Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Habe ich Viren oder Trojaner auf meinem PC? (https://www.trojaner-board.de/135639-habe-viren-trojaner-meinem-pc.html)

Bluebird55 27.05.2013 17:11
Habe ich Viren oder Trojaner auf meinem PC?
 
Hallo!

leider habe ich mehrere verschiedene Probleme, die sich unterschiedlich auf meinen PC auswirken und ich weiß auch nicht, ob da ein Zusammenhang besteht. Daher stelle ich eine kleine Liste zusammen und hoffe, dass Ihr mir helfen könnt. Vielen Dank!

1. Avira: 'Gruppenrichtlinie'
2. Malebytesantimaleware: 'Gruppenrichtlinie'

Beide Programme lassen sich nicht aufrufen! Es erscheint jeweils eine Meldung, dass die Ausführung des jeweiligen Programms durch eine 'Gruppenrichtlinie' nicht möglich ist.
Ich weiß auch nicht, ob die Programme noch auf dem Rechner sind, da sie nicht mehr in der Liste der Software-Programme auftauchen.

3. mit Maus markieren: Einfaches Markieren mit der Maus ist nicht möglich da die Markierung immer 'verspringt'!
4. Mausklick: bei einem Einfachklick scheint es oft einen 'Doppel'-Klick zu machen!
5. Akzent: macht doppelten Akzent (z.B. ´´) bevor ich den dazugehörigen Vokal (z.B. e) eingeben kann!
6. Windows-Update: es bleibt immer ein nicht installiertes Update übrig mit dem Fehler-Code: 8004FF80
7. Nach dem Hochfahren des Computers kann ich oft nicht sofort Mozilla Thunderbird starten. Erst nach längerer Wartezeit lässt es sich starten und auch dann bockt es oft noch mit der Fehlermeldung: 'keine Rückmeldung'!

Leider weiß ich nicht, ob es zwischen diesen diversen Problemen einen Zusammenhang gibt, aber ich wollte doch soweit mir bekannt alles angeben, was ich dazu mitteilen kann.

Für eine Hilfe wäre ich sehr dankbar!

P.S.: Leider konnte ich mir noch nicht das 'defogger' herunterladen, da ein kleines Fenster mit der Frage 'Disable' oder 'Re-enalbe' erscheint und ich nicht weiß, was ich da zuerst machen muss!

