Superfish, Firefox öffnet ein zweites Mal, Browser langsam Hallo zusammen!
Ich habe folgendes Problem. Irgendwo habe ich mir Malware eingefangen und werde sie nicht los. Adwarecleaner hat nichts gefunden. Ein zusatzlich installiertes Programm habe ich auch nicht entdeckt. Kurz lese ich immer wieder superfisch in der Statuszeile. Firefox öffnet immer mit ein zweites Mal mit irgendeiner Seite zum Spielen. Bei Webseiten, die nicht den ganzen Bildschirm füllen, habe ich links und rechts Einblendungen, die ich nicht haben will. Der Browser ist langsam. Kann mir jemand weiterhelfen.
Die Logdateien sehen wie folgt aus:
frst.exe
Code:
Alles auswählen Aufklappen ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-03-2014
Ran by Gerhard (administrator) on ASTERIX on 01-03-2014 23:00:46
Running from C:\Users\Gerhard\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard Company) C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Dropbox, Inc.) C:\Users\Gerhard\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6265376 2008-08-06] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3764024 2013-12-24] (AVAST Software)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [HPUsageTrackingLEDM] - C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-10-15] (Hewlett-Packard Company)
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3702119738-4214834906-2091399523-1000\...\Run: [iLivid] - "C:\Users\Gerhard\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\S-1-5-21-3702119738-4214834906-2091399523-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKU\S-1-5-21-3702119738-4214834906-2091399523-1000\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3702119738-4214834906-2091399523-1000\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\S-1-5-21-3702119738-4214834906-2091399523-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3702119738-4214834906-2091399523-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
Startup: C:\Users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Gerhard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION
GroupPolicyUsers\S-1-5-21-3702119738-4214834906-2091399523-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3702119738-4214834906-2091399523-1003\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=575&systemid=406&v=a10733-171&apn_uid=8860195133994219&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=575&systemid=406&v=a10733-171&apn_uid=8860195133994219&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá�*X(Ž2s��(ÛÎÀJºÔÓµ± �vË°!×—(ä¼48и�patm6êo�^Mp`�Ëõ÷_i£w˜¾!„Áû�†x¢8€ÙjÀÿþ*´Ñ;áa´�[¦†8*º~RÙxœòÜ8'£-)�x*ä* URL =
BHO: Plus-HD-8.1 - {11111111-1111-1111-1111-110511111108} - C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-bho.dll ()
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426
FF user.js: detected! => C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426\user.js
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Bing
FF Homepage: https://www.google.at/
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=575&systemid=406&v=n10249-171&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=8860195133994219&o=APN10645&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @palmsource.com/installer,version=1.0 - C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF Plugin: @virtools.com/3DviaPlayer - C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Gerhard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-8.1 - C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426\Extensions\8ef36653-7dcd-4c5f-81f5-7870fda4b7b7@67e486b0-922d-4a2d-9e3f-77394107f67c.com [2014-02-16]
FF Extension: SearchNewTab - C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426\Extensions\ft_igtmimv@iyuaab-eoa.co.uk [2013-11-19]
FF Extension: DownloadHelper - C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-12-01]
FF Extension: New tab - C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426\Extensions\{F70FEED1-28F5-E091-0FBD-87574B341B90} [2013-12-18]
FF Extension: Firebug - C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426\Extensions\firebug@software.joehewitt.com.xpi [2013-10-02]
FF Extension: MP4 Downloader - C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426\Extensions\mp4downloader@jeff.net.xpi [2013-11-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012-06-14]
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-12-24] (AVAST Software)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP)
S4 AMOptimalDiskService; C:\Program Files\Common Files\OptimalSuite Common\AMDSrv.exe [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe" [X]
S4 SpeedBoosterSvc; C:\Program Files\Common Files\OptimalSuite Common\BoostService.exe [X]
==================== Drivers (Whitelisted) ====================
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-03-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-11-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-03-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-03-01] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-03-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2013-12-24] ()
R1 BIOS; C:\Windows\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group)
S3 Cardex; C:\Windows\system32\drivers\TBPANEL.SYS [12256 2007-03-16] (Windows (R) 2000 DDK provider)
