Trojaner-Board - Auswertung mit OldTimer

Hallo Schrauber,

Danke für die schnelle Rückmeldung.
Ich hab unter Computer nachgeguckt und denke die 64er ist die richtige.
Dort steht "64er Betriebssystem".

Ich versuche das heute. Bin am Computer nicht besonders geschickt. Ich denke aber, ich bekomme das hin.

Heute hat Google verlangt, dass ich ein Captcha abtippe, bevor ich googeln konnte. Der Hinweis lautete, von meinem Rechner gingen verdächtige Mails los (oder so).
Ich habe den Rechner nach Viren untersuchen lassen, doch die Virenprogramme haben nichts gefunden.

Schöne Grüße
Clara

Hallo Schrauber,

ich habe die Auswertung vorgenommen und beide Ergenbisse.
Hab mir auch alle FAQ und Hinweise auf eurer Seite durchgelesen. Möchte euch nicht mehr Zeit rauben, als notwendig, darum eine kurze Rückfrage:

Du schreibst: "Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)"

Ich poste also in meinem thread (dem begonnenen)"
Es gibt ja auch noch das Unterforum: "Loganalyse und Auswertung"

Schöne Grüße
Clara

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013

Ran by Percy Tibbles (administrator) on PERCYTIBBLES-PC on 03-12-2013 09:16:42

Running from C:\Users\Percy Tibbles\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(COMPANYVERS_NAME) C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

() C:\Windows\SysWOW64\AsusService.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(COMPANYVERS_NAME) C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

(ASUSTek Computer Inc.) C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE

() C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe

(AsusTek Computer Inc.) C:\Program Files (x86)\ASUS\LiveUpdate\LiveUpdate.exe

() C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(ASUS) C:\Program Files (x86)\ASUS\ASUS Smart Camera\SmartCamera.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\SHE\SuperHybridEngine.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe

(ASUS) C:\Program Files (x86)\ASUS\CapsHook\CapsHook.exe

(AsusTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargeSetting\iSeriesCharge.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(MindSpark) C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hSrchMn.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(VER_COMPANY_NAME) C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbrmon.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(VER_COMPANY_NAME) C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE

(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe

(ECCE TERRAM GmbH, Oldenburg, Germany, hxxp://www.ecce-terram.com) C:\Program Files (x86)\PixelNet Software\PixelNet.exe

(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe

(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe

(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe

(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe

(Farbar) C:\Users\Percy Tibbles\Downloads\FRST64(1).exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-01-23] (Synaptics Incorporated)

HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-21] (Alcor Micro Corp.)

HKLM\...\Run: [LiveUpdate] - C:\Program Files (x86)\ASUS\LiveUpdate\LiveUpdate.exe [1095080 2012-01-05] (AsusTek Computer Inc.)

HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [467120 2011-04-14] (ASUSTek Computer Inc.)

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-20] (Realtek Semiconductor)

HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE [7138816 2012-12-13] (Broadcom Corporation)

HKLM\...\Run: [Allin1Convert Home Page Guard 64 bit] - C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe [548936 2013-11-24] ()

HKLM\...\Run: [VideoDownloadConverter Home Page Guard 64 bit] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe [548936 2013-11-30] ()

HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-10] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HotkeyMon] - C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe [101800 2011-08-08] (ASUSTeK Computer Inc.)

HKLM-x32\...\Run: [HotkeyService] - C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe [1263024 2011-08-08] (ASUSTeK Computer Inc.)

HKLM-x32\...\Run: [SuperHybridEngine] - C:\Program Files (x86)\ASUS\SHE\SuperHybridEngine.exe [425400 2011-12-16] (ASUSTeK Computer Inc.)

HKLM-x32\...\Run: [CapsHook] - C:\Program Files (x86)\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)

HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)

HKLM-x32\...\Run: [ASUS Smart Camera] - C:\Program Files (x86)\ASUS\ASUS Smart Camera\SmartCamera.exe [1883824 2012-02-03] (ASUS)

HKLM-x32\...\Run: [iSeriesCharge] - C:\Program Files (x86)\ASUS\USBChargeSetting\iSeriesCharge.exe [96176 2012-01-17] (AsusTek Computer Inc.)

HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\aprp.exe [3331312 2012-04-09] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [ApnTBMon] - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"

HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [Allin1Convert Search Scope Monitor] - C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hSrchMn.exe [44784 2013-11-24] (MindSpark)

HKLM-x32\...\Run: [Allin1Convert_8h Browser Plugin Loader] - C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbrmon.exe [30096 2013-11-24] (VER_COMPANY_NAME)

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-25] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [VideoDownloadConverter Search Scope Monitor] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe [44784 2013-11-30] (MindSpark)

HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe [30096 2013-11-30] (VER_COMPANY_NAME)

HKU\Default\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [92096 2010-12-13] (AsusTek Computer Inc.)

HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\ASUS\AsusScreensaver\AsusScreensaver.exe [797104 2011-01-27] (AsusTek Computer Inc.)

AppInit_DLLs:   [ ] ()

AppInit_DLLs-x32:   [ ] ()

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=b60e1415-7c77-d679-9b7d-8bdf5fea9143&searchtype=ds&q={searchTerms}&installDate=15/08/2013

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.tb.ask.com/index.jhtml?n=77FD35DB&p2=^AYY^xdm070^YYA^de&ptb=2FB13124-9428-43D2-8CEC-EC2C8AB3F750&si=flvrunner

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1385063937&from=tugs&uid=ST9320325AS_6VDERSDMXXXX6VDERSDM

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=b60e1415-7c77-d679-9b7d-8bdf5fea9143&searchtype=ds&q={searchTerms}&installDate=15/08/2013

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1385063937&from=tugs&uid=ST9320325AS_6VDERSDMXXXX6VDERSDM&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1385063937&from=tugs&uid=ST9320325AS_6VDERSDMXXXX6VDERSDM

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1385063937&from=tugs&uid=ST9320325AS_6VDERSDMXXXX6VDERSDM

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1385063937&from=tugs&uid=ST9320325AS_6VDERSDMXXXX6VDERSDM&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1385063937&from=tugs&uid=ST9320325AS_6VDERSDMXXXX6VDERSDM&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1385063937&from=tugs&uid=ST9320325AS_6VDERSDMXXXX6VDERSDM

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1385063937&from=tugs&uid=ST9320325AS_6VDERSDMXXXX6VDERSDM

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1385063937&from=tugs&uid=ST9320325AS_6VDERSDMXXXX6VDERSDM&q={searchTerms}

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://do-search.com/?type=sc&ts=1385063937&from=tugs&uid=ST9320325AS_6VDERSDMXXXX6VDERSDM

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1385063937&from=tugs&uid=ST9320325AS_6VDERSDMXXXX6VDERSDM&q={searchTerms}

SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1385063937&from=tugs&uid=ST9320325AS_6VDERSDMXXXX6VDERSDM&q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1385063937&from=tugs&uid=ST9320325AS_6VDERSDMXXXX6VDERSDM&q={searchTerms}

SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=AT&userid=b60e1415-7c77-d679-9b7d-8bdf5fea9143&searchtype=ds&q={searchTerms}&installDate=15/08/2013

SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1385063937&from=tugs&uid=ST9320325AS_6VDERSDMXXXX6VDERSDM&q={searchTerms}

SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=b60e1415-7c77-d679-9b7d-8bdf5fea9143&searchtype=ds&q={searchTerms}&installDate=15/08/2013

SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=b60e1415-7c77-d679-9b7d-8bdf5fea9143&searchtype=ds&q={searchTerms}&installDate=15/08/2013

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear

BHO: Plus-HD-1.3 - {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho64.dll (Plus HD)

BHO: Feven 1.5 - {11111111-1111-1111-1111-110311851132} - C:\Program Files (x86)\Feven 1.5\Feven 1.5-bho64.dll (Feven)

BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" No File

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Plus-HD-1.3 - {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho.dll (Plus HD)

BHO-x32: Feven 1.5 - {11111111-1111-1111-1111-110311851132} - C:\Program Files (x86)\Feven 1.5\Feven 1.5-bho.dll (Feven)

BHO-x32: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)

BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Search Assistant BHO - {a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} - C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll (MindSpark)

BHO-x32: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (MindSpark)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Toolbar BHO - {fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} - C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbar.dll (MindSpark)

Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" No File

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File

Toolbar: HKLM-x32 - Allin1Convert - {cd1a63ba-a08c-431b-9a34-f240aadc728d} - C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbar.dll (MindSpark)

Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default

FF NewTab: hxxp://do-search.com/newtab/?type=nt&ts=1385063937&from=tugs&uid=ST9320325AS_6VDERSDMXXXX6VDERSDM

FF DefaultSearchEngine: Ask Web Search

FF SearchEngineOrder.1: Ask Search

FF SelectedSearchEngine: Ask Web Search

FF Homepage: hxxp://home.tb.ask.com/index.jhtml?ptb=273B559C-CF24-4030-8746-35CC2C6FB2DE&n=77fdaabc&p2=^HJ^xdm382^YYA^de&si=pconverter

FF Keyword.URL: hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=273B559C-CF24-4030-8746-35CC2C6FB2DE&n=77fdaabc&ind=2013113020&p2=^HJ^xdm382^YYA^de&si=pconverter&searchfor=

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()

FF Plugin-x32: @Allin1Convert_8h.com/Plugin - C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\NP8hStub.dll (MindSpark)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)

FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll (Mindspark)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\searchplugins\ask-web-search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\do-search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: VideoDownloadConverter - C:\Users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\Extensions\4zffxtbr-bs@VideoDownloadConverter_4z.com

FF Extension: VideoDownloadConverter - C:\Users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com

FF Extension: Plus-HD-1.3 - C:\Users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\Extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com

FF Extension: vis - C:\Users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM

FF Extension: Snap.Do  - C:\Users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\Extensions\{b60e1415-7c77-d679-9b7d-8bdf5fea9143}

FF HKCU\...\Firefox\Extensions: [Lyrics@LyricsContainer.co] - C:\Program Files (x86)\LyricsContainer\128.xpi

FF Extension: No Name - C:\Program Files (x86)\LyricsContainer\128.xpi

FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://do-search.com/?type=sc&ts=1385063937&from=tugs&uid=ST9320325AS_6VDERSDMXXXX6VDERSDM
 

==================== Services (Whitelisted) =================
 

R2 Allin1Convert_8hService; C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe [44752 2013-11-24] (COMPANYVERS_NAME)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-11-10] (Advanced Micro Devices, Inc.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-11-25] (Avira Operations GmbH & Co. KG)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)

R2 AsusService; C:\windows\SysWOW64\AsusService.exe [224680 2011-08-08] ()

S3 DCDhcpService; C:\Program Files\WiSharing\DCDhcpService.exe [108544 2011-09-16] (Atheros Communication Inc.)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

R2 VideoDownloadConverter_4zService; C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe [44752 2013-11-30] (COMPANYVERS_NAME)

R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE [48128 2012-12-13] (Broadcom Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R0 AiDriver; C:\Windows\System32\DRIVERS\AiDriver.sys [14464 2010-05-20] (ASUSTek Computer Inc.)