schrauber 27.05.2013 17:41
hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32bit oder FRST 64bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Bluebird55 27.05.2013 19:08
Hallo Schrauber, danke erstmal! Hier das Ergebnis:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2013
Ran by Friedrich at 2013-05-27 20:06:51 Run:
Running from C:\Users\Friedrich\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Advertising Center (Version: 0.0.0.2)
Agatha Christie - Death on the Nile (Version: 2.2.0.95)
Agent Ransack 2010 (64-bit)
Amazon MP3-Downloader 1.0.17 (Version: 1.0.17)
Apple Application Support (Version: 2.1.7)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
CCleaner (Version: 4.00)
Chuzzle Deluxe (Version: 2.2.0.95)
D3DX10 (Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
DRIVERfighter (Version: 1.1.31)
Efficient Diary 3.0
eMachines Game Console
eMachines Games (Version: 1.0.1.3)
eMachines Recovery Management (Version: 4.05.3013)
eMachines Registration (Version: 1.03.3003)
eMachines ScreenSaver (Version: 1.1.0825.2010)
eMachines Updater (Version: 1.02.3001)
Farm Frenzy (Version: 2.2.0.95)
FATE (Version: 2.2.0.95)
Fighters (Version: 4.1.265)
Final Drive Nitro (Version: 2.2.0.95)
Free Studio version 5.5.0 (Version: 5.5.0)
Free YouTube Download version 3.1.39.1015 (Version: 3.1.39.1015)
Free YouTube to MP3 Converter version 3.11.26.706 (Version: 3.11.26.706)
FULL-DISKfighter (Version: 1.4.28)
GIMP 2.6.8
Google Update Helper (Version: 1.3.21.111)
Hotkey Utility (Version: 2.05.3009)
Identity Card (Version: 1.00.3003)
ImagXpress (Version: 7.0.74.0)
Insaniquarium Deluxe (Version: 2.2.0.95)
Internet-TV für Windows Media Center (Version: 4.2.2.0)
Jardinains!
Java(TM) 6 Update 29 (Version: 6.0.290)
Java(TM) 6 Update 31 (Version: 6.0.310)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
John Deere Drive Green (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware Version 1.65.0.1400 (Version: 1.65.0.1400)
map&guide base (Version: 1.05.00000)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft AutoRoute 2002 (Version: 9.00.17.0200)
Microsoft Encarta Enzyklopädie 2002 (Version: 2002)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Starter 2010 - Deutsch (Version: 14.0.4763.1000)
Microsoft Picture It! Foto 2002 (Version: 6.0.0.0000)
Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word 2002 (Version: 10.0.6626.0)
Microsoft Works 2002-Setup-Start
Microsoft Works 6.0 (Version: 06.00.0000)
Microsoft Works Suite-Add-Ins für Microsoft Word (Version: 2.0.0.0000)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Mozilla Firefox 20.0.1 (x86 de) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 17.0.6)
Mozilla Thunderbird 17.0.6 (x86 de) (Version: 17.0.6)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 9 Essentials
Nero ControlCenter (Version: 9.0.0.1)
Nero DiscSpeed (Version: 5.4.13.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.12.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.4.37.100)
Nero InfoTool (Version: 6.4.12.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero StartSmart (Version: 9.4.37.100)
Nero StartSmart Help (Version: 9.4.27.100)
Nero StartSmart OEM (Version: 9.15.0.100)
NeroExpress (Version: 9.4.37.100)
neroxml (Version: 1.0.0)
Nokia Connectivity Cable Driver (Version: 7.1.101.0)
Nokia Suite (Version: 3.7.22.0)
NVIDIA Grafiktreiber 266.84 (Version: 266.84)
NVIDIA Install Application (Version: 2.1002.109.718)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6684)
NVIDIA Systemsteuerung 266.84 (Version: 266.84)
OpenOffice.org 3.3 (Version: 3.3.9567)
Opera 12.15 (Version: 12.15.1748)
PC Connectivity Solution (Version: 12.0.76.0)
Penguins! (Version: 2.2.0.95)
PhotoScape
Plants vs. Zombies (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Realtek High Definition Audio Driver (Version: 6.0.1.6662)
Shockwave
SLOW-PCfighter (Version: 1.7.35)
Sonnensystem 3.0 (Version: 1.0.0)
SPYWAREfighter (Version: 4.1.265)
Stellarium 0.11.4 (Version: 0.11.4)
Teachmaster 4.3 (nur Entfernen)
TuneUp Utilities 2012 (Version: 12.0.3600.73)
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.73)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
VLC media player 2.0.6 (Version: 2.0.6)
Welcome Center (Version: 1.02.3005)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Center Add-in for Silverlight (Version: 4.7.3.0)
Windows-Treiberpaket - Intel hdc (10/05/2012 9.1.9.1002) (Version: 10/05/2012 9.1.9.1002)
Windows-Treiberpaket - Intel System (10/05/2012 9.1.9.1002) (Version: 10/05/2012 9.1.9.1002)
Windows-Treiberpaket - Intel USB (10/05/2012 9.1.9.1002) (Version: 10/05/2012 9.1.9.1002)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
Windows-Treiberpaket - NVIDIA Corporation (NVHDA) MEDIA (12/18/2012 1.3.23.1) (Version: 12/18/2012 1.3.23.1)
Windows-Treiberpaket - Realtek (RTL8167) Net (12/26/2012 7.067.1226.2012) (Version: 12/26/2012 7.067.1226.2012)
Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (06/19/2012 6.0.1.6662) (Version: 06/19/2012 6.0.1.6662)
Works Suite-Betriebssystem-Pack (Version: 1.0.0.0000)
Works-Synchronisierung (Version: 1.0.0.0000)
x-plugin-0
Zuma Deluxe (Version: 2.2.0.95)
Zuma's Revenge (Version: 2.2.0.95)

==================== Restore Points =========================

24-05-2013 18:23:35 Windows Update
27-05-2013 13:59:00 Wiederherstellungsvorgang
27-05-2013 15:05:49 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2013 05:08:19 PM) (Source: Microsoft Security Client Setup) (User: MACK327)
Description: HRESULT:0x8004FF80
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x8004FF80.

Error: (05/27/2013 05:08:09 PM) (Source: MsiInstaller) (User: MACK327)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (05/26/2013 10:23:50 PM) (Source: Application Hang) (User: )
Description: Programm thunderbird.exe, Version 17.0.6.4877 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d80

Startzeit: 01ce5a4ea23a6e53

Endzeit: 34

Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

Berichts-ID: 24426c1a-c642-11e2-b819-1078d2cc536b

Error: (05/24/2013 09:19:32 PM) (Source: Application Hang) (User: )
Description: Programm thunderbird.exe, Version 17.0.6.4877 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 944

Startzeit: 01ce58b181db7fde

Endzeit: 15

Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

Berichts-ID: d8d04c3a-c4a6-11e2-aff2-1078d2cc536b

Error: (05/24/2013 09:03:57 PM) (Source: Application Hang) (User: )
Description: Programm thunderbird.exe, Version 17.0.6.4877 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d94

Startzeit: 01ce58b132376ec3

Endzeit: 31

Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

Berichts-ID: ab264267-c4a4-11e2-aff2-1078d2cc536b

Error: (05/24/2013 08:24:47 PM) (Source: Microsoft Security Client Setup) (User: NT-AUTORITÄT)
Description: HRESULT:0x8004FF80
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x8004FF80.

