSD2.exe [7737344 2007-10-18] ()
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-10-31] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-10-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [630784 2006-11-22] (Motorola Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-03-01] (Synaptics, Inc.)
HKLM\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3568312 2013-12-06] (AVAST Software)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3568312 2013-12-06] (AVAST Software)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [451872 2007-06-20] (Hewlett-Packard Company)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {C828CD46-D32A-4D7E-84C9-7017CB90B3D0} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Winsock: Catalog5 02 C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll [79224] (Juniper Networks)
Winsock: Catalog5 09 C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll [79224] (Juniper Networks)
Tcpip\Parameters: [DhcpNameServer] 192.168.82.1

FireFox:
========
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default
FF SearchEngineOrder.1: Google
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Users\Max\Downloads\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Programme\Programme\adobe reader 10.1\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\lg2ec9qq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-22]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-11-29]

========================== Services (Whitelisted) =================

R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] ()
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-26] (Symantec Corporation)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-12-06] (AVAST Software)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-26] (Symantec Corporation)
R2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R2 TomTomHOMEService; C:\Program Files\TomTomNavi\TomTom HOME 2\TomTomHOMEService.exe [92592 2012-01-23] (TomTom)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [326192 2009-08-14] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [399920 2009-08-14] (VMware, Inc.)
S2 LiveUpdate Notice Ex; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
S3 ufad-ws60; C:\Users\Max\Aero-Dienst\vmware-ufad.exe -d "C:\Users\Max\Aero-Dienst\\" -s ufad-p2v.xml
S2 VMAuthdService; "C:\Users\Max\Aero-Dienst\vmware-authd.exe" [x]

==================== Drivers (Whitelisted) ====================

R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-12-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-12-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2013-12-06] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-12-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-12-06] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-12-06] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [178304 2013-12-06] ()
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32304 2009-08-14] (VMware, Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R1 NEOFLTR_630_14121; C:\Windows\system32\Drivers\NEOFLTR_630_14121.SYS [64480 2009-03-27] (Juniper Networks)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [23216 2009-08-14] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2009-08-14] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [31280 2009-08-14] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26288 2009-08-14] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [857520 2009-08-14] (VMware, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S2 vstor2-ws60; \??\C:\Users\Max\Aero-Dienst\vstor2-ws60.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-02 19:48 - 2014-02-02 19:48 - 00001267 _____ C:\Users\Max\Desktop\JRT.txt
2014-02-02 19:40 - 2014-02-02 19:40 - 00000000 ____D C:\Windows\ERUNT
2014-02-02 19:39 - 2014-02-02 19:39 - 01037068 _____ (Thisisu) C:\Users\Max\Downloads\JRT.exe