R3 Edspport; C:\Windows\System32\DRIVERS\es56tpi.sys [450892 2001-10-19] (Creative Labs,Inc.)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2009-12-22] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 mbmiodrvr; C:\Windows\system32\mbmiodrvr.sys [2944 2004-04-10] (cansoft@livewiredev.com)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
S3 TBPanel; C:\Windows\system32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Gerhard\AppData\Local\Temp\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-01 23:00 - 2014-03-01 23:00 - 00000000 ____D () C:\Users\Gerhard\Downloads\FRST-OlderVersion
2014-03-01 22:58 - 2014-03-01 22:58 - 00050477 _____ () C:\Users\Gerhard\Downloads\Defogger.exe
2014-03-01 22:58 - 2014-03-01 22:58 - 00000450 _____ () C:\Users\Gerhard\Downloads\defogger_disable.log
2014-03-01 22:58 - 2014-03-01 22:58 - 00000000 _____ () C:\Users\Gerhard\defogger_reenable
2014-03-01 22:46 - 2014-03-01 22:46 - 01244192 _____ () C:\Users\Gerhard\Downloads\adwcleaner_3.0.2.0.exe
2014-03-01 20:54 - 2014-03-01 20:55 - 00032962 _____ () C:\Users\Gerhard\Desktop\FRST.txt
2014-03-01 19:52 - 2014-03-01 19:52 - 00283256 _____ (Mozilla) C:\Users\Gerhard\Downloads\Firefox Setup Stub 27.0.1.exe
2014-03-01 19:41 - 2014-03-01 19:41 - 00017389 _____ () C:\Users\Gerhard\.recently-used.xbel
2014-02-19 11:42 - 2014-02-19 11:43 - 17277693 _____ () C:\Users\Gerhard\Downloads\IMG_0739.MOV
2014-02-18 21:13 - 2014-02-18 21:13 - 00000000 ____D () C:\Program Files\VideoLAN
2014-02-17 18:49 - 2014-02-17 18:49 - 00001196 _____ () C:\Users\Gerhard\Desktop\Any Video Converter.lnk
2014-02-17 18:49 - 2014-02-17 18:49 - 00000000 ____D () C:\Users\Gerhard\Documents\Any Video Converter
2014-02-17 18:49 - 2014-02-17 18:49 - 00000000 ____D () C:\Users\Gerhard\AppData\Roaming\AnvSoft
2014-02-17 18:49 - 2014-02-17 18:49 - 00000000 ____D () C:\Program Files\AnvSoft
2014-02-17 18:46 - 2014-02-17 18:48 - 29016168 _____ (Any-Video-Converter.com ) C:\Users\Gerhard\Downloads\any-video-converter-free555.exe
2014-02-16 21:21 - 2014-03-01 22:41 - 00002306 _____ () C:\Windows\Tasks\Plus-HD-8.1-firefoxinstaller.job
2014-02-16 21:21 - 2014-03-01 22:41 - 00001500 _____ () C:\Windows\Tasks\Plus-HD-8.1-updater.job
2014-02-16 21:21 - 2014-03-01 22:41 - 00001456 _____ () C:\Windows\Tasks\Plus-HD-8.1-codedownloader.job
2014-02-16 21:21 - 2014-03-01 22:41 - 00001354 _____ () C:\Windows\Tasks\Plus-HD-8.1-enabler.job
2014-02-16 21:21 - 2014-03-01 22:35 - 00000000 ____D () C:\Program Files\Plus-HD-8.1
2014-02-16 21:21 - 2014-02-16 21:32 - 00000000 ____D () C:\FFOutput
2014-02-16 21:20 - 2014-02-16 21:20 - 00001195 _____ () C:\Users\Gerhard\Desktop\Format Factory.lnk
2014-02-16 21:20 - 2014-02-16 21:20 - 00000000 ____D () C:\Users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-02-16 21:20 - 2014-02-16 21:20 - 00000000 ____D () C:\Program Files\FreeTime
2014-02-16 21:12 - 2014-02-16 21:14 - 50693449 _____ () C:\Users\Gerhard\Desktop\FFSetupNoDVD3-1-1.exe
2014-02-16 21:11 - 2014-02-16 21:11 - 00401760 _____ () C:\Users\Gerhard\Downloads\SoftonicDownloader_fuer_format-factory.exe
2014-02-16 20:53 - 2014-02-16 20:55 - 28093562 _____ () C:\Users\Gerhard\Downloads\internet-video-converter_18319.exe
2014-02-13 07:24 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 07:24 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 07:24 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 07:24 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 07:24 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 07:24 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 07:24 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 07:24 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 07:24 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 07:24 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 07:24 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 07:24 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 07:24 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 07:24 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 07:24 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 07:24 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 07:24 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 07:24 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 07:24 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 07:24 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 07:24 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 07:18 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 07:03 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 07:03 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 07:03 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 07:03 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 07:03 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 07:03 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 07:03 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 07:03 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 07:03 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 07:03 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 07:03 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 07:03 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 07:03 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 07:03 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 18:39 - 2014-02-12 18:39 - 00211392 _____ () C:\Users\Gerhard\Downloads\zusammenfassende_Bsp_Bezugskalk.zip