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2011-02-09] ()

R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK WMIACPI\epcwmiacpi64.sys [17536 2011-09-07] (ASUS)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-25] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-25] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [83160 2013-11-25] (Avira Operations GmbH & Co. KG)

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8213992 2011-11-22] (Realtek Semiconductor Corp.)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-12-03 09:16 - 2013-12-03 09:17 - 00023224 _____ C:\Users\Percy Tibbles\Downloads\FRST.txt

2013-12-03 09:15 - 2013-12-03 09:15 - 00000000 ____D C:\FRST

2013-12-03 09:14 - 2013-12-03 09:14 - 01959434 _____ (Farbar) C:\Users\Percy Tibbles\Downloads\FRST64(1).exe

2013-12-03 09:06 - 2013-12-03 09:06 - 00001581 _____ C:\windows\wininit.ini

2013-12-03 08:54 - 2013-12-03 08:54 - 01959434 _____ (Farbar) C:\Users\Percy Tibbles\Downloads\FRST64.exe

2013-12-02 18:08 - 2013-12-02 18:08 - 00602112 _____ (OldTimer Tools) C:\Users\Percy Tibbles\Downloads\OTL.exe

2013-12-02 17:45 - 2013-12-02 17:46 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater

2013-12-02 17:45 - 2013-12-02 17:45 - 00002166 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2013-12-02 17:45 - 2013-12-02 17:45 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2013-12-02 17:45 - 2013-12-02 17:45 - 00000000 ____D C:\ProgramData\McAfee

2013-12-02 17:45 - 2013-12-02 17:45 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan

2013-12-02 10:17 - 2013-12-02 10:17 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{E83F1205-ACC5-4A5B-B3C8-90034FC219EB}

2013-12-01 22:16 - 2013-12-01 22:16 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{62141F3D-1E77-4000-81D8-10244FB627A0}

2013-12-01 10:16 - 2013-12-01 10:16 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{9A6FD84B-E83B-4FAD-A2D1-78B2A3B626D5}

2013-11-30 22:16 - 2013-11-30 22:16 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{AE693DF2-0C54-4AFE-87A3-DA72C55D24F9}

2013-11-30 20:46 - 2013-11-30 20:46 - 04849773 _____ (Glorylogic                                                  ) C:\Users\Percy Tibbles\Downloads\imagetuner.exe

2013-11-30 20:40 - 2013-11-30 20:40 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter

2013-11-30 20:39 - 2013-11-30 20:39 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter_4z

2013-11-30 10:16 - 2013-11-30 10:16 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{A6C11BB6-1BCD-4FA8-9359-59FFE9D01BD3}

2013-11-29 22:15 - 2013-11-29 22:16 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{78D36617-6C51-4545-86A7-FFDAD3E02104}

2013-11-29 10:15 - 2013-11-29 10:15 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{A4400BF5-2428-4494-87E8-BD11F3647125}

2013-11-28 20:02 - 2013-11-28 20:02 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{0CF32549-09C6-4282-82A2-369B19F73E54}

2013-11-28 15:33 - 2013-11-28 15:33 - 00001288 _____ C:\Users\Public\Desktop\Paint.NET.lnk

2013-11-28 15:31 - 2013-11-28 15:32 - 00000000 ____D C:\Program Files\Paint.NET

2013-11-28 15:30 - 2013-11-28 16:15 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\Paint.NET

2013-11-28 13:13 - 2013-11-28 13:13 - 00001106 _____ C:\Users\Public\Desktop\Picasa 3.lnk

2013-11-28 13:10 - 2013-11-28 13:13 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\Google

2013-11-28 13:10 - 2013-11-28 13:10 - 00000000 ____D C:\Program Files (x86)\Google

2013-11-28 13:09 - 2013-11-28 13:09 - 14965064 _____ (Google Inc.) C:\Users\Percy Tibbles\Downloads\picasa39-setup_3.9.136.20.exe

2013-11-28 13:07 - 2013-11-28 13:07 - 00048921 _____ C:\Users\Percy Tibbles\AppData\Local\recently-used.xbel

2013-11-28 09:34 - 2013-11-28 09:34 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{FF345B93-B16B-4537-B7C3-AE1211F484E7}

2013-11-28 09:30 - 2013-11-28 09:34 - 00000000 ____D C:\Users\Percy Tibbles\Documents\ofen

2013-11-28 09:27 - 2013-11-28 09:27 - 00000000 ____D C:\ProgramData\CheckPoint

2013-11-28 09:06 - 2013-11-28 18:03 - 00000000 ____D C:\Program Files (x86)\Nvu

2013-11-28 09:06 - 2013-11-28 12:30 - 00000881 _____ C:\Users\Percy Tibbles\Desktop\Nvu.lnk

2013-11-28 09:06 - 2013-11-28 09:06 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Roaming\Windows Net Data

2013-11-28 09:06 - 2013-11-28 09:06 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Roaming\Nvu

2013-11-28 09:05 - 2013-11-28 09:05 - 06306913 _____ (Thorsten Fritz                                              ) C:\Users\Percy Tibbles\Desktop\nvu-1.0-win32-installer-de-DE.exe

2013-11-28 09:02 - 2013-11-28 09:02 - 00401736 _____ (Softonic                                        ) C:\Users\Percy Tibbles\Downloads\SoftonicDownloader_fuer_nvu.exe

2013-11-25 16:31 - 2013-11-25 16:31 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Roaming\Avira

2013-11-25 16:25 - 2013-11-25 16:25 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk

2013-11-25 16:25 - 2013-11-25 16:25 - 00000000 ____D C:\Program Files (x86)\Avira

2013-11-25 16:25 - 2013-11-25 16:24 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys

2013-11-25 16:25 - 2013-11-25 16:24 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys

2013-11-25 16:25 - 2013-11-25 16:24 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys

2013-11-25 16:25 - 2013-11-25 16:24 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys

2013-11-25 09:26 - 2013-11-25 09:26 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{C43FE65B-832D-4B39-AE25-43075A61DE85}

2013-11-24 16:53 - 2013-11-24 16:53 - 00000000 ____D C:\Program Files (x86)\Allin1Convert_8h

2013-11-22 15:01 - 2013-11-22 15:01 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{898BEE54-0B5A-4EEA-B443-67C71D7FAB00}

2013-11-21 21:00 - 2013-11-21 21:00 - 00001312 _____ C:\windows\Tasks\Plus-HD-1.3-updater.job

2013-11-21 21:00 - 2013-11-21 21:00 - 00001300 _____ C:\windows\Tasks\Feven 1.5-updater.job

2013-11-21 21:00 - 2013-11-21 21:00 - 00001114 _____ C:\windows\Tasks\Plus-HD-1.3-enabler.job

2013-11-21 21:00 - 2013-11-21 21:00 - 00001102 _____ C:\windows\Tasks\Feven 1.5-enabler.job

2013-11-21 20:59 - 2013-11-21 21:00 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.3

2013-11-21 20:59 - 2013-11-21 21:00 - 00000000 ____D C:\Program Files (x86)\Feven 1.5

2013-11-21 20:59 - 2013-11-21 20:59 - 00002088 _____ C:\windows\Tasks\Plus-HD-1.3-firefoxinstaller.job

2013-11-21 20:59 - 2013-11-21 20:59 - 00002014 _____ C:\windows\Tasks\Feven 1.5-firefoxinstaller.job

2013-11-21 20:59 - 2013-11-21 20:59 - 00001924 _____ C:\windows\Tasks\Plus-HD-1.3-chromeinstaller.job

2013-11-21 20:59 - 2013-11-21 20:59 - 00001906 _____ C:\windows\Tasks\Feven 1.5-chromeinstaller.job

2013-11-21 20:59 - 2013-11-21 20:59 - 00001214 _____ C:\windows\Tasks\Plus-HD-1.3-codedownloader.job

2013-11-21 20:59 - 2013-11-21 20:59 - 00001202 _____ C:\windows\Tasks\Feven 1.5-codedownloader.job

2013-11-21 20:59 - 2013-11-21 20:59 - 00001033 _____ C:\Users\Public\Desktop\VideoPlayer.lnk

2013-11-21 20:59 - 2013-11-21 20:59 - 00000000 ____D C:\Program Files (x86)\VideoPlayer

2013-11-21 10:50 - 2013-11-21 10:50 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{B3BD8BBF-1396-4B31-AC70-59BE005D1929}

2013-11-20 12:00 - 2013-11-20 12:00 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{A159E988-6939-4BF7-80B0-A4EAC7C2EFC3}