2014-02-02 19:24 - 2014-02-02 19:24 - 01166132 _____ C:\Users\Max\Downloads\adwcleaner(1).exe
2014-02-02 19:16 - 2014-02-02 19:32 - 00000000 ____D C:\AdwCleaner
2014-02-02 19:16 - 2014-02-02 19:16 - 01166132 _____ C:\Users\Max\Downloads\adwcleaner.exe
2014-02-02 18:54 - 2014-02-02 18:54 - 00000913 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-02 18:54 - 2014-02-02 18:54 - 00000000 ____D C:\Users\Max\AppData\Roaming\Malwarebytes
2014-02-02 18:54 - 2014-02-02 18:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-02-02 18:54 - 2014-02-02 18:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-02-02 18:54 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-02 18:53 - 2014-02-02 18:53 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Max\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-01 17:41 - 2014-02-01 17:41 - 00053580 _____ C:\ComboFix.txt
2014-02-01 16:59 - 2014-02-01 17:46 - 00000000 ____D C:\Qoobox
2014-02-01 16:59 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-02-01 16:59 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-02-01 16:59 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-01 16:59 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-01 16:59 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-01 16:59 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-02-01 16:59 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-02-01 16:59 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-02-01 15:56 - 2014-02-01 15:56 - 00143824 _____ C:\Windows\Minidump\Mini020114-01.dmp
2014-02-01 15:55 - 2014-02-01 17:39 - 00000000 ____D C:\Windows\erdnt
2014-02-01 15:54 - 2014-02-01 15:54 - 05179159 ____R (Swearware) C:\Users\Max\Downloads\ComboFix.exe
2014-02-01 15:37 - 2014-02-01 15:37 - 00684776 _____ C:\Users\Max\Downloads\AdwCleaner_Setup_Download.exe
2014-01-29 10:05 - 2014-02-02 19:49 - 00000000 ____D C:\Users\Max\Desktop\Virus
2014-01-29 09:36 - 2014-01-29 09:37 - 00029273 _____ C:\Users\Max\Downloads\Addition.txt
2014-01-29 09:35 - 2014-02-02 19:51 - 00013103 _____ C:\Users\Max\Downloads\FRST.txt
2014-01-29 09:35 - 2014-02-02 19:51 - 00000000 ____D C:\FRST
2014-01-29 09:34 - 2014-01-29 09:35 - 01137152 _____ (Farbar) C:\Users\Max\Downloads\FRST.exe
2014-01-29 09:34 - 2014-01-29 09:34 - 02079744 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2014-01-28 21:58 - 2014-01-28 21:58 - 00000993 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-01-28 21:58 - 2014-01-28 21:58 - 00000000 ____D C:\Users\Max\AppData\Roaming\Nico Mak Computing
2014-01-28 21:58 - 2014-01-28 21:58 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2014-01-28 21:58 - 2014-01-28 21:58 - 00000000 ____D C:\Program Files\WinZip Malware Protector
2014-01-28 21:58 - 2013-03-15 17:01 - 00016384 _____ C:\Windows\system32\wsusnative32.exe
2014-01-28 21:57 - 2014-01-28 21:57 - 04892480 _____ (WinZip International LLC                                    ) C:\Users\Max\Downloads\wzmp_8.exe
2014-01-27 21:37 - 2014-01-27 21:37 - 00143824 _____ C:\Windows\Minidump\Mini012714-01.dmp
2014-01-25 16:21 - 2014-01-25 16:21 - 00143824 _____ C:\Windows\Minidump\Mini012514-02.dmp
2014-01-25 15:22 - 2014-01-25 15:22 - 00143824 _____ C:\Windows\Minidump\Mini012514-01.dmp
2014-01-22 16:37 - 2014-01-22 16:42 - 00000000 ____D C:\Users\Max\Desktop\Tennisverein
2014-01-22 15:29 - 2014-01-22 15:29 - 00143824 _____ C:\Windows\Minidump\Mini012214-01.dmp
2014-01-20 11:48 - 2014-01-20 11:48 - 00143824 _____ C:\Windows\Minidump\Mini012014-01.dmp
2014-01-17 12:46 - 2014-01-17 12:46 - 00143824 _____ C:\Windows\Minidump\Mini011714-02.dmp
2014-01-17 12:17 - 2014-01-17 12:17 - 00143824 _____ C:\Windows\Minidump\Mini011714-01.dmp
2014-01-13 16:36 - 2014-01-13 16:36 - 00143824 _____ C:\Windows\Minidump\Mini011314-01.dmp
2014-01-09 18:42 - 2014-01-09 18:42 - 00143824 _____ C:\Windows\Minidump\Mini010914-01.dmp
2014-01-03 20:28 - 2014-01-03 20:28 - 00143824 _____ C:\Windows\Minidump\Mini010314-01.dmp