2014-02-11 20:46 - 2014-02-11 20:50 - 01197568 _____ () C:\Users\Gerhard\Desktop\Lehrinhalte_WKW.ppt
2014-02-09 06:27 - 2014-02-09 06:27 - 01064960 _____ () C:\Users\Gerhard\Desktop\Folien.ppt
2014-02-08 09:32 - 2014-02-08 09:32 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\OpenOffice.org
==================== One Month Modified Files and Folders =======
2014-03-01 23:00 - 2014-03-01 23:00 - 00000000 ____D () C:\Users\Gerhard\Downloads\FRST-OlderVersion
2014-03-01 23:00 - 2013-12-27 17:55 - 01144320 _____ (Farbar) C:\Users\Gerhard\Downloads\FRST.exe
2014-03-01 23:00 - 2013-12-27 17:55 - 00015330 _____ () C:\Users\Gerhard\Downloads\FRST.txt
2014-03-01 23:00 - 2013-12-27 17:55 - 00000000 ____D () C:\FRST
2014-03-01 22:58 - 2014-03-01 22:58 - 00050477 _____ () C:\Users\Gerhard\Downloads\Defogger.exe
2014-03-01 22:58 - 2014-03-01 22:58 - 00000450 _____ () C:\Users\Gerhard\Downloads\defogger_disable.log
2014-03-01 22:58 - 2014-03-01 22:58 - 00000000 _____ () C:\Users\Gerhard\defogger_reenable
2014-03-01 22:58 - 2010-01-31 19:50 - 00000000 ____D () C:\Users\Gerhard
2014-03-01 22:56 - 2013-09-11 17:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-01 22:56 - 2013-09-11 17:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-01 22:56 - 2013-09-11 17:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-01 22:47 - 2013-09-11 07:15 - 00000000 ____D () C:\AdwCleaner
2014-03-01 22:46 - 2014-03-01 22:46 - 01244192 _____ () C:\Users\Gerhard\Downloads\adwcleaner_3.0.2.0.exe
2014-03-01 22:44 - 2010-02-01 13:56 - 00002093 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-01 22:44 - 2010-01-31 19:58 - 01708925 _____ () C:\Windows\WindowsUpdate.log
2014-03-01 22:43 - 2013-12-24 14:57 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-03-01 22:43 - 2012-10-29 15:46 - 00000000 ____D () C:\Users\Gerhard\AppData\Roaming\Dropbox
2014-03-01 22:43 - 2012-06-14 06:12 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-01 22:43 - 2011-02-03 20:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-01 22:43 - 2010-02-01 13:56 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-01 22:43 - 2010-02-01 13:56 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-01 22:43 - 2010-02-01 13:55 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-01 22:43 - 2010-01-31 19:49 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-01 22:43 - 2010-01-31 19:49 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-01 22:42 - 2012-10-29 16:03 - 00000000 ___RD () C:\Users\Gerhard\Dropbox
2014-03-01 22:41 - 2014-02-16 21:21 - 00002306 _____ () C:\Windows\Tasks\Plus-HD-8.1-firefoxinstaller.job
2014-03-01 22:41 - 2014-02-16 21:21 - 00001500 _____ () C:\Windows\Tasks\Plus-HD-8.1-updater.job
2014-03-01 22:41 - 2014-02-16 21:21 - 00001456 _____ () C:\Windows\Tasks\Plus-HD-8.1-codedownloader.job
2014-03-01 22:41 - 2014-02-16 21:21 - 00001354 _____ () C:\Windows\Tasks\Plus-HD-8.1-enabler.job
2014-03-01 22:36 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-01 22:35 - 2014-02-16 21:21 - 00000000 ____D () C:\Program Files\Plus-HD-8.1
2014-03-01 22:35 - 2013-09-11 10:12 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-01 22:35 - 2013-09-09 14:43 - 14059560 _____ () C:\Windows\setupact.log
2014-03-01 22:35 - 2012-09-26 12:55 - 00000000 ____D () C:\Program Files\Landwirtschafts Simulator 2011
2014-03-01 22:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-03-01 22:34 - 2013-11-19 19:52 - 00000000 ____D () C:\Users\Gerhard\AppData\Roaming\vlc
2014-03-01 22:34 - 2013-10-02 13:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-01 22:34 - 2013-02-07 07:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-01 22:34 - 2012-04-29 15:32 - 00000000 ____D () C:\Program Files\MyFree Codec
2014-03-01 22:34 - 2012-02-13 20:18 - 00000000 ____D () C:\ProgramData\NCH Software
2014-03-01 22:34 - 2012-02-13 20:17 - 00000000 ____D () C:\Program Files\NCH Software
2014-03-01 22:34 - 2012-01-24 18:16 - 00000000 ____D () C:\Users\Gerhard\AppData\Roaming\DVDVideoSoft
2014-03-01 22:34 - 2010-06-15 08:18 - 00000000 ____D () C:\Users\Gerhard\AppData\Roaming\gtk-2.0
2014-03-01 22:34 - 2010-02-11 17:48 - 00000000 ____D () C:\Users\Sandra
2014-03-01 22:34 - 2010-02-01 19:20 - 00000000 ____D () C:\Users\Christoph
2014-03-01 22:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-01 22:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-03-01 22:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-03-01 22:31 - 2013-01-27 09:00 - 00000000 ____D () C:\Users\Gerhard\AppData\Local\Mozilla
2014-03-01 22:31 - 2010-11-17 19:46 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-03-01 20:55 - 2014-03-01 20:54 - 00032962 _____ () C:\Users\Gerhard\Desktop\FRST.txt
2014-03-01 19:52 - 2014-03-01 19:52 - 00283256 _____ (Mozilla) C:\Users\Gerhard\Downloads\Firefox Setup Stub 27.0.1.exe
2014-03-01 19:44 - 2010-06-15 08:12 - 00000000 ____D () C:\Users\Gerhard\.gimp-2.6
2014-03-01 19:41 - 2014-03-01 19:41 - 00017389 _____ () C:\Users\Gerhard\.recently-used.xbel
2014-03-01 19:37 - 2011-02-28 11:45 - 00000000 ____D () C:\Users\Gerhard\Desktop\für Schulwebseite
2014-02-19 11:43 - 2014-02-19 11:42 - 17277693 _____ () C:\Users\Gerhard\Downloads\IMG_0739.MOV
2014-02-18 21:13 - 2014-02-18 21:13 - 00000000 ____D () C:\Program Files\VideoLAN