Error: (05/24/2013 08:24:46 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (05/24/2013 08:23:34 PM) (Source: Application Hang) (User: )
Description: Programm thunderbird.exe, Version 17.0.6.4877 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 608

Startzeit: 01ce58a79b47838a

Endzeit: 16

Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

Berichts-ID: 05e4d97f-c49f-11e2-9529-1078d2cc536b

Error: (05/24/2013 07:55:48 PM) (Source: Microsoft Security Client Setup) (User: MACK327)
Description: HRESULT:0x8004FF80
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x8004FF80.

Error: (05/24/2013 07:55:39 PM) (Source: MsiInstaller) (User: MACK327)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.


System errors:
=============
Error: (05/27/2013 05:53:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (05/27/2013 05:09:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update for Microsoft Security Essentials - KB2804527 (4.2.223.1)

Error: (05/27/2013 04:09:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (05/27/2013 04:07:06 PM) (Source: Microsoft Antimalware) (User: )
Description: Beim Laden der Signaturen wurde von %60 ein Fehler festgestellt. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.

Versuchte Signaturen: %24

Fehlercode: 0x80070002

Fehlerbeschreibung: Das System kann die angegebene Datei nicht finden.

Signaturversion: 1.151.842.0;1.151.842.0

Modulversion: %600

Error: (05/27/2013 03:10:50 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (05/27/2013 03:10:49 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (05/27/2013 02:25:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (05/27/2013 00:09:03 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (05/26/2013 11:44:12 PM) (Source: Service Control Manager) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/26/2013 11:36:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126


Microsoft Office Sessions:
=========================
Error: (05/27/2013 05:08:19 PM) (Source: Microsoft Security Client Setup)(User: MACK327)
Description: HRESULT:0x8004FF80
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x8004FF80.

Error: (05/27/2013 05:08:09 PM) (Source: MsiInstaller)(User: MACK327)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/26/2013 10:23:50 PM) (Source: Application Hang)(User: )
Description: thunderbird.exe17.0.6.4877d8001ce5a4ea23a6e5334C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe24426c1a-c642-11e2-b819-1078d2cc536b

Error: (05/24/2013 09:19:32 PM) (Source: Application Hang)(User: )
Description: thunderbird.exe17.0.6.487794401ce58b181db7fde15C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exed8d04c3a-c4a6-11e2-aff2-1078d2cc536b

Error: (05/24/2013 09:03:57 PM) (Source: Application Hang)(User: )
Description: thunderbird.exe17.0.6.4877d9401ce58b132376ec331C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exeab264267-c4a4-11e2-aff2-1078d2cc536b

Error: (05/24/2013 08:24:47 PM) (Source: Microsoft Security Client Setup)(User: NT-AUTORITÄT)
Description: HRESULT:0x8004FF80
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x8004FF80.

Error: (05/24/2013 08:24:46 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/24/2013 08:23:34 PM) (Source: Application Hang)(User: )
Description: thunderbird.exe17.0.6.487760801ce58a79b47838a16C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe05e4d97f-c49f-11e2-9529-1078d2cc536b

Error: (05/24/2013 07:55:48 PM) (Source: Microsoft Security Client Setup)(User: MACK327)
Description: HRESULT:0x8004FF80
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x8004FF80.

Error: (05/24/2013 07:55:39 PM) (Source: MsiInstaller)(User: MACK327)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 4095.24 MB
Available physical RAM: 2182.3 MB
Total Pagefile: 8188.67 MB
Available Pagefile: 6007.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:916.91 GB) (Free:843.7 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 0F7E7F14)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-05-2013
Ran by Friedrich (administrator) on 27-05-2013 20:05:32
Running from C:\Users\Friedrich\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources) C:\Users\Friedrich\AppData\Roaming\Qyynu\onis.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
(Preventon Technologies Limited) C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
(Preventon Technologies Limited) C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\FighterSuiteService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
(Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\MSWorks.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Farbar) C:\Users\Friedrich\Downloads\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKCU\...\Run: [] [x]
HKCU\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1090040 2012-12-21] (Nokia)
HKCU\...\Run: [Rybearpye] C:\Users\Friedrich\AppData\Roaming\Qyynu\onis.exe [229888 2012-03-21] (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1480736 2013-03-29] (SPAMfighter ApS)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [154144 2010-07-29] ()
IMEO: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\nokiasuite.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
Startup: C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {DFE479D3-C985-4C4F-B631-AAC8F63DFD2B} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=c07f8587-d6ca-47e1-9882-df6556140c4b&apn_sauid=35394BE4-D0DB-41CB-B55D-389AAA2E4BDB
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - xplugin - {DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - C:\Users\Friedrich\AppData\Roaming\xplugin\toolbar.dll ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - No File
Handler: msdaipp - No CLSID Value -
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Flagfox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: ReminderFox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF Extension: IMinent Toolbar - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
FF Extension: movie2kdownloader - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi
FF Extension: text2voice - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\text2voice@vik.josh.xpi
FF Extension: No Name - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG)
S3 Common Toolkit 2; C:\Program Files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe [338432 2013-04-08] (SPAMfighter ApS)
S4 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [246520 2010-04-04] (WildTangent, Inc.)
S4 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [399432 2012-09-07] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [676936 2012-09-07] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)
R2 Suite Service; C:\Program Files (x86)\Fighters\FighterSuiteService.exe [1281568 2013-03-18] (SPAMfighter ApS)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R2 AV Engine Scanning Service; C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe [x]
R2 AV Watch Service; C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe [x]
S2 HPSLPSVC; C:\Users\FRIEDR~1\AppData\Local\Temp\7zS2056\hpslpsvc64.dll [x]