2013-11-19 23:30 - 2013-11-19 23:30 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{BAD4A60C-C96F-41A5-A745-69155338D95B}

2013-11-19 09:59 - 2013-11-19 09:59 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{B743F86C-362E-48EB-ADA3-9BA0926240DC}

2013-11-18 21:59 - 2013-11-18 21:59 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{C5BC1454-33DC-4F1B-9A4B-F4FDB326E1D7}

2013-11-18 19:06 - 2013-11-18 19:06 - 00000656 _____ C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job

2013-11-18 19:06 - 2013-11-18 19:06 - 00000628 _____ C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

2013-11-18 19:06 - 2013-11-18 19:06 - 00000458 _____ C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job

2013-11-18 19:05 - 2013-11-24 18:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2013-11-18 19:05 - 2013-11-18 19:09 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2013-11-18 19:05 - 2013-11-18 19:05 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2013-11-18 19:05 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe

2013-11-18 18:55 - 2013-11-18 18:55 - 00618912 _____ C:\Users\Percy Tibbles\Downloads\SpyBot Search Destroy - CHIP-Downloader(1).exe

2013-11-18 18:54 - 2013-11-18 18:54 - 00618912 _____ C:\Users\Percy Tibbles\Downloads\SpyBot Search Destroy - CHIP-Downloader.exe

2013-11-18 11:05 - 2013-11-21 20:59 - 00002296 _____ C:\Users\Percy Tibbles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

2013-11-18 08:56 - 2013-11-18 08:56 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{E32EADFC-DAA6-4A47-9BDE-83240E4C1889}

2013-11-17 20:56 - 2013-11-17 20:56 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{9C7A12DB-35B1-4798-8923-6B22E12FE0BC}

2013-11-17 16:56 - 2013-11-18 19:01 - 305364098 _____ C:\Users\Percy Tibbles\14.11. buch1.cpr

2013-11-17 08:56 - 2013-11-17 08:56 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{DB008026-EDBD-4D2B-AE2F-3D169FE3A9C3}

2013-11-16 20:55 - 2013-11-16 20:56 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{300595D0-D33A-4023-B5C6-41771C11977A}

2013-11-16 09:15 - 2013-11-16 09:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-11-16 08:55 - 2013-11-16 08:55 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{02BC2E78-2CD8-4A98-9AF0-5248666CB4FC}

2013-11-15 20:55 - 2013-11-15 20:55 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{7189187C-502E-4294-A322-D025FB09B330}

2013-11-15 08:52 - 2013-11-15 08:52 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{A374C51E-BC6E-4681-B1D5-FF57EDC29E03}

2013-11-14 20:47 - 2013-11-14 20:47 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{33CFE1B0-09E2-4DD5-92FC-0189C57D10D7}

2013-11-14 18:10 - 2013-11-14 18:10 - 12458512 _____ (Bullzip                                                     ) C:\Users\Percy Tibbles\Downloads\Setup_BullzipPDFPrinter_10_1_0_1871_S(2).exe

2013-11-14 18:07 - 2013-11-14 18:08 - 12458512 _____ (Bullzip                                                     ) C:\Users\Percy Tibbles\Downloads\Setup_BullzipPDFPrinter_10_1_0_1871_S(1).exe

2013-11-14 18:05 - 2013-11-14 18:05 - 12458512 _____ (Bullzip                                                     ) C:\Users\Percy Tibbles\Downloads\Setup_BullzipPDFPrinter_10_1_0_1871_S.exe

2013-11-14 08:45 - 2013-11-14 08:45 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{E2EFB753-4CFE-4752-AE95-0D3D54D8A3F4}

2013-11-13 20:44 - 2013-11-13 20:44 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{6ED86B98-DA8A-4A22-B6D0-EF2F1F14144F}

2013-11-13 08:37 - 2013-11-13 08:38 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{D2656818-76EF-4DBB-807F-D9CA40FE158E}

2013-11-12 18:27 - 2013-11-12 18:27 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{25C56EB1-629D-426F-8F37-5B76A22C6ED4}

2013-11-08 13:56 - 2013-11-20 12:16 - 00000000 ____D C:\Users\Percy Tibbles\Downloads\flickr

2013-11-08 12:18 - 2013-11-08 12:18 - 00125166 _____ C:\Users\Percy Tibbles\Downloads\Alle Größen _ Scotney Gardens _ Flickr - Fotosharing!.htm

2013-11-08 12:18 - 2013-11-08 12:18 - 00000000 ____D C:\Users\Percy Tibbles\Downloads\Alle Größen _ Scotney Gardens _ Flickr - Fotosharing!-Dateien

2013-11-07 21:45 - 2013-11-16 16:44 - 258309066 _____ C:\Users\Percy Tibbles\buch a.cpr

2013-11-06 22:26 - 2013-11-06 22:27 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{2E73BC5F-8DC1-4A8B-846A-D35D501B045C}

2013-11-05 22:09 - 2013-11-05 22:09 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{A1C33C4B-C610-4D13-BDE0-58B7ADA592E3}
 

==================== One Month Modified Files and Folders =======
 

2013-12-03 09:17 - 2013-12-03 09:16 - 00023224 _____ C:\Users\Percy Tibbles\Downloads\FRST.txt

2013-12-03 09:15 - 2013-12-03 09:15 - 00000000 ____D C:\FRST

2013-12-03 09:14 - 2013-12-03 09:14 - 01959434 _____ (Farbar) C:\Users\Percy Tibbles\Downloads\FRST64(1).exe

2013-12-03 09:06 - 2013-12-03 09:06 - 00001581 _____ C:\windows\wininit.ini

2013-12-03 08:54 - 2013-12-03 08:54 - 01959434 _____ (Farbar) C:\Users\Percy Tibbles\Downloads\FRST64.exe

2013-12-03 08:46 - 2013-09-10 22:35 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2013-12-03 08:37 - 2012-12-14 13:30 - 00632962 _____ C:\windows\WindowsUpdate.log

2013-12-03 08:25 - 2009-07-14 05:45 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-03 08:25 - 2009-07-14 05:45 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-02 18:25 - 2013-08-25 21:54 - 00001070 _____ C:\Users\Public\Desktop\PixelNet Software.lnk

2013-12-02 18:25 - 2013-08-25 21:51 - 00000000 ____D C:\Program Files (x86)\PixelNet Software

2013-12-02 18:08 - 2013-12-02 18:08 - 00602112 _____ (OldTimer Tools) C:\Users\Percy Tibbles\Downloads\OTL.exe

2013-12-02 17:46 - 2013-12-02 17:45 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater

2013-12-02 17:46 - 2013-09-10 22:35 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2013-12-02 17:46 - 2012-04-09 21:29 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-12-02 17:45 - 2013-12-02 17:45 - 00002166 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2013-12-02 17:45 - 2013-12-02 17:45 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2013-12-02 17:45 - 2013-12-02 17:45 - 00000000 ____D C:\ProgramData\McAfee

2013-12-02 17:45 - 2013-12-02 17:45 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan

2013-12-02 17:45 - 2012-12-13 22:41 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\Adobe

2013-12-02 17:43 - 2013-08-15 18:07 - 00000414 _____ C:\windows\Tasks\LyricsContainer Update.job

2013-12-02 17:43 - 2011-02-16 21:42 - 00707782 _____ C:\windows\system32\perfh007.dat

2013-12-02 17:43 - 2011-02-16 21:42 - 00151386 _____ C:\windows\system32\perfc007.dat

2013-12-02 17:43 - 2009-07-14 06:13 - 01641920 _____ C:\windows\system32\PerfStringBackup.INI

2013-12-02 17:35 - 2013-09-29 13:27 - 00001915 _____ C:\windows\setupact.log

2013-12-02 17:35 - 2012-04-09 20:46 - 00263416 _____ C:\windows\PFRO.log

2013-12-02 17:35 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT

2013-12-02 10:17 - 2013-12-02 10:17 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{E83F1205-ACC5-4A5B-B3C8-90034FC219EB}

2013-12-01 22:16 - 2013-12-01 22:16 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{62141F3D-1E77-4000-81D8-10244FB627A0}

2013-12-01 10:16 - 2013-12-01 10:16 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{9A6FD84B-E83B-4FAD-A2D1-78B2A3B626D5}

2013-11-30 22:16 - 2013-11-30 22:16 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{AE693DF2-0C54-4AFE-87A3-DA72C55D24F9}

2013-11-30 20:46 - 2013-11-30 20:46 - 04849773 _____ (Glorylogic                                                  ) C:\Users\Percy Tibbles\Downloads\imagetuner.exe

2013-11-30 20:40 - 2013-11-30 20:40 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter

2013-11-30 20:39 - 2013-11-30 20:39 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter_4z

2013-11-30 10:16 - 2013-11-30 10:16 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{A6C11BB6-1BCD-4FA8-9359-59FFE9D01BD3}

2013-11-29 22:16 - 2013-11-29 22:15 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{78D36617-6C51-4545-86A7-FFDAD3E02104}

2013-11-29 10:15 - 2013-11-29 10:15 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{A4400BF5-2428-4494-87E8-BD11F3647125}

2013-11-28 20:02 - 2013-11-28 20:02 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{0CF32549-09C6-4282-82A2-369B19F73E54}

2013-11-28 18:03 - 2013-11-28 09:06 - 00000000 ____D C:\Program Files (x86)\Nvu

2013-11-28 16:23 - 2013-09-15 11:44 - 00000000 ____D C:\Users\Percy Tibbles\.gimp-2.8

2013-11-28 16:15 - 2013-11-28 15:30 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\Paint.NET

2013-11-28 15:33 - 2013-11-28 15:33 - 00001288 _____ C:\Users\Public\Desktop\Paint.NET.lnk

2013-11-28 15:32 - 2013-11-28 15:31 - 00000000 ____D C:\Program Files\Paint.NET

2013-11-28 13:13 - 2013-11-28 13:13 - 00001106 _____ C:\Users\Public\Desktop\Picasa 3.lnk