2014-02-17 20:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-17 18:49 - 2014-02-17 18:49 - 00001196 _____ () C:\Users\Gerhard\Desktop\Any Video Converter.lnk
2014-02-17 18:49 - 2014-02-17 18:49 - 00000000 ____D () C:\Users\Gerhard\Documents\Any Video Converter
2014-02-17 18:49 - 2014-02-17 18:49 - 00000000 ____D () C:\Users\Gerhard\AppData\Roaming\AnvSoft
2014-02-17 18:49 - 2014-02-17 18:49 - 00000000 ____D () C:\Program Files\AnvSoft
2014-02-17 18:48 - 2014-02-17 18:46 - 29016168 _____ (Any-Video-Converter.com ) C:\Users\Gerhard\Downloads\any-video-converter-free555.exe
2014-02-16 21:32 - 2014-02-16 21:21 - 00000000 ____D () C:\FFOutput
2014-02-16 21:20 - 2014-02-16 21:20 - 00001195 _____ () C:\Users\Gerhard\Desktop\Format Factory.lnk
2014-02-16 21:20 - 2014-02-16 21:20 - 00000000 ____D () C:\Users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-02-16 21:20 - 2014-02-16 21:20 - 00000000 ____D () C:\Program Files\FreeTime
2014-02-16 21:15 - 2010-01-31 20:05 - 01507342 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-16 21:14 - 2014-02-16 21:12 - 50693449 _____ () C:\Users\Gerhard\Desktop\FFSetupNoDVD3-1-1.exe
2014-02-16 21:12 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-02-16 21:11 - 2014-02-16 21:11 - 00401760 _____ () C:\Users\Gerhard\Downloads\SoftonicDownloader_fuer_format-factory.exe
2014-02-16 20:55 - 2014-02-16 20:53 - 28093562 _____ () C:\Users\Gerhard\Downloads\internet-video-converter_18319.exe
2014-02-16 19:09 - 2013-02-24 18:59 - 00000000 ____D () C:\Users\Gerhard\Documents\Eigene Scans
2014-02-13 07:22 - 2013-08-01 13:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-13 07:20 - 2011-12-30 08:41 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-13 07:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-12 18:39 - 2014-02-12 18:39 - 00211392 _____ () C:\Users\Gerhard\Downloads\zusammenfassende_Bsp_Bezugskalk.zip
2014-02-11 20:50 - 2014-02-11 20:46 - 01197568 _____ () C:\Users\Gerhard\Desktop\Lehrinhalte_WKW.ppt
2014-02-09 15:27 - 2013-01-02 13:54 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\.minecraft
2014-02-09 06:27 - 2014-02-09 06:27 - 01064960 _____ () C:\Users\Gerhard\Desktop\Folien.ppt
2014-02-08 09:32 - 2014-02-08 09:32 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\OpenOffice.org
2014-02-06 11:38 - 2014-02-13 07:24 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 11:20 - 2014-02-13 07:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 11:19 - 2014-02-13 07:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 11:01 - 2014-02-13 07:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 11:00 - 2014-02-13 07:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 07:24 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 10:52 - 2014-02-13 07:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 07:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 10:49 - 2014-02-13 07:24 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 10:47 - 2014-02-13 07:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 10:47 - 2014-02-13 07:24 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 10:46 - 2014-02-13 07:24 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 10:34 - 2014-02-13 07:24 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 10:25 - 2014-02-13 07:24 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 10:25 - 2014-02-13 07:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 10:13 - 2014-02-13 07:24 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 07:24 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 07:24 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 09:41 - 2014-02-13 07:24 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 09:36 - 2014-02-13 07:24 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:34 - 2014-02-13 07:24 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
Files to move or delete:
====================
C:\ProgramData\qjaxlkio.dss
C:\Users\Gerhard\FRST.exe
C:\Users\Gerhard\nitro_pdf_professional6_de.exe
C:\Users\Public\[freeware.de]Core-Temp-setup.exe
Some content of TEMP:
====================
C:\Users\Gerhard\AppData\Local\Temp\7z920.exe
C:\Users\Gerhard\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Gerhard\AppData\Local\Temp\bi_cleaner.exe
C:\Users\Gerhard\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Gerhard\AppData\Local\Temp\plus-hd-8-1.exe
C:\Users\Gerhard\AppData\Local\Temp\SIntf16.dll
C:\Users\Gerhard\AppData\Local\Temp\SIntf32.dll
C:\Users\Gerhard\AppData\Local\Temp\SIntfNT.dll
C:\Users\Sandra\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Sandra\AppData\Local\Temp\i4jdel0.exe
C:\Users\Sandra\AppData\Local\Temp\SIntf16.dll
C:\Users\Sandra\AppData\Local\Temp\SIntf32.dll
C:\Users\Sandra\AppData\Local\Temp\SIntfNT.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-01 12:48
==================== End Of Log ============================
addition.txt
Code:
Alles auswählen Aufklappen ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-03-2014
Ran by Gerhard at 2014-03-01 23:02:27
Running from C:\Users\Gerhard\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
3DVIA player 5.0.0.20 (HKLM\...\{F06365EC-061E-48C3-B761-E1816658D618}) (Version: 5.0.20 - 3DVIA)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Any Video Converter 5.5.5 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assistant 5.05.013 (HKLM\...\Assistant) (Version: 5.5.13.0 - Medion)