==================== Drivers (Whitelisted) ====================

R3 AVFSFilter; C:\Windows\System32\DRIVERS\avfsfilter.sys [13720 2012-09-17] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-03-29] (TuneUp Software)
R2 avgntflt; system32\DRIVERS\avgntflt.sys [x]
R1 avipbb; system32\DRIVERS\avipbb.sys [x]
R1 avkmgr; system32\DRIVERS\avkmgr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-27 20:05 - 2013-05-27 20:05 - 00000000 ____D C:\FRST
2013-05-27 20:04 - 2013-05-27 20:04 - 01915616 ____A (Farbar) C:\Users\Friedrich\Downloads\FRST64 (1).exe
2013-05-27 20:03 - 2013-05-27 20:03 - 01915616 ____A (Farbar) C:\Users\Friedrich\Downloads\FRST64.exe
2013-05-27 17:57 - 2013-05-27 17:57 - 00050477 ____A C:\Users\Friedrich\Downloads\Defogger.exe
2013-05-27 17:51 - 2013-05-27 17:51 - 00000056 ____A C:\Windows\setupact.log
2013-05-27 17:50 - 2013-05-27 17:50 - 00410824 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-27 17:08 - 2013-05-27 17:08 - 00109120 ____A C:\Users\Friedrich\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-27 17:07 - 2013-05-27 17:07 - 00000000 ____D C:\Windows\Temp249118D2-EA98-01BC-5DED-54F8AAE73DCF-Signatures
2013-05-24 20:24 - 2013-05-27 16:04 - 00000000 ____D C:\Windows\TempDA294B54-90F4-DBDA-E468-6B138DD8D7A6-Signatures
2013-05-24 19:55 - 2013-05-24 19:55 - 00000000 ____D C:\Windows\Temp7EBDBC94-E9AC-C197-19D9-C5F4D2574315-Signatures
2013-05-22 16:37 - 2013-05-22 16:38 - 19677152 ____A (Mozilla) C:\Users\Friedrich\Downloads\Thunderbird_Setup_17.0.6.exe
2013-05-19 16:24 - 2013-05-19 16:24 - 00000000 ____D C:\Windows\TempF45BB662-C4CC-0626-1144-8A26E2AB3719-Signatures
2013-05-18 21:53 - 2013-05-18 21:53 - 00000000 ____D C:\Windows\Temp154576B1-829B-4C02-75E9-E473E7645806-Signatures
2013-05-18 21:51 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-18 21:51 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-18 21:51 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-18 21:51 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-18 21:51 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-18 21:51 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-18 21:51 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-18 21:51 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-18 21:51 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-18 21:51 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-18 21:50 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-18 21:50 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-18 21:50 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-18 21:50 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-18 21:50 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-18 21:50 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-18 21:50 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-18 21:50 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-18 21:50 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-18 21:50 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-18 21:50 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-18 21:50 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-18 21:50 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-18 21:50 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 18:48 - 2013-05-14 18:48 - 00000000 ____D C:\Windows\TempD4431C01-97E5-0993-763E-64CBE77FC181-Signatures
2013-05-14 14:05 - 2013-05-14 14:07 - 00000000 ____D C:\Users\Friedrich\CT
2013-05-13 21:56 - 2013-05-22 23:34 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Azxeu
2013-05-13 21:56 - 2013-05-13 21:56 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Qyynu
2013-05-13 21:56 - 2013-05-13 21:56 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Mied
2013-05-10 19:14 - 2013-05-10 19:14 - 00000000 ____D C:\Windows\Temp74E1B6FB-072C-7531-0CD9-27780464EBF6-Signatures
2013-05-10 02:28 - 2013-05-10 02:28 - 00000037 ____A C:\Users\Friedrich\.gtk-bookmarks
2013-05-07 16:09 - 2013-05-07 16:09 - 00000000 ____D C:\Windows\TempD36FD95A-20F7-DF91-C8D0-7E14904625F4-Signatures
2013-05-06 20:19 - 2013-05-06 20:19 - 00000000 ____D C:\Windows\TempBCC69D3A-2B4D-AA15-DE67-23731A485793-Signatures
2013-05-06 02:10 - 2012-06-19 16:54 - 04065296 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2013-05-06 02:10 - 2012-06-19 13:31 - 00293889 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT
2013-05-06 02:10 - 2012-06-14 13:43 - 05096448 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2013-05-06 02:10 - 2012-06-08 16:18 - 03615888 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2013-05-06 02:10 - 2012-06-06 10:44 - 00869520 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2013-05-06 02:10 - 2012-06-01 09:37 - 02674320 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2013-05-06 02:10 - 2012-05-31 18:08 - 00105616 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2013-05-06 02:10 - 2012-05-17 11:29 - 07163744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
2013-05-06 02:10 - 2012-05-17 11:29 - 00433504 ____A (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
2013-05-06 02:10 - 2012-05-17 11:29 - 00141152 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
2013-05-06 02:10 - 2012-05-17 11:29 - 00123744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
2013-05-06 02:10 - 2012-05-17 11:29 - 00074592 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
2013-05-06 02:10 - 2012-05-10 15:22 - 01262696 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2013-05-06 02:10 - 2012-04-10 14:40 - 02533952 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2013-05-06 02:10 - 2012-04-03 18:42 - 01345368 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek264.dll
2013-05-06 02:10 - 2012-04-03 18:42 - 01015640 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell64.dll
2013-05-06 02:10 - 2012-02-21 19:45 - 02605400 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll
2013-05-06 02:10 - 2012-02-17 15:54 - 00396632 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxVolumeSDAPO.dll
2013-05-06 02:10 - 2012-02-14 00:05 - 08363864 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek.dll
2013-05-06 02:10 - 2012-01-30 11:43 - 00836544 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo264.dll
2013-05-06 02:10 - 2012-01-23 22:30 - 00537456 ____A (DTS) C:\Windows\System32\DTSU2PLFX64.dll
2013-05-06 02:10 - 2012-01-23 22:30 - 00524656 ____A (DTS) C:\Windows\System32\DTSU2PGFX64.dll
2013-05-06 02:10 - 2012-01-23 22:30 - 00449392 ____A (DTS) C:\Windows\System32\DTSU2PREC64.dll
2013-05-06 02:10 - 2012-01-10 10:20 - 00065944 ____A (TOSHIBA CORPORATION.) C:\Windows\System32\tepeqapo64.dll
2013-05-06 02:10 - 2011-12-20 15:32 - 00331880 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll
2013-05-06 02:10 - 2011-12-20 05:43 - 00220776 ____A (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2013-05-06 02:10 - 2011-12-18 17:58 - 02131288 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll
2013-05-06 02:10 - 2011-12-13 16:58 - 01560168 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2013-05-06 02:10 - 2011-11-22 16:28 - 00014952 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR64.dll
2013-05-06 02:10 - 2011-09-02 14:21 - 00221024 ____A (Synopsys, Inc.) C:\Windows\System32\SFNHK64.dll
2013-05-06 02:10 - 2011-09-02 14:21 - 00081248 ____A (Synopsys, Inc.) C:\Windows\System32\SFCOM64.dll
2013-05-06 02:10 - 2011-09-02 14:21 - 00078688 ____A (Synopsys, Inc.) C:\Windows\System32\SFAPO64.dll
2013-05-06 02:10 - 2011-08-23 17:00 - 00603984 ____A (Knowles Acoustics ) C:\Windows\System32\KAAPORT64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 01756264 ____A (DTS) C:\Windows\System32\DTSS2SpeakerDLL64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 01568360 ____A (DTS) C:\Windows\System32\DTSS2HeadphoneDLL64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 00712296 ____A (DTS) C:\Windows\System32\DTSSymmetryDLL64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 00693352 ____A (DTS) C:\Windows\System32\DTSVoiceClarityDLL64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 00491112 ____A (DTS) C:\Windows\System32\DTSNeoPCDLL64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 00432744 ____A (DTS) C:\Windows\System32\DTSLimiterDLL64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 00242792 ____A (DTS) C:\Windows\System32\DTSLFXAPO64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 00241768 ____A (DTS) C:\Windows\System32\DTSGFXAPONS64.dll
2013-05-06 02:10 - 2011-03-17 12:17 - 01361336 ____A (TOSHIBA Corporation) C:\Windows\System32\tosade.dll
2013-05-06 02:10 - 2011-03-07 17:11 - 00148416 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo.dll
2013-05-06 02:10 - 2010-11-08 07:31 - 00375128 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll
2013-05-06 02:10 - 2010-11-08 07:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll
2013-05-06 02:10 - 2010-11-08 07:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll
2013-05-06 02:10 - 2010-11-08 07:31 - 00204120 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll
2013-05-06 02:10 - 2010-11-08 07:31 - 00101208 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll
2013-05-06 02:10 - 2010-11-08 07:31 - 00078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll
2013-05-06 02:10 - 2010-11-03 18:30 - 00149608 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll
2013-05-06 02:10 - 2010-10-03 13:46 - 00341336 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO30.dll
2013-05-06 02:10 - 2010-09-27 09:34 - 00318808 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll
2013-05-06 02:10 - 2010-07-22 16:48 - 00074064 ____A (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2013-05-06 02:10 - 2009-11-24 09:55 - 00518896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll
2013-05-06 02:10 - 2009-11-24 09:55 - 00211184 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll
2013-05-06 02:10 - 2009-11-24 09:55 - 00198896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll
2013-05-06 02:10 - 2009-11-24 09:55 - 00155888 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll
2013-05-06 02:09 - 2012-03-08 11:47 - 00202336 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2013-05-06 02:09 - 2012-03-08 11:47 - 00108640 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll
2013-05-06 02:09 - 2011-05-31 09:42 - 01486952 ____A (DTS) C:\Windows\System32\DTSBoostDLL64.dll
2013-05-06 02:09 - 2011-05-31 09:42 - 00728680 ____A (DTS) C:\Windows\System32\DTSBassEnhancementDLL64.dll
2013-05-06 02:09 - 2011-05-31 09:42 - 00428648 ____A (DTS) C:\Windows\System32\DTSGainCompensatorDLL64.dll
2013-05-06 02:09 - 2011-05-31 09:42 - 00242792 ____A (DTS) C:\Windows\System32\DTSGFXAPO64.dll
2013-05-06 02:08 - 2012-12-26 18:26 - 00805088 ____A (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys
2013-05-06 02:08 - 2012-12-26 18:26 - 00074344 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RtNicProp64.dll
2013-05-06 02:05 - 2013-01-29 05:35 - 00194488 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2013-05-06 02:05 - 2013-01-29 05:35 - 00031672 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2013-05-05 01:00 - 2013-05-05 01:00 - 00000000 ____A C:\Windows\setuperr.log
2013-05-05 00:42 - 2013-05-05 00:42 - 00290816 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2013-05-05 00:42 - 2013-05-05 00:42 - 00074752 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2013-05-05 00:41 - 2013-05-05 00:41 - 00000315 ____A C:\Windows\ST6UNST.000
2013-05-02 22:56 - 2013-05-02 22:56 - 00000000 ____D C:\Windows\Temp834438DD-DD8A-86AE-A13B-18F47FD436F8-Signatures
2013-05-02 22:47 - 2013-05-02 22:47 - 00000000 ____D C:\Windows\Temp84C3D619-0598-7764-FD96-DFC565DC8FD6-Signatures
2013-05-02 16:09 - 2013-05-02 16:09 - 00000000 ___AD C:\Program Files (x86)\FromDocToPDF_65EI
2013-05-02 15:53 - 2013-05-27 18:00 - 00000406 ____A C:\Windows\Tasks\DRIVERfighter Auto Start.job
2013-05-02 15:53 - 2013-05-02 15:54 - 00000000 ____D C:\ProgramData\BSD
2013-05-02 15:53 - 2013-05-02 15:53 - 00002145 ____A C:\Users\Public\Desktop\DRIVERfighter.lnk
2013-05-01 23:31 - 2013-05-02 21:57 - 00000583 ____A C:\Windows\System32\MyDefrag.debuglog
2013-05-01 23:30 - 2013-05-01 23:30 - 00002013 ____A C:\Users\Public\Desktop\FULL-DISKfighter.lnk
2013-05-01 23:12 - 2013-05-01 23:12 - 00000206 ____A C:\Users\Friedrich\Documents\cc_20130501_231214.reg
2013-05-01 22:52 - 2013-05-27 17:51 - 00000392 ____A C:\Windows\Tasks\SLOW-PCfighter64-Friedrich-Notification.job
2013-05-01 22:52 - 2013-05-01 22:52 - 00002057 ____A C:\Users\Public\Desktop\SLOW-PCfighter.lnk
2013-05-01 22:51 - 2013-05-01 22:51 - 00000000 ____D C:\Program Files\Fighters
2013-05-01 14:17 - 2013-05-01 14:18 - 00000000 ____D C:\Windows\Temp55F0949B-8A90-1527-5654-B1366872E9CB-Signatures
2013-05-01 13:10 - 2013-05-01 13:10 - 00000000 ____D C:\Windows\TempFB35FD7F-1ED1-8A86-7D89-C36D3F2738BB-Signatures
2013-04-30 01:57 - 2013-04-30 01:57 - 00000000 ___HD C:\Windows\AxInstSV
2013-04-28 23:43 - 2013-04-29 20:30 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Emwied
2013-04-28 23:43 - 2013-04-28 23:43 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Awhan
2013-04-27 14:19 - 2013-04-29 21:10 - 00000000 ____D C:\Windows\Temp22A20089-2110-14E1-9571-C221261B9BC4-Signatures
2013-04-27 13:47 - 2013-04-27 13:48 - 00000000 ____D C:\Windows\Temp0B095ADC-70E4-20B4-1963-D2799FB171D2-Signatures