2013-11-28 13:13 - 2013-11-28 13:10 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\Google

2013-11-28 13:10 - 2013-11-28 13:10 - 00000000 ____D C:\Program Files (x86)\Google

2013-11-28 13:09 - 2013-11-28 13:09 - 14965064 _____ (Google Inc.) C:\Users\Percy Tibbles\Downloads\picasa39-setup_3.9.136.20.exe

2013-11-28 13:07 - 2013-11-28 13:07 - 00048921 _____ C:\Users\Percy Tibbles\AppData\Local\recently-used.xbel

2013-11-28 13:07 - 2013-09-15 11:54 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\gtk-2.0

2013-11-28 12:30 - 2013-11-28 09:06 - 00000881 _____ C:\Users\Percy Tibbles\Desktop\Nvu.lnk

2013-11-28 09:34 - 2013-11-28 09:34 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{FF345B93-B16B-4537-B7C3-AE1211F484E7}

2013-11-28 09:34 - 2013-11-28 09:30 - 00000000 ____D C:\Users\Percy Tibbles\Documents\ofen

2013-11-28 09:27 - 2013-11-28 09:27 - 00000000 ____D C:\ProgramData\CheckPoint

2013-11-28 09:06 - 2013-11-28 09:06 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Roaming\Windows Net Data

2013-11-28 09:06 - 2013-11-28 09:06 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Roaming\Nvu

2013-11-28 09:05 - 2013-11-28 09:05 - 06306913 _____ (Thorsten Fritz                                              ) C:\Users\Percy Tibbles\Desktop\nvu-1.0-win32-installer-de-DE.exe

2013-11-28 09:02 - 2013-11-28 09:02 - 00401736 _____ (Softonic                                        ) C:\Users\Percy Tibbles\Downloads\SoftonicDownloader_fuer_nvu.exe

2013-11-25 16:31 - 2013-11-25 16:31 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Roaming\Avira

2013-11-25 16:25 - 2013-11-25 16:25 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk

2013-11-25 16:25 - 2013-11-25 16:25 - 00000000 ____D C:\Program Files (x86)\Avira

2013-11-25 16:25 - 2013-08-15 18:13 - 00000000 ____D C:\ProgramData\Avira

2013-11-25 16:24 - 2013-11-25 16:25 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys

2013-11-25 16:24 - 2013-11-25 16:25 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys

2013-11-25 16:24 - 2013-11-25 16:25 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys

2013-11-25 16:24 - 2013-11-25 16:25 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys

2013-11-25 09:26 - 2013-11-25 09:26 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{C43FE65B-832D-4B39-AE25-43075A61DE85}

2013-11-24 18:28 - 2013-11-18 19:05 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2013-11-24 16:53 - 2013-11-24 16:53 - 00000000 ____D C:\Program Files (x86)\Allin1Convert_8h

2013-11-22 15:01 - 2013-11-22 15:01 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{898BEE54-0B5A-4EEA-B443-67C71D7FAB00}

2013-11-21 21:00 - 2013-11-21 21:00 - 00001312 _____ C:\windows\Tasks\Plus-HD-1.3-updater.job

2013-11-21 21:00 - 2013-11-21 21:00 - 00001300 _____ C:\windows\Tasks\Feven 1.5-updater.job

2013-11-21 21:00 - 2013-11-21 21:00 - 00001114 _____ C:\windows\Tasks\Plus-HD-1.3-enabler.job

2013-11-21 21:00 - 2013-11-21 21:00 - 00001102 _____ C:\windows\Tasks\Feven 1.5-enabler.job

2013-11-21 21:00 - 2013-11-21 20:59 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.3

2013-11-21 21:00 - 2013-11-21 20:59 - 00000000 ____D C:\Program Files (x86)\Feven 1.5

2013-11-21 20:59 - 2013-11-21 20:59 - 00002088 _____ C:\windows\Tasks\Plus-HD-1.3-firefoxinstaller.job

2013-11-21 20:59 - 2013-11-21 20:59 - 00002014 _____ C:\windows\Tasks\Feven 1.5-firefoxinstaller.job

2013-11-21 20:59 - 2013-11-21 20:59 - 00001924 _____ C:\windows\Tasks\Plus-HD-1.3-chromeinstaller.job

2013-11-21 20:59 - 2013-11-21 20:59 - 00001906 _____ C:\windows\Tasks\Feven 1.5-chromeinstaller.job

2013-11-21 20:59 - 2013-11-21 20:59 - 00001214 _____ C:\windows\Tasks\Plus-HD-1.3-codedownloader.job

2013-11-21 20:59 - 2013-11-21 20:59 - 00001202 _____ C:\windows\Tasks\Feven 1.5-codedownloader.job

2013-11-21 20:59 - 2013-11-21 20:59 - 00001033 _____ C:\Users\Public\Desktop\VideoPlayer.lnk

2013-11-21 20:59 - 2013-11-21 20:59 - 00000000 ____D C:\Program Files (x86)\VideoPlayer

2013-11-21 20:59 - 2013-11-18 11:05 - 00002296 _____ C:\Users\Percy Tibbles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

2013-11-21 20:59 - 2013-08-15 18:53 - 00001329 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-11-21 20:59 - 2012-12-13 22:41 - 00001621 _____ C:\Users\Percy Tibbles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-11-21 20:59 - 2012-12-13 22:41 - 00001599 _____ C:\Users\Percy Tibbles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2013-11-21 20:59 - 2012-04-09 21:10 - 00001288 _____ C:\Users\Public\Desktop\Internet Explorer.lnk

2013-11-21 10:50 - 2013-11-21 10:50 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{B3BD8BBF-1396-4B31-AC70-59BE005D1929}

2013-11-20 16:13 - 2013-07-28 12:04 - 00000000 ____D C:\Users\Percy Tibbles\Documents\Floras Farben

2013-11-20 12:16 - 2013-11-08 13:56 - 00000000 ____D C:\Users\Percy Tibbles\Downloads\flickr

2013-11-20 12:00 - 2013-11-20 12:00 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{A159E988-6939-4BF7-80B0-A4EAC7C2EFC3}

2013-11-19 23:30 - 2013-11-19 23:30 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{BAD4A60C-C96F-41A5-A745-69155338D95B}

2013-11-19 15:02 - 2013-08-15 18:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-11-19 14:04 - 2013-08-13 08:14 - 00000000 ____D C:\Users\Percy Tibbles\Documents\Floras Farben website

2013-11-19 13:33 - 2013-08-20 07:53 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Roaming\Windows Live Writer

2013-11-19 09:59 - 2013-11-19 09:59 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{B743F86C-362E-48EB-ADA3-9BA0926240DC}

2013-11-18 21:59 - 2013-11-18 21:59 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{C5BC1454-33DC-4F1B-9A4B-F4FDB326E1D7}

2013-11-18 19:09 - 2013-11-18 19:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2013-11-18 19:06 - 2013-11-18 19:06 - 00000656 _____ C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job

2013-11-18 19:06 - 2013-11-18 19:06 - 00000628 _____ C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

2013-11-18 19:06 - 2013-11-18 19:06 - 00000458 _____ C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job

2013-11-18 19:05 - 2013-11-18 19:05 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2013-11-18 19:01 - 2013-11-17 16:56 - 305364098 _____ C:\Users\Percy Tibbles\14.11. buch1.cpr

2013-11-18 18:55 - 2013-11-18 18:55 - 00618912 _____ C:\Users\Percy Tibbles\Downloads\SpyBot Search Destroy - CHIP-Downloader(1).exe

2013-11-18 18:54 - 2013-11-18 18:54 - 00618912 _____ C:\Users\Percy Tibbles\Downloads\SpyBot Search Destroy - CHIP-Downloader.exe

2013-11-18 08:56 - 2013-11-18 08:56 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{E32EADFC-DAA6-4A47-9BDE-83240E4C1889}

2013-11-17 20:56 - 2013-11-17 20:56 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{9C7A12DB-35B1-4798-8923-6B22E12FE0BC}

2013-11-17 16:56 - 2012-12-13 22:41 - 00000000 ____D C:\Users\Percy Tibbles

2013-11-17 16:48 - 2013-10-21 09:38 - 526062047 _____ C:\Users\Percy Tibbles\Fotobuch Teil 2 oktober.cpr

2013-11-17 16:37 - 2013-10-16 22:43 - 313402920 _____ C:\Users\Percy Tibbles\england garten quer 66.cpr

2013-11-17 08:56 - 2013-11-17 08:56 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{DB008026-EDBD-4D2B-AE2F-3D169FE3A9C3}

2013-11-16 20:56 - 2013-11-16 20:55 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{300595D0-D33A-4023-B5C6-41771C11977A}

2013-11-16 16:44 - 2013-11-07 21:45 - 258309066 _____ C:\Users\Percy Tibbles\buch a.cpr

2013-11-16 16:29 - 2013-10-08 16:12 - 258308782 _____ C:\Users\Percy Tibbles\dear betty.cpr

2013-11-16 09:15 - 2013-11-16 09:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-11-16 08:59 - 2013-10-13 08:09 - 00000000 ____D C:\Users\Percy Tibbles\Documents\ganz england

2013-11-16 08:55 - 2013-11-16 08:55 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{02BC2E78-2CD8-4A98-9AF0-5248666CB4FC}

2013-11-15 20:55 - 2013-11-15 20:55 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{7189187C-502E-4294-A322-D025FB09B330}

2013-11-15 08:52 - 2013-11-15 08:52 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{A374C51E-BC6E-4681-B1D5-FF57EDC29E03}

2013-11-14 20:47 - 2013-11-14 20:47 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{33CFE1B0-09E2-4DD5-92FC-0189C57D10D7}