Audacity 1.3.14 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2013 - Avast Software)
Brick-Force (HKLM\...\Brick-Force) (Version: - Infernum Productions AG)
CeeBot4 (HKLM\...\CEEBOT4) (Version: - )
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
CuteFTP 8 Home (HKLM\...\{949DBB22-2FB7-4de1-804C-23D495A988D8}) (Version: 8.3.3 - GlobalSCAPE)
Demo RepertoriX 2009 Plus (HKLM\...\Demo RepertoriX 2009 Plus) (Version: - )
DemoAugen (HKLM\...\{BF601748-2CD3-401E-93A9-4A831E0B8C49}) (Version: 2013.0 - )
DER HOBBIT (HKLM\...\InstallShield_{023FFB0A-C5DB-4930-B3E4-D48266C21738}) (Version: 1.00.000 - Sierra)
Der Hobbit (Version: 1.00.000 - Sierra) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die Rache der Sumpfhühner SE (HKLM\...\Die Rache der Sumpfhühner SE) (Version: - )
Download Manager (HKLM\...\{9FF889B0-2F9A-495d-9C65-9F0710310A82DM}) (Version: 2, 0, 0, 210 - Software.com)
DriveImage XML (Private Edition) (HKLM\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.30 - Runtime Software)
Driver Detective (HKLM\...\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}) (Version: 8.0.1 - PC Drivers HeadQuarters)
Driving Speed 2.0 (HKLM\...\Driving Speed 2_is1) (Version: - WheelSpin Studios)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
e-törn 1.0 (HKLM\...\e-törn) (Version: 1.0 - UpperImage - Agentur für Neue Medien)
FileZilla Client 3.3.1 (HKLM\...\FileZilla Client) (Version: 3.3.1 - )
FormatFactory 3.1.1 (HKLM\...\FormatFactory) (Version: 3.1.1 - Free Time)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
GanttProject (HKLM\...\GanttProject) (Version: - )
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version: - )
HappyFoto-Designer 2.7 (HKLM\...\HappyFoto-Designer_is1) (Version: - )
Harry Potter und die Heiligtümer des Todes(TM) - Teil 2 (HKLM\...\{F0C9E8E9-C54B-48C1-9192-F5D49633AB5D}) (Version: 1.0.0.0 - Electronic Arts)
HOFER Bestellsoftware 4.9.6 (HKLM\...\HOFER Bestellsoftware) (Version: 4.9.6 - ORWO Net)
HotPotatoes v 6.3.0.4 (HKLM\...\hotpot_is1) (Version: - HalfBaked)
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version: - )
HP OrderReminder (HKLM\...\HP OrderReminder) (Version: 2.1 - )
hppLaserJetService (Version: 001.003.000145 - Hewlett-Packard) Hidden
hppM1130M1210SeriesLaserJetService (Version: 001.003.00073 - Hewlett-Packard) Hidden
hppusgM1130M1210Series (Version: 1.0.0.2 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Image Resizer Powertoy Clone for Windows (HKLM\...\{C38D079C-950D-4F18-BF7B-CE58DE86D3BD}) (Version: 2.1.1 - Brice Lambson)
Iminent (Version: 6.35.31.0 - Iminent) Hidden <==== ATTENTION
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Landwirtschafts Simulator 2011 (HKLM\...\FarmingSimulator2011_PLATINUMDE_is1) (Version: 1.0 - GIANTS Software)
LaserJet 1018 (HKLM\...\HP-LaserJet 1018) (Version: - )
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MORE! 2 DVD-ROM (HKLM\...\MORE! 2 DVD-ROM) (Version: V1.0 - Helbling Languages)
Motherboard Monitor 5 (HKLM\...\Motherboard Monitor 5_is1) (Version: 5 - Alexander van Kaam)
Motherboard Monitor 5 Languages (HKLM\...\Motherboard Monitor 5.3.7.0 Languages_is1) (Version: 5 - Alexander van Kaam)
Movies Toolbar for Firefox (Dist. by Somoto Ltd.) (HKLM\...\somotomoviestoolbar1FF) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION
Mozilla Firefox 26.0 (x86 de) (HKLM\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
NVIDIA 3D Vision Controller Driver (Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 280.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 280.19 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Oblivion (HKLM\...\{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}) (Version: 1.2.0416 - Bethesda Softworks)
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Outlook Backup Assistant 5 (Testversion) (HKLM\...\812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1) (Version: 5.0 - Priotecs IT GmbH)
Pacific Hawk 1.0 (HKLM\...\Pacific Hawk) (Version: 1.0 - Team6 game studios)
Palm Desktop by ACCESS (HKLM\...\{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}) (Version: 6.4.0.0 - Ihr Firmenname)
PC Connectivity Solution (HKLM\...\{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}) (Version: 8.47.7.0 - Nokia)
PDF Editor 3 (HKLM\...\PDF Editor 3) (Version: - )
PE Builder 3.1.10a (HKLM\...\PE Builder_is1) (Version: - Bart Lagerweij)
Phase 5 HTML-Editor (HKLM\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Plus-HD-8.1 (HKLM\...\Plus-HD-8.1) (Version: 1.34.1.29 - Plus HD) <==== ATTENTION
Radiopath für Netbooks 1.0 (HKLM\...\Radiopath für Netbooks) (Version: 1.0 - D-ReSearch Privatverlag)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
Ski Challenge 12 (AT) (HKCU\...\sc12-AT_MAIN) (Version: - )
Skype™ 6.0 (HKLM\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
SLOW-PCfighter (Version: 1.2.61 - SPAMfighter ApS) Hidden
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
Toonworks v1.3 (HKLM\...\Toonworks) (Version: - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Vtune 7.21 (HKLM\...\MySSID_is1) (Version: - )
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DE}) (Version: 18.0.10661 - WinZip Computing, S.L. )
XAMPP 1.8.1 (HKLM\...\xampp) (Version: - )
==================== Restore Points =========================
22-09-2013 06:27:14 Removed Skype Toolbars
24-09-2013 11:31:31 Windows Update
26-09-2013 13:05:04 Removed Adobe Reader 9.3.2 - Deutsch.