==================== One Month Modified Files and Folders =======

2014-02-02 19:51 - 2014-01-29 09:35 - 00013103 _____ C:\Users\Max\Downloads\FRST.txt
2014-02-02 19:51 - 2014-01-29 09:35 - 00000000 ____D C:\FRST
2014-02-02 19:49 - 2014-01-29 10:05 - 00000000 ____D C:\Users\Max\Desktop\Virus
2014-02-02 19:48 - 2014-02-02 19:48 - 00001267 _____ C:\Users\Max\Desktop\JRT.txt
2014-02-02 19:45 - 2008-05-06 20:36 - 01121803 _____ C:\Windows\WindowsUpdate.log
2014-02-02 19:42 - 2009-09-08 19:40 - 00000000 ____D C:\ProgramData\VMware
2014-02-02 19:42 - 2008-07-23 15:36 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2014-02-02 19:42 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-02-02 19:42 - 2006-11-02 13:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-02 19:42 - 2006-11-02 13:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-02 19:41 - 2007-04-18 09:33 - 00000012 _____ C:\Windows\bthservsdp.dat
2014-02-02 19:41 - 2006-11-02 14:01 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-02 19:40 - 2014-02-02 19:40 - 00000000 ____D C:\Windows\ERUNT
2014-02-02 19:39 - 2014-02-02 19:39 - 01037068 _____ (Thisisu) C:\Users\Max\Downloads\JRT.exe
2014-02-02 19:32 - 2014-02-02 19:16 - 00000000 ____D C:\AdwCleaner
2014-02-02 19:31 - 2009-11-29 15:28 - 00000000 ____D C:\ProgramData\ICQ
2014-02-02 19:24 - 2014-02-02 19:24 - 01166132 _____ C:\Users\Max\Downloads\adwcleaner(1).exe
2014-02-02 19:17 - 2008-07-23 16:29 - 00105090 _____ C:\Windows\PFRO.log
2014-02-02 19:17 - 2007-04-18 10:26 - 00000000 ____D C:\Windows\Panther
2014-02-02 19:16 - 2014-02-02 19:16 - 01166132 _____ C:\Users\Max\Downloads\adwcleaner.exe
2014-02-02 18:59 - 2012-12-15 21:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-02 18:54 - 2014-02-02 18:54 - 00000913 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-02 18:54 - 2014-02-02 18:54 - 00000000 ____D C:\Users\Max\AppData\Roaming\Malwarebytes
2014-02-02 18:54 - 2014-02-02 18:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-02-02 18:54 - 2014-02-02 18:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-02-02 18:53 - 2014-02-02 18:53 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Max\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-01 17:46 - 2014-02-01 16:59 - 00000000 ____D C:\Qoobox
2014-02-01 17:41 - 2014-02-01 17:41 - 00053580 _____ C:\ComboFix.txt
2014-02-01 17:41 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2014-02-01 17:39 - 2014-02-01 15:55 - 00000000 ____D C:\Windows\erdnt
2014-02-01 17:33 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini
2014-02-01 15:56 - 2014-02-01 15:56 - 00143824 _____ C:\Windows\Minidump\Mini020114-01.dmp
2014-02-01 15:56 - 2013-11-13 16:28 - 288918505 _____ C:\Windows\MEMORY.DMP
2014-02-01 15:56 - 2009-01-03 10:53 - 00000000 ____D C:\Windows\Minidump
2014-02-01 15:54 - 2014-02-01 15:54 - 05179159 ____R (Swearware) C:\Users\Max\Downloads\ComboFix.exe
2014-02-01 15:37 - 2014-02-01 15:37 - 00684776 _____ C:\Users\Max\Downloads\AdwCleaner_Setup_Download.exe
2014-01-29 09:37 - 2014-01-29 09:36 - 00029273 _____ C:\Users\Max\Downloads\Addition.txt
2014-01-29 09:35 - 2014-01-29 09:34 - 01137152 _____ (Farbar) C:\Users\Max\Downloads\FRST.exe
2014-01-29 09:34 - 2014-01-29 09:34 - 02079744 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2014-01-28 22:43 - 2009-09-21 10:20 - 00000000 ____D C:\Users\Max\Tennis
2014-01-28 21:58 - 2014-01-28 21:58 - 00000993 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-01-28 21:58 - 2014-01-28 21:58 - 00000000 ____D C:\Users\Max\AppData\Roaming\Nico Mak Computing
2014-01-28 21:58 - 2014-01-28 21:58 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2014-01-28 21:58 - 2014-01-28 21:58 - 00000000 ____D C:\Program Files\WinZip Malware Protector
2014-01-28 21:57 - 2014-01-28 21:57 - 04892480 _____ (WinZip International LLC                                    ) C:\Users\Max\Downloads\wzmp_8.exe
2014-01-27 21:37 - 2014-01-27 21:37 - 00143824 _____ C:\Windows\Minidump\Mini012714-01.dmp
2014-01-25 17:22 - 2012-06-26 18:53 - 00000000 ____D C:\Users\Max\AppData\Roaming\Dropbox
2014-01-25 17:12 - 2012-06-26 19:01 - 00000000 ___RD C:\Users\Max\Dropbox
2014-01-25 16:21 - 2014-01-25 16:21 - 00143824 _____ C:\Windows\Minidump\Mini012514-02.dmp
2014-01-25 15:22 - 2014-01-25 15:22 - 00143824 _____ C:\Windows\Minidump\Mini012514-01.dmp
2014-01-22 16:42 - 2014-01-22 16:37 - 00000000 ____D C:\Users\Max\Desktop\Tennisverein
2014-01-22 15:29 - 2014-01-22 15:29 - 00143824 _____ C:\Windows\Minidump\Mini012214-01.dmp
2014-01-22 14:14 - 2006-11-02 11:33 - 01453664 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-20 11:48 - 2014-01-20 11:48 - 00143824 _____ C:\Windows\Minidump\Mini012014-01.dmp
2014-01-20 11:46 - 2011-11-19 10:21 - 00000000 ____D C:\Users\Max\AppData\Roaming\vlc
2014-01-20 11:43 - 2013-11-29 17:07 - 00000000 ____D C:\Users\Max\AppData\Roaming\HpUpdate
2014-01-20 11:43 - 2013-07-17 17:57 - 00000000 ____D C:\Windows\system32\MRT
2014-01-20 11:43 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-17 12:46 - 2014-01-17 12:46 - 00143824 _____ C:\Windows\Minidump\Mini011714-02.dmp
2014-01-17 12:17 - 2014-01-17 12:17 - 00143824 _____ C:\Windows\Minidump\Mini011714-01.dmp
2014-01-13 16:36 - 2014-01-13 16:36 - 00143824 _____ C:\Windows\Minidump\Mini011314-01.dmp
2014-01-09 18:42 - 2014-01-09 18:42 - 00143824 _____ C:\Windows\Minidump\Mini010914-01.dmp
2014-01-03 20:28 - 2014-01-03 20:28 - 00143824 _____ C:\Windows\Minidump\Mini010314-01.dmp

Files to move or delete:
====================
C:\Users\Max\dotNetFx35setup.exe


Some content of TEMP:
====================
C:\Users\Max\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-02 19:48

==================== End Of Log ============================
         

--- --- ---

--- --- ---

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?