==================== One Month Modified Files and Folders =======

2013-05-27 20:05 - 2013-05-27 20:05 - 00000000 ____D C:\FRST
2013-05-27 20:04 - 2013-05-27 20:04 - 01915616 ____A (Farbar) C:\Users\Friedrich\Downloads\FRST64 (1).exe
2013-05-27 20:03 - 2013-05-27 20:03 - 01915616 ____A (Farbar) C:\Users\Friedrich\Downloads\FRST64.exe
2013-05-27 20:00 - 2011-09-23 12:48 - 00000000 ___RD C:\Users\Friedrich\Eigene Texte
2013-05-27 19:55 - 2012-11-10 13:48 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-27 18:00 - 2013-05-02 15:53 - 00000406 ____A C:\Windows\Tasks\DRIVERfighter Auto Start.job
2013-05-27 17:58 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-27 17:58 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-27 17:57 - 2013-05-27 17:57 - 00050477 ____A C:\Users\Friedrich\Downloads\Defogger.exe
2013-05-27 17:55 - 2012-09-08 01:35 - 01868839 ____A C:\Windows\WindowsUpdate.log
2013-05-27 17:53 - 2009-07-14 04:34 - 00000466 ____A C:\Windows\win.ini
2013-05-27 17:51 - 2013-05-27 17:51 - 00000056 ____A C:\Windows\setupact.log
2013-05-27 17:51 - 2013-05-01 22:52 - 00000392 ____A C:\Windows\Tasks\SLOW-PCfighter64-Friedrich-Notification.job
2013-05-27 17:51 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-27 17:50 - 2013-05-27 17:50 - 00410824 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-27 17:08 - 2013-05-27 17:08 - 00109120 ____A C:\Users\Friedrich\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-27 17:08 - 2012-11-07 19:26 - 00002113 ____A C:\Windows\epplauncher.mif
2013-05-27 17:07 - 2013-05-27 17:07 - 00000000 ____D C:\Windows\Temp249118D2-EA98-01BC-5DED-54F8AAE73DCF-Signatures
2013-05-27 16:06 - 2011-10-21 14:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-27 16:06 - 2011-09-21 17:16 - 00000000 ____D C:\users\Friedrich
2013-05-27 16:04 - 2013-05-24 20:24 - 00000000 ____D C:\Windows\TempDA294B54-90F4-DBDA-E468-6B138DD8D7A6-Signatures
2013-05-27 16:04 - 2012-11-19 19:44 - 00000000 ____D C:\Users\Friedrich\AppData\Local\Mozilla
2013-05-27 16:04 - 2011-11-10 00:53 - 00000000 ____D C:\ProgramData\clp
2013-05-27 16:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-05-25 02:33 - 2011-10-12 19:27 - 00000000 ____D C:\Users\Friedrich\AppData\Local\CrashDumps
2013-05-24 19:55 - 2013-05-24 19:55 - 00000000 ____D C:\Windows\Temp7EBDBC94-E9AC-C197-19D9-C5F4D2574315-Signatures
2013-05-22 23:34 - 2013-05-13 21:56 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Azxeu
2013-05-22 19:52 - 2012-10-15 13:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-22 16:40 - 2011-09-25 11:23 - 00000000 ____D C:\Users\Friedrich\AppData\Local\Thunderbird
2013-05-22 16:40 - 2011-09-25 11:21 - 00002099 ____A C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-05-22 16:40 - 2011-09-25 11:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-05-22 16:38 - 2013-05-22 16:37 - 19677152 ____A (Mozilla) C:\Users\Friedrich\Downloads\Thunderbird_Setup_17.0.6.exe
2013-05-19 18:22 - 2012-11-06 23:43 - 00000078 ____A C:\Users\Friedrich\AppData\Roaming\mbam.context.scan
2013-05-19 16:24 - 2013-05-19 16:24 - 00000000 ____D C:\Windows\TempF45BB662-C4CC-0626-1144-8A26E2AB3719-Signatures
2013-05-18 22:07 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-05-18 21:58 - 2011-09-21 18:29 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-18 21:56 - 2011-03-28 20:10 - 00654594 ____A C:\Windows\System32\perfh007.dat
2013-05-18 21:56 - 2011-03-28 20:10 - 00130208 ____A C:\Windows\System32\perfc007.dat
2013-05-18 21:56 - 2009-07-14 07:13 - 01521310 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-18 21:53 - 2013-05-18 21:53 - 00000000 ____D C:\Windows\Temp154576B1-829B-4C02-75E9-E473E7645806-Signatures