2013-11-14 18:10 - 2013-11-14 18:10 - 12458512 _____ (Bullzip                                                     ) C:\Users\Percy Tibbles\Downloads\Setup_BullzipPDFPrinter_10_1_0_1871_S(2).exe

2013-11-14 18:08 - 2013-11-14 18:07 - 12458512 _____ (Bullzip                                                     ) C:\Users\Percy Tibbles\Downloads\Setup_BullzipPDFPrinter_10_1_0_1871_S(1).exe

2013-11-14 18:05 - 2013-11-14 18:05 - 12458512 _____ (Bullzip                                                     ) C:\Users\Percy Tibbles\Downloads\Setup_BullzipPDFPrinter_10_1_0_1871_S.exe

2013-11-14 08:45 - 2013-11-14 08:45 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{E2EFB753-4CFE-4752-AE95-0D3D54D8A3F4}

2013-11-13 20:44 - 2013-11-13 20:44 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{6ED86B98-DA8A-4A22-B6D0-EF2F1F14144F}

2013-11-13 08:38 - 2013-11-13 08:37 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{D2656818-76EF-4DBB-807F-D9CA40FE158E}

2013-11-12 18:27 - 2013-11-12 18:27 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{25C56EB1-629D-426F-8F37-5B76A22C6ED4}

2013-11-08 12:18 - 2013-11-08 12:18 - 00125166 _____ C:\Users\Percy Tibbles\Downloads\Alle Größen _ Scotney Gardens _ Flickr - Fotosharing!.htm

2013-11-08 12:18 - 2013-11-08 12:18 - 00000000 ____D C:\Users\Percy Tibbles\Downloads\Alle Größen _ Scotney Gardens _ Flickr - Fotosharing!-Dateien

2013-11-06 22:27 - 2013-11-06 22:26 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{2E73BC5F-8DC1-4A8B-846A-D35D501B045C}

2013-11-05 22:09 - 2013-11-05 22:09 - 00000000 ____D C:\Users\Percy Tibbles\AppData\Local\{A1C33C4B-C610-4D13-BDE0-58B7ADA592E3}

2013-11-04 05:37 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF
 

Some content of TEMP:

====================

C:\Users\Percy Tibbles\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-11-25 20:35
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2013

Ran by Percy Tibbles at 2013-12-03 09:20:17

Running from C:\Users\Percy Tibbles\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 

==================== Installed Programs ======================
 

Adobe AIR (x32 Version: 2.5.1.17730)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)

Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)

Alcor Micro USB Card Reader (x32 Version: 1.8.1217.36096)

Allin1Convert Internet Explorer Toolbar (x32)

AMD APP SDK Runtime (Version: 10.0.831.4)

AMD Catalyst Install Manager (Version: 3.0.855.0)

AMD Fuel (Version: 2011.1109.2212.39826)

AMD Media Foundation Decoders (Version: 1.0.61109.2218)

AMD VISION Engine Control Center (x32 Version: 2011.1109.2212.39826)

Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.12.9.0)

ASUS Media Sharing (x32 Version: 0.65.9)

ASUS Smart Camera (x32 Version: 1.0.9)

ASUS WebStorage (x32 Version: 3.0.108.222)

AsusScreensaver (x32 Version: 1.05)

AsusVibe2.0 (x32 Version: 2.0.7.142)

ATK WMIACPI Utility (x32 Version: 1.0.0005)

Avira Free Antivirus (x32 Version: 14.0.1.749)

Avira SearchFree Toolbar (x32 Version: 12.6.0.1900)

Bing Bar (x32 Version: 7.1.391.0)

Broadcom Wireless Utility (Version: 5.100.82.123)

CapsHook (x32 Version: 1.0.0.7)

Catalyst Control Center - Branding (x32 Version: 1.00.0000)

Catalyst Control Center InstallProxy (x32 Version: 2011.1109.2212.39826)

Catalyst Control Center Localization All (x32 Version: 2011.1109.2212.39826)

Catalyst Control Center Profiles Mobile (x32 Version: 2011.1109.2212.39826)

CCC Help Chinese Standard (x32 Version: 2011.1109.2211.39826)

CCC Help Chinese Traditional (x32 Version: 2011.1109.2211.39826)

CCC Help Czech (x32 Version: 2011.1109.2211.39826)

CCC Help Danish (x32 Version: 2011.1109.2211.39826)

CCC Help Dutch (x32 Version: 2011.1109.2211.39826)

CCC Help English (x32 Version: 2011.1109.2211.39826)

CCC Help Finnish (x32 Version: 2011.1109.2211.39826)

CCC Help French (x32 Version: 2011.1109.2211.39826)

CCC Help German (x32 Version: 2011.1109.2211.39826)

CCC Help Greek (x32 Version: 2011.1109.2211.39826)

CCC Help Hungarian (x32 Version: 2011.1109.2211.39826)

CCC Help Italian (x32 Version: 2011.1109.2211.39826)

CCC Help Japanese (x32 Version: 2011.1109.2211.39826)

CCC Help Korean (x32 Version: 2011.1109.2211.39826)

CCC Help Norwegian (x32 Version: 2011.1109.2211.39826)

CCC Help Polish (x32 Version: 2011.1109.2211.39826)

CCC Help Portuguese (x32 Version: 2011.1109.2211.39826)

CCC Help Russian (x32 Version: 2011.1109.2211.39826)

CCC Help Spanish (x32 Version: 2011.1109.2211.39826)

CCC Help Swedish (x32 Version: 2011.1109.2211.39826)

CCC Help Thai (x32 Version: 2011.1109.2211.39826)

CCC Help Turkish (x32 Version: 2011.1109.2211.39826)

ccc-utility64 (Version: 2011.1109.2212.39826)

Chicken Invaders 2 (x32)

Cisco EAP-FAST Module (x32 Version: 2.2.14)

Cisco LEAP Module (x32 Version: 1.0.19)

Cisco PEAP Module (x32 Version: 1.1.6)

Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)

D3DX10 (x32 Version: 15.4.2368.0902)

DMUninstaller (x32)

E-Cam (x32 Version: 2.0.3.0)

Eee Docking 3.10.4 (Version: 3.10.4)

Feven 1.5 (x32 Version: 1.31.153.0)

FontResizer (x32 Version: 1.01.0011)

Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)

Game Park Console (x32 Version: 6.2.0.3)

GIMP 2.8.6 (Version: 2.8.6)

Hotkey Service (x32 Version: 1.45)

Junk Mail filter update (x32 Version: 15.4.3502.0922)

LiveUpdate (x32 Version: 1.31)

LyricsContainer (x32)

McAfee Security Scan Plus (x32 Version: 3.0.285.6)

Mesh Runtime (x32 Version: 15.4.5722.2)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2010 (x32 Version: 14.0.4763.1000)

Microsoft Silverlight (x32 Version: 4.0.50401.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)

Mozilla Maintenance Service (x32 Version: 25.0.1)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

Nvu 1.0 (x32 Version: 1.0)

Paint.NET v3.5.11 (Version: 3.61.0)

Papyrus Autor -- from R.O.M. logicware GmbH (x32)

Picasa 3 (x32 Version: 3.9)

PixelNet Software 4.12.2 (x32 Version: 4.12.2)

Plus-HD-1.3 (x32 Version: 1.31.153.0) <==== ATTENTION

Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)

Realtek Ethernet Controller Driver (x32 Version: 7.47.714.2011)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6423)

Snap.Do (x32 Version: 10.242.1.13535)

Snap.Do Engine (HKCU Version: 10.242.1.13535)

Spybot - Search & Destroy (x32 Version: 2.2.25)

Super Hybrid Engine (x32 Version: 2.20)

Synaptics Pointing Device Driver (Version: 15.3.42.2)

USB2.0 UVC VGA WebCam (x32 Version: 6.1.7600.130)

USBCharge+ (x32 Version: 1.0.0.21)

VideoDownloadConverter Internet Explorer Toolbar (x32)

VideoPlayer v2.0.6 (x32 Version: v2.0.6)

VIS (x32)

WIDCOMM Bluetooth Software (Version: 6.3.0.7500)

Windows Live (x32 Version: 15.4.3502.0922)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3538.0513)

Windows Live Family Safety (Version: 15.4.3538.0513)

Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (x32 Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3538.0513)

Windows Live Mail (x32 Version: 15.4.3502.0922)

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)

Windows Live Mesh (x32 Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)

Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)

Windows Live Messenger (x32 Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (x32 Version: 15.4.3502.0922)

Windows Live Photo Common (x32 Version: 15.4.3502.0922)

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (x32 Version: 15.4.3502.0922)

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)

Windows Live UX Platform (x32 Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)

Windows Live Writer (x32 Version: 15.4.3502.0922)

Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

WinFlash (x32 Version: 2.32.0)

WiSharing (x32 Version: 1.1.0.8)
 

==================== Restore Points  =========================
 
 

==================== Hosts content: ==========================
 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {3E6C0198-74F8-49DB-9859-310A10DD1A47} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-02] (Adobe Systems Incorporated)

Task: {ACDEAB1E-5DF8-4B45-BB96-8F0668ED83A6} - System32\Tasks\LyricsContainer Update => C:\Program Files (x86)\LyricsContainer\LrcsCtrUpdr.exe

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

Task: C:\windows\Tasks\Feven 1.5-chromeinstaller.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-chromeinstaller.exe

Task: C:\windows\Tasks\Feven 1.5-codedownloader.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-codedownloader.exe

Task: C:\windows\Tasks\Feven 1.5-enabler.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-enabler.exe

Task: C:\windows\Tasks\Feven 1.5-firefoxinstaller.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-firefoxinstaller.exe

Task: C:\windows\Tasks\Feven 1.5-updater.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-updater.exe

Task: C:\windows\Tasks\LyricsContainer Update.job => C:\Program Files (x86)\LyricsContainer\LrcsCtrUpdr.exe

Task: C:\windows\Tasks\Plus-HD-1.3-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe

Task: C:\windows\Tasks\Plus-HD-1.3-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe

Task: C:\windows\Tasks\Plus-HD-1.3-enabler.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe

Task: C:\windows\Tasks\Plus-HD-1.3-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe

Task: C:\windows\Tasks\Plus-HD-1.3-updater.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe

Task: C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

Task: C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-11-30 20:39 - 2013-11-30 20:39 - 00292424 _____ () C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegratorStub64.dll

2013-11-24 16:53 - 2013-11-24 16:53 - 00292424 _____ () C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\AppIntegratorStub64.dll

2009-03-02 03:08 - 2009-03-02 03:08 - 00003584 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\LogicNP.PropSheetExtensionHelper_x64.dll

2013-11-24 16:53 - 2013-11-24 16:53 - 00442952 _____ () C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\HPG64.DLL

2013-11-30 20:39 - 2013-11-30 20:39 - 00442952 _____ () C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\HPG64.DLL

2010-12-23 18:03 - 2010-12-23 18:03 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll

2011-11-10 06:08 - 2011-11-10 06:08 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2011-11-09 17:55 - 2011-11-09 17:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2011-11-10 06:10 - 2011-11-10 06:10 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2013-11-25 16:25 - 2013-11-25 16:23 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2013-11-18 19:05 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2013-11-18 19:05 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2013-11-18 19:05 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2013-11-18 19:05 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2013-11-18 19:05 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2012-01-05 12:27 - 2012-01-05 12:27 - 00181664 _____ () C:\Program Files (x86)\Asus\LiveUpdate\Parser.dll

2013-11-16 09:15 - 2013-11-16 09:15 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2013-11-18 11:05 - 2013-10-21 10:18 - 00099096 _____ () C:\Users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\{b60e1415-7c77-d679-9b7d-8bdf5fea9143}\components\SmartbarFireFoxRemotePlugin_25.dll

2013-12-02 17:45 - 2013-12-02 17:45 - 16237448 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll

2013-08-14 14:48 - 2013-08-14 14:48 - 08241664 _____ () C:\Program Files (x86)\PixelNet Software\QtGui4.dll

2013-08-14 14:48 - 2013-08-14 14:48 - 02296832 _____ () C:\Program Files (x86)\PixelNet Software\QtCore4.dll

2013-08-14 14:48 - 2013-08-14 14:48 - 03595776 _____ () C:\Program Files (x86)\PixelNet Software\Plugins\main\ETEPhoto.dll

2013-08-14 14:48 - 2013-08-14 14:48 - 10837504 _____ () C:\Program Files (x86)\PixelNet Software\QtWebKit4.dll

2013-08-14 14:48 - 2013-08-14 14:48 - 00266752 _____ () C:\Program Files (x86)\PixelNet Software\phonon4.dll

2013-08-14 14:48 - 2013-08-14 14:48 - 00975360 _____ () C:\Program Files (x86)\PixelNet Software\QtNetwork4.dll

2013-08-14 14:48 - 2013-08-14 14:48 - 02318848 _____ () C:\Program Files (x86)\PixelNet Software\Qt3Support4.dll

2013-08-14 14:48 - 2013-08-14 14:48 - 00191488 _____ () C:\Program Files (x86)\PixelNet Software\QtSql4.dll

2013-08-14 14:48 - 2013-08-14 14:48 - 00339968 _____ () C:\Program Files (x86)\PixelNet Software\QtXml4.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (12/02/2013 06:23:07 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: AsusScreensaver.scr, Version: 1.0.3.0, Zeitstempel: 0x4c6e6577

Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651, Zeitstempel: 0x4e21213c

Ausnahmecode: 0xc0020001

Fehleroffset: 0x000000000000cacd

ID des fehlerhaften Prozesses: 0x%9

Startzeit der fehlerhaften Anwendung: 0xAsusScreensaver.scr0

Pfad der fehlerhaften Anwendung: AsusScreensaver.scr1

Pfad des fehlerhaften Moduls: AsusScreensaver.scr2

Berichtskennung: AsusScreensaver.scr3
 

Error: (12/02/2013 05:34:10 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.123, Zeitstempel: 0x4f027bb3

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e

Ausnahmecode: 0xc0000374

Fehleroffset: 0x00000000000c40f2

ID des fehlerhaften Prozesses: 0x58c

Startzeit der fehlerhaften Anwendung: 0xbcmwltry.exe0

Pfad der fehlerhaften Anwendung: bcmwltry.exe1

Pfad des fehlerhaften Moduls: bcmwltry.exe2

Berichtskennung: bcmwltry.exe3
 

Error: (12/02/2013 11:39:08 AM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: AsusScreensaver.scr, Version: 1.0.3.0, Zeitstempel: 0x4c6e6577

Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651, Zeitstempel: 0x4e21213c

Ausnahmecode: 0xc0020001

Fehleroffset: 0x000000000000cacd

ID des fehlerhaften Prozesses: 0x%9

Startzeit der fehlerhaften Anwendung: 0xAsusScreensaver.scr0

Pfad der fehlerhaften Anwendung: AsusScreensaver.scr1

Pfad des fehlerhaften Moduls: AsusScreensaver.scr2

Berichtskennung: AsusScreensaver.scr3
 

Error: (11/28/2013 03:42:59 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: AsusScreensaver.scr, Version: 1.0.3.0, Zeitstempel: 0x4c6e6577

Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651, Zeitstempel: 0x4e21213c

Ausnahmecode: 0xc0020001

Fehleroffset: 0x000000000000cacd

ID des fehlerhaften Prozesses: 0x%9

Startzeit der fehlerhaften Anwendung: 0xAsusScreensaver.scr0

Pfad der fehlerhaften Anwendung: AsusScreensaver.scr1

Pfad des fehlerhaften Moduls: AsusScreensaver.scr2

Berichtskennung: AsusScreensaver.scr3
 

Error: (11/28/2013 03:30:11 PM) (Source: VSS) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.

Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
 
 

Vorgang:

   Generatordaten werden gesammelt
 

Kontext:

   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}

   Generatorname: System Writer

   Generatorinstanz-ID: {bb25ec8a-69f6-47c1-a10c-b8427f330d72}
 

Error: (11/28/2013 09:28:09 AM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: Install.exe_unknown, Version: 0.0.0.0, Zeitstempel: 0x512719ad

Name des fehlerhaften Moduls: Install.exe, Version: 0.0.0.0, Zeitstempel: 0x512719ad

Ausnahmecode: 0x40000015

Fehleroffset: 0x000f64d0

ID des fehlerhaften Prozesses: 0x460c

Startzeit der fehlerhaften Anwendung: 0xInstall.exe_unknown0

Pfad der fehlerhaften Anwendung: Install.exe_unknown1

Pfad des fehlerhaften Moduls: Install.exe_unknown2

Berichtskennung: Install.exe_unknown3
 

Error: (11/28/2013 09:05:03 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (11/28/2013 09:04:56 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (11/28/2013 09:04:52 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (11/28/2013 09:04:47 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 

System errors:

=============

Error: (12/02/2013 10:53:02 PM) (Source: DCOM) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 

Error: (12/02/2013 10:53:00 PM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.
 

Error: (12/02/2013 05:33:59 PM) (Source: DCOM) (User: )

Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}
 

Error: (12/02/2013 02:55:04 PM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.
 

Error: (12/02/2013 00:14:21 PM) (Source: Disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
 

Error: (12/02/2013 00:14:20 PM) (Source: Disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
 

Error: (12/02/2013 10:48:16 AM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.
 

Error: (12/02/2013 04:59:05 AM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.
 

Error: (12/01/2013 04:12:51 PM) (Source: Disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
 

Error: (12/01/2013 04:12:51 PM) (Source: Disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
 
 

Microsoft Office Sessions:

=========================

Error: (12/02/2013 06:23:07 PM) (Source: Application Error)(User: )

Description: AsusScreensaver.scr1.0.3.04c6e6577KERNELBASE.dll6.1.7601.176514e21213cc0020001000000000000cacd
 

Error: (12/02/2013 05:34:10 PM) (Source: Application Error)(User: )

Description: bcmwltry.exe5.100.82.1234f027bb3ntdll.dll6.1.7601.177254ec4aa8ec000037400000000000c40f258c01ceec14eb6fabf1C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exeC:\windows\SYSTEM32\ntdll.dll91d0f096-5b6f-11e3-9e53-0008caacc5bb
 

Error: (12/02/2013 11:39:08 AM) (Source: Application Error)(User: )

Description: AsusScreensaver.scr1.0.3.04c6e6577KERNELBASE.dll6.1.7601.176514e21213cc0020001000000000000cacd
 

Error: (11/28/2013 03:42:59 PM) (Source: Application Error)(User: )

Description: AsusScreensaver.scr1.0.3.04c6e6577KERNELBASE.dll6.1.7601.176514e21213cc0020001000000000000cacd
 

Error: (11/28/2013 03:30:11 PM) (Source: VSS)(User: )

Description: 0x80070005, Zugriff verweigert
 
 

Vorgang:

   Generatordaten werden gesammelt
 

Kontext:

   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}

   Generatorname: System Writer

   Generatorinstanz-ID: {bb25ec8a-69f6-47c1-a10c-b8427f330d72}
 

Error: (11/28/2013 09:28:09 AM) (Source: Application Error)(User: )

Description: Install.exe_unknown0.0.0.0512719adInstall.exe0.0.0.0512719ad40000015000f64d0460c01ceec13bb7e8a52C:\Users\PERCYT~1\AppData\Local\Temp\{907A1104-E812-4b5c-959B-E4DAB37A96AB}\Install.exeC:\Users\PERCYT~1\AppData\Local\Temp\{907A1104-E812-4b5c-959B-E4DAB37A96AB}\Install.exe0270057a-5807-11e3-a56e-0008caacc5bb
 

Error: (11/28/2013 09:05:03 AM) (Source: SideBySide)(User: )

Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Percy Tibbles\Downloads\SoftonicDownloader_fuer_nvu.exe
 

Error: (11/28/2013 09:04:56 AM) (Source: SideBySide)(User: )

Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Percy Tibbles\Downloads\SoftonicDownloader_fuer_nvu.exe
 

Error: (11/28/2013 09:04:52 AM) (Source: SideBySide)(User: )

Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Percy Tibbles\Downloads\SoftonicDownloader_fuer_nvu.exe
 

Error: (11/28/2013 09:04:47 AM) (Source: SideBySide)(User: )

Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Percy Tibbles\Downloads\SoftonicDownloader_fuer_nvu.exe
 
 

CodeIntegrity Errors:

===================================

  Date: 2012-12-13 22:42:05.038

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\AP\DetectSys.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2012-12-13 22:42:04.648

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\AP\DetectSys.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 69%

Total physical RAM: 3692.43 MB

Available physical RAM: 1126.11 MB

Total Pagefile: 7383.04 MB

Available Pagefile: 3717.56 MB

Total Virtual: 8192 MB

Available Virtual: 8191.8 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:100 GB) (Free:8.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: () (Fixed) (Total:183.07 GB) (Free:182.95 GB) NTFS

Drive g: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:443.2 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A8D6F410)

Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)

Partition 3: (Not Active) - (Size=183 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7F14318C)

Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Hallo Schrauber,

Danke!! für deine Nachricht.
Ich krieg das hin.
Soll ich auch die Firewall deaktivieren? Ich mache das erstmal mit bestehender Firewall, schalte nur Antivir und Spybot aus. - Und was sind CODE-Tags ? Ergibt sich das von allein?

Na, ich mach mal.

Schöne Grüße
Clara

Code:

ComboFix 13-12-04.02 - Percy Tibbles 04.12.2013  11:04:20.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3692.2245 [GMT 1:00]

ausgeführt von:: c:\users\Percy Tibbles\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\LyricsContainer

c:\program files (x86)\LyricsContainer\01.crx

c:\program files (x86)\LyricsContainer\01.xpi

c:\program files (x86)\LyricsContainer\02.crx

c:\program files (x86)\LyricsContainer\02.xpi

c:\program files (x86)\LyricsContainer\128.crx

c:\program files (x86)\LyricsContainer\128.dat

c:\program files (x86)\LyricsContainer\128.xpi

c:\program files (x86)\LyricsContainer\chrome.manifest

c:\program files (x86)\LyricsContainer\crx.dat

c:\program files (x86)\LyricsContainer\crx.db

c:\program files (x86)\LyricsContainer\sqlite3.dll

c:\program files (x86)\LyricsContainer\Uninstall.exe

c:\program files (x86)\LyricsContainer\xpi.dat

c:\program files (x86)\LyricsContainer\xpi.db

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome.manifest

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\asyncDB.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\background.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\browserAction.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\contextMenu.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\dbManager.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\dom_bg.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\fileManager.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\firefox.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\firefoxNotifications.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\firefoxOmnibox.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\message.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\pageAction.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\request.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\tabs.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\webRequest.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\background.html

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\baseObject.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\browser.xul

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\console.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\consts.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\delegate.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\extensionDataStore.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\folderIOWrapper.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\httpObserver.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\IDBWrapper.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\installer.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\logFile.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\prefs.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\progressListenerObserver.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\registry.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\reloadObserver.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\reports.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\requestObject.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\searchSettings.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\uninstallObserver.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\updateManager.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\utils.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\xhr.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\dialog.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\main.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\options.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\options.xul

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\search_dialog.xul

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\defaults\preferences\prefs.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\manifest.xml

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins.json

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\1_base.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\102_dealply_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\103_intext_5_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\104_jollywallet_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\105_corticas_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\108_icm_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\117_coupons_intext_ads_5_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\119_similar_web_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\120_luck_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\123_intext_adv_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\125_arcadi2_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\126_revizer_ws_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\127_revizer_p_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\128_superfish_pricora_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\13_CrossriderAppUtils.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\135_arcadi3_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\138_getdeal_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\14_CrossriderUtils.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\141_corticas_ru_m.js.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\142_intext_fa_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\155_ibario_pops_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\159_cortica_rollover_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\16_FFAppAPIWrapper.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\17_jQuery.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\171_arcadi2_sourceID_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\175_coolmirage_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\178_revizer_ws_dynamic_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\179_revizer_p_dynamic_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\180_bpo_serp_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\184_noproblemppc_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\189_active_sanity.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\190_pops_5_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\191_ciuvo_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\194_retargeting_bi_m.js.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\195_icm_convertmedia_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\197_kreapixel_pops_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\199_superfish_no_coupons_plushd_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\200_foxydeal_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\21_debug.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\22_resources.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\28_initializer.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\4_jquery_1_7_1.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\47_resources_background.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\64_appApiMessage.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\7_hooks.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\72_appApiValidation.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\78_CrossriderInfo.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\87_ginyas_wrapper.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\9_search_engine_hook.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\91_monetizationLoader.js.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\93_superfish_no_coupons_m.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\98_omniCommands.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\userCode\background.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\userCode\extension.js

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\install.rdf

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\locale\en-US\translations.dtd

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button1.png

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button2.png

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button3.png

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button4.png

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button5.png

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\crossrider_statusbar.png

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\icon128.png

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\icon16.png

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\icon24.png

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\icon48.png

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\panelarrow-up.png

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\popup.html

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\skin.css

c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\update.css

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-11-04 bis 2013-12-04  ))))))))))))))))))))))))))))))

.

.

2013-12-04 10:14 . 2013-12-04 10:14        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-12-03 08:15 . 2013-12-03 08:15        --------        d-----w-        C:\FRST

2013-12-02 16:45 . 2013-12-02 16:45        --------        d-----w-        c:\programdata\McAfee

2013-11-30 19:40 . 2013-11-30 19:40        --------        d-----w-        c:\program files (x86)\VideoDownloadConverter

2013-11-28 14:31 . 2013-11-28 14:32        --------        d-----w-        c:\program files\Paint.NET

2013-11-28 14:30 . 2013-11-28 15:15        --------        d-----w-        c:\users\Percy Tibbles\AppData\Local\Paint.NET

2013-11-28 12:10 . 2013-11-28 12:13        --------        d-----w-        c:\users\Percy Tibbles\AppData\Local\Google

2013-11-28 12:10 . 2013-11-28 12:10        --------        d-----w-        c:\program files (x86)\Google

2013-11-28 08:27 . 2013-11-28 08:27        --------        d-----w-        c:\programdata\CheckPoint

2013-11-28 08:06 . 2013-11-28 08:06        --------        d-----w-        c:\users\Percy Tibbles\AppData\Roaming\Windows Net Data

2013-11-28 08:06 . 2013-11-28 08:06        --------        d-----w-        c:\users\Percy Tibbles\AppData\Roaming\Nvu

2013-11-28 08:06 . 2013-11-28 17:03        --------        d-----w-        c:\program files (x86)\Nvu

2013-11-24 15:53 . 2013-11-24 15:53        --------        d-----w-        c:\program files (x86)\Allin1Convert_8h

2013-11-21 20:09 . 2013-11-21 20:09        --------        d-----w-        c:\program files\Uninstaller

2013-11-21 19:59 . 2013-11-21 19:59        --------        d-----w-        c:\program files (x86)\VideoPlayer

2013-11-21 19:59 . 2013-11-21 20:00        --------        d-----w-        c:\program files (x86)\Feven 1.5

2013-11-21 19:59 . 2013-11-21 20:00        --------        d-----w-        c:\program files (x86)\Plus-HD-1.3

2013-11-18 18:05 . 2013-12-04 09:45        --------        d-----w-        c:\programdata\Spybot - Search & Destroy

2013-11-18 18:05 . 2013-12-04 09:48        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy 2

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-02 16:46 . 2013-09-10 21:35        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-12-02 16:46 . 2012-04-09 20:29        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311121157}]

2013-11-21 19:59        641896        ----a-w-        c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311851132}]

2013-11-21 19:59        641896        ----a-w-        c:\program files (x86)\Feven 1.5\Feven 1.5-bho.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9}]

2013-11-30 19:39        716360        ----a-w-        c:\progra~2\VIDEOD~2\bar\1.bin\4zbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797}]

2013-11-24 15:53        62864        ----a-w-        c:\program files (x86)\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b}]

2013-11-30 19:39        62864        ----a-w-        c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d}]

2013-11-24 15:53        716360        ----a-w-        c:\progra~2\ALLIN1~2\bar\1.bin\8hbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{cd1a63ba-a08c-431b-9a34-f240aadc728d}"= "c:\program files (x86)\Allin1Convert_8h\bar\1.bin\8hbar.dll" [2013-11-24 716360]

"{48586425-6bb7-4f51-8dc6-38c88e3ebb58}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll" [2013-11-30 716360]

.

[HKEY_CLASSES_ROOT\clsid\{cd1a63ba-a08c-431b-9a34-f240aadc728d}]

.

[HKEY_CLASSES_ROOT\clsid\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"HotkeyMon"="AsusSender.exe" [2012-01-05 34728]

"HotkeyService"="AsusSender.exe" [2012-01-05 34728]

"SuperHybridEngine"="AsusSender.exe" [2012-01-05 34728]

"CapsHook"="AsusSender.exe" [2012-01-05 34728]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]

"ASUS Smart Camera"="c:\program files (x86)\ASUS\ASUS Smart Camera\SmartCamera.exe" [2012-02-03 1883824]

"iSeriesCharge"="AsusSender.exe" [2012-01-05 34728]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-04-09 3331312]

"Allin1Convert Search Scope Monitor"="c:\progra~2\ALLIN1~2\bar\1.bin\8hsrchmn.exe" [2013-11-24 44784]

"Allin1Convert_8h Browser Plugin Loader"="c:\progra~2\ALLIN1~2\bar\1.bin\8hbrmon.exe" [2013-11-24 30096]

"VideoDownloadConverter Search Scope Monitor"="c:\progra~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" [2013-11-30 44784]

"VideoDownloadConverter_4z Browser Plugin Loader"="c:\progra~2\VIDEOD~2\bar\1.bin\4zbrmon.exe" [2013-11-30 30096]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-4-9 549040]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-12-23 1131808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0\0sdnclean64.exe

.