28-09-2013 10:12:20 Windows Update
01-10-2013 17:18:16 Windows Update
08-10-2013 12:17:18 Windows Update
11-10-2013 05:38:28 Windows Update
11-10-2013 13:06:06 Windows Update
15-10-2013 15:20:22 Windows Update
19-10-2013 07:55:41 Windows Update
22-10-2013 09:26:05 Windows Update
22-10-2013 16:35:05 Removed Scan To
25-10-2013 17:17:04 Windows Update
26-10-2013 04:53:46 Automatic System Cleaner v2.5
26-10-2013 05:27:21 Windows Update
30-10-2013 06:06:34 Windows Update
05-11-2013 06:09:46 Windows Update
06-11-2013 06:27:14 Windows Update
08-11-2013 06:20:30 Windows Update
12-11-2013 14:51:38 Windows Update
14-11-2013 11:38:17 Windows Update
14-11-2013 17:15:29 Windows Update
20-11-2013 05:20:49 Windows Update
23-11-2013 05:37:48 Windows Update
24-11-2013 08:31:28 avast! antivirus system restore point
26-11-2013 06:22:57 Windows Update
29-11-2013 17:53:17 Windows Update
03-12-2013 13:11:04 Windows Update
07-12-2013 06:18:29 Windows Update
08-12-2013 06:39:13 WinZip 18.0 wird installiert
11-12-2013 05:56:55 Windows Update
12-12-2013 20:57:20 Windows Update
17-12-2013 16:28:23 Windows Update
20-12-2013 15:33:15 Installed Samsung Kies
24-12-2013 13:55:42 avast! antivirus system restore point
25-12-2013 06:11:25 Windows Update
01-01-2014 05:36:46 Windows Update
07-01-2014 16:30:25 Windows Update
10-01-2014 16:55:49 Windows Update
14-01-2014 05:58:25 Windows Update
15-01-2014 06:21:44 Windows Update
21-01-2014 16:38:26 Windows Update
28-01-2014 06:02:19 Windows Update
04-02-2014 06:53:46 Geplanter Prüfpunkt
04-02-2014 16:46:37 Windows Update
11-02-2014 14:26:21 Windows Update
13-02-2014 06:17:24 Windows Update
18-02-2014 06:21:45 Windows Update
21-02-2014 15:30:14 Windows Update
25-02-2014 06:20:44 Windows Update
25-02-2014 15:55:40 Windows Update
01-03-2014 05:28:44 Windows Update
01-03-2014 21:27:23 Wiederherstellungsvorgang
01-03-2014 21:36:53 avast! antivirus system restore point
01-03-2014 21:43:09 avast! antivirus system restore point
01-03-2014 21:44:00 Windows Update
==================== Hosts content: ==========================
2006-11-02 11:23 - 2013-09-19 18:18 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {16801CE5-B1AA-49D7-9A63-972FA48C6789} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {46DFE082-F259-4B2D-BFCE-6DAF3777B59C} - System32\Tasks\Plus-HD-8.1-updater => C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-updater.exe [2014-02-16] () <==== ATTENTION
Task: {4BB46668-3F6B-409D-8DB3-94333546E251} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {4D2FA8EF-B929-4F1B-862E-65B3E199DC7D} - System32\Tasks\PCCleaner1ClickMaint => C:\Program Files\Covus Freemium\Free Computer Cleaner\1Click.exe
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {51446F00-5C38-47D5-8FDF-A7AB7857B15F} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-03-01] (AVAST Software)
Task: {6025FA92-F539-4D97-8479-D2D7DA6F08E0} - System32\Tasks\Plus-HD-8.1-codedownloader => C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-codedownloader.exe [2014-02-16] (Plus HD) <==== ATTENTION
Task: {81F03AA6-D95C-43A2-A875-E8AEEAE8EC2B} - System32\Tasks\Freemium1ClickMaint => C:\Users\Gerhard\Downloads\1Click.exe
Task: {C90BE978-C4DE-4DB3-A5BF-0F2DD5ABB4F0} - System32\Tasks\Plus-HD-8.1-firefoxinstaller => C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-firefoxinstaller.exe [2014-02-16] (Plus HD) <==== ATTENTION
Task: {D28DB9DA-0A25-4569-AAAA-CCE71134525C} - System32\Tasks\Plus-HD-8.1-enabler => C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-enabler.exe [2014-02-16] () <==== ATTENTION
Task: {E265B993-C1DD-46DA-9CF3-11098A57748B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-01] (Adobe Systems Incorporated)
Task: {E50E0429-5FAF-4FED-89C4-85E279DB4586} - System32\Tasks\{AB0CFDF8-A5CC-4B3B-85B0-9C45C75BD066} => C:\Program Files\Skype\Phone\Skype.exe [2012-11-09] (Skype Technologies S.A.)
Task: {F652EAA4-D1AB-4E98-B4E7-0937C088A0E6} - System32\Tasks\Advanced System Optimizer => C:\Program Files\Advanced System Optimizer 3\ASO3.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Plus-HD-8.1-codedownloader.job => C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-8.1-enabler.job => C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-8.1-firefoxinstaller.job => C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-8.1-updater.job => C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-updater.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-02-18 07:16 - 2014-02-17 22:49 - 02180608 _____ () C:\Program Files\Alwil Software\Avast5\defs\14021701\algo.dll
2014-03-01 22:39 - 2014-03-01 19:29 - 02186240 _____ () C:\Program Files\Alwil Software\Avast5\defs\14030102\algo.dll
2013-09-03 17:39 - 2012-09-18 14:26 - 00169472 _____ () C:\Windows\System32\zlhp1020.dll
2013-02-16 10:32 - 2012-09-29 13:24 - 00167936 ____N () C:\Windows\System32\HPM1210LM.DLL
2013-09-03 17:40 - 2012-09-18 14:26 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\pphp1020.dll
2013-02-16 10:32 - 2012-09-29 13:24 - 00069632 ____N () C:\Windows\system32\spool\PRTPROCS\W32X86\HPM1210PP.dll
2009-10-15 11:13 - 2009-10-15 11:13 - 00061440 _____ () C:\Program Files\HP\HPLaserJetService\HPTools.dll
2009-10-15 11:13 - 2009-10-15 11:13 - 00964096 _____ () C:\Program Files\HP\HPLaserJetService\LEDMXMLObjects.dll
2012-12-24 06:53 - 2012-12-24 06:53 - 00081920 _____ () C:\Windows\system32\mvusbews.DLL
2010-01-03 22:46 - 2010-01-03 22:46 - 00094208 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2013-11-24 09:33 - 2013-11-24 09:33 - 19336120 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2009-10-15 18:44 - 2009-10-15 18:44 - 00067128 _____ () C:\Program Files\HP\HP UT LEDM\bin\HPTools.dll
2009-10-15 18:44 - 2009-10-15 18:44 - 00075320 _____ () C:\Program Files\HP\HP UT LEDM\bin\HPToolkit.dll
2009-10-15 18:43 - 2009-10-15 18:43 - 00140856 _____ () C:\Program Files\HP\HP UT LEDM\bin\DMBaseObjects.dll
2009-10-15 18:43 - 2009-10-15 18:43 - 00240128 _____ () C:\Program Files\HP\HP UT LEDM\bin\LEDMMapperObjects.dll
2009-10-15 18:44 - 2009-10-15 18:44 - 00969784 _____ () C:\Program Files\HP\HP UT LEDM\bin\LEDMXMLObjects.dll
2014-02-15 07:10 - 2014-02-15 07:10 - 01945088 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\25ed27f5e6d0ec5da303cea46673dc1f\Kies.UI.ni.dll
2014-02-15 07:10 - 2014-02-15 07:10 - 00079360 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\83a2428c1864fdb6663bd4cd02091560\Kies.MVVM.ni.dll
2014-02-15 07:10 - 2014-02-15 07:10 - 00189952 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d65d7332c5c2b7edcf305e54a9d5a3ac\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-02-15 07:11 - 2014-02-15 07:11 - 00362496 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\6f8a0a0a93cda6b767b24c064dfb9d2c\DevicePhoto.ni.dll
2014-02-15 07:11 - 2014-02-15 07:11 - 00296960 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\1811ff55663bebc012a32e336e579c8f\DeviceVideo.ni.dll
2014-02-15 07:11 - 2014-02-15 07:11 - 00612352 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\9d29c778be4a7969f8dd2d6edeed7125\DevicePodcast.ni.dll
2014-02-15 07:11 - 2014-02-15 07:11 - 00307200 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\0e258a54f63222c3ca6e8572dcba6d0c\DummyStorePlugin.ni.dll
2014-02-15 07:11 - 2014-02-15 07:11 - 14972928 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\75d52558f4fa49ea12601d7b2e878d53\Kies.Theme.ni.dll
2014-02-15 07:10 - 2014-02-15 07:10 - 00582144 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c2a047dbbc796fd679db4e7f699b23ef\Kies.Common.DeviceServiceLib.FileService.ni.dll
2014-02-15 07:10 - 2014-02-15 07:10 - 00046592 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\e0f4f08d2e7ce762334d814387531baf\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
2014-02-15 07:10 - 2014-02-15 07:10 - 01002496 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\5cb2a4efb8700613bd8cff573696a543\DeviceCommonLib.ni.dll
2014-02-15 07:10 - 2014-02-15 07:10 - 00232960 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\e4efdbb3089032946ef763a3b815b4c7\ASF_cSharpAPI.ni.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Gerhard\AppData\Roaming\Dropbox\bin\libcef.dll
2013-10-02 13:16 - 2013-12-21 17:33 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-06 06:56 - 2014-02-06 06:56 - 16287624 ____N () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll
2006-10-26 21:30 - 2006-10-26 21:30 - 00065312 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2006-10-27 15:35 - 2006-10-27 15:35 - 00436512 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2006-10-26 13:56 - 2006-10-26 13:56 - 00757008 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2012-01-09 18:01 - 2007-01-31 11:33 - 00032768 _____ () C:\Program Files\Vtune\TBPanelExt.dll
2010-06-16 13:49 - 2002-04-22 02:15 - 00139264 ____N () C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: AMOptimalDiskService => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: dgdersvc => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: SearchAnonymizer => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SpeedBoosterSvc => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk => C:\Windows\pss\HotSync Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Gerhard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Gerhard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Game Alarm.lnk => C:\Windows\pss\Game Alarm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Gerhard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Device Detection => C:\Program Files\HappyFoto-Designer\dd.exe
MSCONFIG\startupreg: EssSpkPhone => essspk.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TBPanel => C:\Program Files\Vtune\TBPanel.exe /A
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/01/2014 10:36:52 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {6129bc6a-c489-4cd6-b3b3-a1d5632bab24}
Error: (03/01/2014 00:48:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.
Error: (02/25/2014 04:42:18 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 27.0.1.5156, Zeitstempel: 0x52fc0fcf
Name des fehlerhaften Moduls: mozalloc.dll, Version: 27.0.1.5156, Zeitstempel: 0x52fbe972
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000119c
ID des fehlerhaften Prozesses: 0x83c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (02/22/2014 04:12:45 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.
Error: (02/19/2014 08:26:29 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.
Error: (02/17/2014 08:03:52 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/17/2014 08:02:13 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.
Error: (02/15/2014 07:56:49 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/15/2014 07:55:24 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.
Error: (02/10/2014 06:55:19 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (03/01/2014 10:42:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (03/01/2014 10:42:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (03/01/2014 10:42:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (03/01/2014 10:42:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (03/01/2014 10:42:03 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
Error: (03/01/2014 10:42:03 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
Error: (03/01/2014 10:41:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (03/01/2014 10:41:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (03/01/2014 10:41:55 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
Error: (03/01/2014 10:27:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Microsoft Office Sessions:
=========================
Error: (12/13/2013 07:22:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 253 seconds with 0 seconds of active time. This session ended with a crash.