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]

R3 DCDhcpService;DCDhcpService;c:\program files\WiSharing\DCDhcpService.exe;c:\program files\WiSharing\DCDhcpService.exe [x]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 AiDriver;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiDriver.sys;c:\windows\SYSNATIVE\DRIVERS\AiDriver.sys [x]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK WMIACPI\epcwmiacpi64.sys;c:\program files (x86)\ASUS\ATK WMIACPI\epcwmiacpi64.sys [x]

S2 Allin1Convert_8hService;Allin1ConvertService;c:\progra~2\ALLIN1~2\bar\1.bin\8hbarsvc.exe;c:\progra~2\ALLIN1~2\bar\1.bin\8hbarsvc.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S2 AsusService;Asus Launcher Service;c:\windows\SysWOW64\AsusService.exe;c:\windows\SysWOW64\AsusService.exe [x]

S2 VideoDownloadConverter_4zService;VideoDownloadConverterService;c:\progra~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe;c:\progra~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2013-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-10 16:46]

.

2013-11-21 c:\windows\Tasks\Feven 1.5-chromeinstaller.job

- c:\program files (x86)\Feven 1.5\Feven 1.5-chromeinstaller.exe [2013-11-21 19:59]

.

2013-11-21 c:\windows\Tasks\Feven 1.5-codedownloader.job

- c:\program files (x86)\Feven 1.5\Feven 1.5-codedownloader.exe [2013-11-21 19:59]

.

2013-11-21 c:\windows\Tasks\Feven 1.5-enabler.job

- c:\program files (x86)\Feven 1.5\Feven 1.5-enabler.exe [2013-11-21 20:00]

.

2013-11-21 c:\windows\Tasks\Feven 1.5-firefoxinstaller.job

- c:\program files (x86)\Feven 1.5\Feven 1.5-firefoxinstaller.exe [2013-11-21 19:59]

.

2013-11-21 c:\windows\Tasks\Feven 1.5-updater.job

- c:\program files (x86)\Feven 1.5\Feven 1.5-updater.exe [2013-11-21 20:00]

.

2013-11-21 c:\windows\Tasks\Plus-HD-1.3-chromeinstaller.job

- c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe [2013-11-21 19:59]

.

2013-11-21 c:\windows\Tasks\Plus-HD-1.3-codedownloader.job

- c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe [2013-11-21 19:59]

.

2013-11-21 c:\windows\Tasks\Plus-HD-1.3-enabler.job

- c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe [2013-11-21 19:59]

.

2013-11-21 c:\windows\Tasks\Plus-HD-1.3-firefoxinstaller.job

- c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe [2013-11-21 19:59]

.

2013-11-21 c:\windows\Tasks\Plus-HD-1.3-updater.job

- c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe [2013-11-21 20:00]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2011-05-25 07:09        227840        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2011-05-25 07:09        227840        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-21 323584]

"LiveUpdate"="AsusSender.exe" [2011-08-08 34728]

"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2011-04-14 467120]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-20 12632168]

"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2012-12-13 7138816]

"Allin1Convert Home Page Guard 64 bit"="c:\progra~2\ALLIN1~2\bar\1.bin\AppIntegrator64.exe" [2013-11-24 548936]

"VideoDownloadConverter Home Page Guard 64 bit"="c:\progra~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe" [2013-11-30 548936]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://home.tb.ask.com/index.jhtml?n=77FD35DB&p2=^AYY^xdm070^YYA^de&ptb=2FB13124-9428-43D2-8CEC-EC2C8AB3F750&si=flvrunner

uDefault_Search_URL = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1385063937&from=tugs&uid=ST9320325AS_6VDERSDMXXXX6VDERSDM&q={searchTerms}

mDefault_Page_URL = hxxp://do-search.com/?type=hp&ts=1385063937&from=tugs&uid=ST9320325AS_6VDERSDMXXXX6VDERSDM

mStart Page = hxxp://do-search.com/?type=hp&ts=1385063937&from=tugs&uid=ST9320325AS_6VDERSDMXXXX6VDERSDM

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = hxxp://do-search.com/web/?type=ds&ts=1385063937&from=tugs&uid=ST9320325AS_6VDERSDMXXXX6VDERSDM&q={searchTerms}

uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=b60e1415-7c77-d679-9b7d-8bdf5fea9143&searchtype=ds&q={searchTerms}&installDate=15/08/2013

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\

FF - prefs.js: browser.search.selectedEngine - Ask Web Search

FF - prefs.js: browser.startup.homepage - hxxp://home.tb.ask.com/index.jhtml?ptb=273B559C-CF24-4030-8746-35CC2C6FB2DE&n=77fdaabc&p2=^HJ^xdm382^YYA^de&si=pconverter

FF - prefs.js: keyword.URL - hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=273B559C-CF24-4030-8746-35CC2C6FB2DE&n=77fdaabc&ind=2013113020&p2=^HJ^xdm382^YYA^de&si=pconverter&searchfor=

FF - ExtSQL: 2013-11-18 11:06; {b60e1415-7c77-d679-9b7d-8bdf5fea9143}; c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\{b60e1415-7c77-d679-9b7d-8bdf5fea9143}

FF - ExtSQL: 2013-11-21 20:59; 509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com; c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com

FF - ExtSQL: 2013-11-28 09:37; EFGLQA@78ETGYN-0W7FN789T87.COM; c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\EFGLQA@78ETGYN-0W7FN789T87.COM

FF - ExtSQL: 2013-11-30 20:39; 4zffxtbr@VideoDownloadConverter_4z.com; c:\users\Percy Tibbles\AppData\Roaming\Mozilla\Firefox\Profiles\r6zvhpqz.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Lyrics@LyricsContainer.co - c:\program files (x86)\LyricsContainer\uninstall.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2013-12-04  11:19:38

ComboFix-quarantined-files.txt  2013-12-04 10:19

.

Vor Suchlauf: 9.079.631.872 Bytes frei

Nach Suchlauf: 8.935.448.576 Bytes frei

.

- - End Of File - - 791688B4F70843E8DCB0209FC1B1C171

A36C5E4F47E84449FF07ED3517B43A31

Lieber Schrauber,

Das Programm ist eben durchgelaufen. Ich hab das Ergenis in die Raute-Zeichen gesetzt. Denke, das war so gemeint.
Ich bin sehr vfroh, dass du dir Zeit für mein PC-Problem genommen hast. Bin ziemlich erstaunt, was da alles gefunden und gelöscht wurde.
Könntest du mir kurz schreiben, ob da ein Trojaner/Virus dabei war, der einen speziellen Namen hat? Ich würde gerne den Leuten, die in letzter Zeit Anhänge von mir erhalten haben sagen, worauf sie achten müssten.

Du hattest geschrieben, während des Prozesses die Maus nicht bewegen.
Ich habe die ersten Textzeilen mitgetippt (weil ich dachte, da stehen Anweisungen für mich, die ich nicht verlieren wollte) . Bevor Stufe 1 angezeigt wurde, hatte ich mit dem Tippen aber aufgehört.
Kurz vor Ende wurde der Monitor schwarz. Da hab ich auf die Leertaste getippt, um wieder sehen zu können.

Das Programm ist glatt durchgelaufen. Nichts hat gemeckert.

Meine letzte Frage betrifft meine externen Festplatten u. USB-Sticks. Wie würdest du vorgehen-und die scannen/reinigen?
Wenn ich die wieder verwende, geht das Spiel doch wieder von vorne los.

Ich sehe gerade, dass ich die externe Festplatte während des Scan-Vorgangs dran hatte. Ist die in einem Abwasch mitgereinigt worden?

Meine allerletzte Frage ist: konnte das, was meinen Rechner geärgert hat, auch die SD Karten meiner Digitalcamera infiziert haben?

Schöne Grüße
von Clara

Lieber Schrauber,

zunächst: Grünu. doppelt unterstrichen sind immer noch einige Worte. Ich habe das bei Antivir gesehen und auch auf eurer Seite.
Aso was das verursacht-das ist noch da.
Ich habe jetzt erstmal Antivir, die free-version installiert - damit ich wenigstens einen minimalen Schutz habe. Ich mit nur auf eurer Seite unterwegs. Allesandere lass ich mal.

Ich werde wahrscheinlich Kaspersy installieren. - Wenn du einen bestimmten Virenscanner favorisierst, lass hören.

Schöne Grüße
Clara

Guten Morgen Schrauber,

ich möchte eine kurze Rückmeldung geben.
Ich habe gestern ausserdem noch meinen Rechner aufgeräumt - einige vorinstallierte Spiele entfernt. Heute läuft die Kiste wie von allein. Das ist wunderbar! 1000x Danke!

Diese grün und doppelt unterstrichenen Worte kommen jetzt nicht mehr so häufig vor-aber sie sind vereinzelt immer noch da. Also das ist im Moment sehr zurückgegangen. -Aber so fing es auch einmal an und wurde täglich mehr.

Ich habe gestern in verschiedenen Foren gelesen mit den vorinstallierten Programmen zu tun ist, die man nicht braucht. "Einfach löschen!" hab ich mehrfach gelesen. Das machte ich. Dann am Ende bin ich auf eine andere Meinung gestoßen. Man sollte die nicht löschen, sondern deaktivieren (damit das System als ganzen stabil bleibt. Auch wenn es sich nur um Spiele handelt).
Wie ist deine Meinung dazu?

Schöne Grüße
Clara