Error: (12/12/2013 09:56:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4499 seconds with 300 seconds of active time. This session ended with a crash.
Error: (12/11/2013 01:26:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2486 seconds with 420 seconds of active time. This session ended with a crash.
Error: (08/09/2013 00:52:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17416 seconds with 60 seconds of active time. This session ended with a crash.
Error: (07/08/2013 00:11:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 234 seconds with 60 seconds of active time. This session ended with a crash.
Error: (03/22/2013 10:19:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 906 seconds with 420 seconds of active time. This session ended with a crash.
Error: (03/21/2013 08:45:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 768 seconds with 420 seconds of active time. This session ended with a crash.
Error: (07/10/2012 00:08:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 37 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/10/2012 00:06:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/10/2012 00:06:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 60 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 46%
Total physical RAM: 3583.24 MB
Available physical RAM: 1932.06 MB
Total Pagefile: 7166.48 MB
Available Pagefile: 5317.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.72 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:492.98 GB) (Free:286.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DarstellendeGeom) (CDROM) (Total:0.4 GB) (Free:0 GB) UDF
Drive e: (Fotos) (Fixed) (Total:97.66 GB) (Free:87.39 GB) NTFS
Drive f: (Daten ab 2010) (Fixed) (Total:195.31 GB) (Free:186.1 GB) NTFS
Drive g: (Volume) (Fixed) (Total:145.36 GB) (Free:21.17 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 838EECBD)
Partition 1: (Active) - (Size=493 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=341 GB) - (Type=OF Extended)
==================== End Of Log ============================
gmer.log
Code:
Alles auswählen Aufklappen ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-01 23:26:50
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-6 ST31000520AS rev.CC32 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Gerhard\AppData\Local\Temp\kxddrpow.sys
---- System - GMER 2.1 ----
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x9221DAD0]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x9221E5AE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x9222A5E0]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x9222A62C]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x9222A7C6]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x9222A54E]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwCreateSection [0x922D4386]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x9222A596]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x9221EAE4]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x9221ED00]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x9222A780]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x9221F39C]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x9221DB36]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x92222B32]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x9221D71E]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwMapViewOfSection [0x922D4466]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x9221DB9C]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x92222F28]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x9221FE2C]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x9222A60A]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x9222A64E]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x9222A7EA]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x9222A574]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x9222242C]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x9222A6FE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x9222A5BE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x92222814]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x9222A7A4]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x922D420A]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x9221FCF8]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x9221FA06]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x9221DC02]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x9221DC68]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwSetContextThread [0x922D4562]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x9221D7B8]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x9221D98E]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x9221D91C]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x9221F566]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x9221F6C8]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x9221DA16]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwTerminateProcess [0x922D42D8]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x9221F1F6]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x9221DCCE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x9221E60A]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 8327FA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832B9212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 832C0460 4 Bytes [D0, DA, 21, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 832C04E8 4 Bytes [AE, E5, 21, 92] {SCASB ; IN EAX, 0x21; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 832C053C 8 Bytes [E0, A5, 22, 92, 2C, A6, 22, ...] {LOOPNZ 0xffffffa7; AND DL, [EDX-0x6ddd59d4]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 832C0548 4 Bytes [C6, A7, 22, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 832C0564 4 Bytes [4E, A5, 22, 92]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8347B4DF 4 Bytes CALL 92220513 \??\C:\Windows\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 83495347 4 Bytes CALL 92220529 \??\C:\Windows\system32\drivers\aswSnx.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[112] kernel32.dll!GetBinaryTypeW + 70 768369E4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[480] kernel32.dll!GetBinaryTypeW + 70 768369E4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[540] kernel32.dll!GetBinaryTypeW + 70 768369E4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[548] kernel32.dll!GetBinaryTypeW + 70 768369E4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[596] kernel32.dll!GetBinaryTypeW + 70 768369E4 1 Byte [62]
.text ...
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2708] ntdll.dll!DbgBreakPoint 77914108 1 Byte [C3]
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2708] kernel32.dll!GetBinaryTypeW + 70 768369E4 1 Byte [62]
.text C:\Windows\system32\AUDIODG.EXE[2948] kernel32.dll!GetBinaryTypeW + 70 768369E4 1 Byte [62]
.text C:\Windows\WindowsMobile\wmdc.exe[2964] kernel32.dll!GetBinaryTypeW + 70 768369E4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[3288] kernel32.dll!GetBinaryTypeW + 70 768369E4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3324] kernel32.dll!GetBinaryTypeW + 70 768369E4 1 Byte [62]
.text ...
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???[do??\???? ?????????????????????1????????????????????????? ????????????????b??????.?g?\?????????????????s_n??????????????????????????????????? ?????????????????????,????????\?#?????????? ??OLYMPUS C750UZ USB Device???????????????????????????????? ?????????????????????1??L????????? ??????ver??? ?????????????????????1????????????&????????????????????t???????????u??? ??????????????????? ???????/???????? ???????"?????n???g????????????????????????????????????????????????????}??????????? ?????????????????????7??$?????&?????????shot????&??????1???????e??aswMonFlt Instance?psh??? ?????????????????????7???????????????????????7B-??????????????????320700???????????????F??s0??? ?????????????????????,????????X?$?????????? ???????????????????????????????????????f??? ??????????????0??STORAGE\Volume??65????????????N?????????????????{00000000-0000-0000-0000-000000000000}?2fc????4?????????????????????????????????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App
Reg HKLM\SOFTWARE\Classes\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32@ %SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}
---- EOF - GMER 2.1 ----
Für Hilfe wäre ich sehr dankbar.
MfG
WARNUNG an die MITLESER: 
Linear-Darstellung