2013-05-15 14:55 - 2012-05-08 10:08 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 14:55 - 2011-09-28 19:16 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 18:48 - 2013-05-14 18:48 - 00000000 ____D C:\Windows\TempD4431C01-97E5-0993-763E-64CBE77FC181-Signatures
2013-05-14 14:07 - 2013-05-14 14:05 - 00000000 ____D C:\Users\Friedrich\CT
2013-05-13 21:56 - 2013-05-13 21:56 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Qyynu
2013-05-13 21:56 - 2013-05-13 21:56 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Mied
2013-05-10 19:14 - 2013-05-10 19:14 - 00000000 ____D C:\Windows\Temp74E1B6FB-072C-7531-0CD9-27780464EBF6-Signatures
2013-05-10 02:33 - 2011-09-25 16:00 - 00000000 ____D C:\Users\Friedrich\.gimp-2.6
2013-05-10 02:29 - 2012-06-18 22:32 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\gtk-2.0
2013-05-10 02:28 - 2013-05-10 02:28 - 00000037 ____A C:\Users\Friedrich\.gtk-bookmarks
2013-05-10 02:22 - 2011-09-25 14:54 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\PhotoScape
2013-05-07 16:09 - 2013-05-07 16:09 - 00000000 ____D C:\Windows\TempD36FD95A-20F7-DF91-C8D0-7E14904625F4-Signatures
2013-05-06 20:19 - 2013-05-06 20:19 - 00000000 ____D C:\Windows\TempBCC69D3A-2B4D-AA15-DE67-23731A485793-Signatures
2013-05-06 02:12 - 2011-04-07 13:59 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-05-06 02:11 - 2011-10-12 18:52 - 00000000 ____D C:\Program Files\DIFX
2013-05-05 01:00 - 2013-05-05 01:00 - 00000000 ____A C:\Windows\setuperr.log
2013-05-05 00:42 - 2013-05-05 00:42 - 00290816 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2013-05-05 00:42 - 2013-05-05 00:42 - 00074752 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2013-05-05 00:41 - 2013-05-05 00:41 - 00000315 ____A C:\Windows\ST6UNST.000
2013-05-02 23:51 - 2011-10-03 12:08 - 00000000 ____D C:\Program Files\Google
2013-05-02 23:51 - 2011-09-25 14:54 - 00000000 ____D C:\Program Files (x86)\Google
2013-05-02 23:27 - 2011-09-27 15:12 - 00002318 ____A C:\Users\Friedrich\Desktop\Internet Explorer.lnk
2013-05-02 22:56 - 2013-05-02 22:56 - 00000000 ____D C:\Windows\Temp834438DD-DD8A-86AE-A13B-18F47FD436F8-Signatures
2013-05-02 22:55 - 2011-10-03 12:07 - 00000000 ____D C:\Users\Friedrich\AppData\Local\Google
2013-05-02 22:47 - 2013-05-02 22:47 - 00000000 ____D C:\Windows\Temp84C3D619-0598-7764-FD96-DFC565DC8FD6-Signatures
2013-05-02 21:57 - 2013-05-01 23:31 - 00000583 ____A C:\Windows\System32\MyDefrag.debuglog
2013-05-02 21:49 - 2012-11-07 19:12 - 00000000 ____D C:\Users\Friedrich\Documents\avira_registry_70012cleaner_de
2013-05-02 21:49 - 2011-09-23 12:46 - 00000000 ____D C:\OfficeUpdate11
2013-05-02 21:49 - 2010-09-02 10:58 - 00000000 ___HD C:\OEM
2013-05-02 21:49 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-05-02 21:48 - 2013-03-20 15:29 - 00000000 ____D C:\MFT 186073
2013-05-02 21:48 - 2011-04-07 14:02 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-02 17:29 - 2012-04-23 14:21 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-02 16:09 - 2013-05-02 16:09 - 00000000 ___AD C:\Program Files (x86)\FromDocToPDF_65EI
2013-05-02 15:54 - 2013-05-02 15:53 - 00000000 ____D C:\ProgramData\BSD
2013-05-02 15:53 - 2013-05-02 15:53 - 00002145 ____A C:\Users\Public\Desktop\DRIVERfighter.lnk
2013-05-02 15:53 - 2012-11-03 12:50 - 00000000 ____D C:\Program Files (x86)\Fighters
2013-05-02 15:53 - 2011-11-10 00:53 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Fighters
2013-05-02 15:52 - 2011-11-10 00:51 - 00000000 ____D C:\ProgramData\Fighters
2013-05-01 23:30 - 2013-05-01 23:30 - 00002013 ____A C:\Users\Public\Desktop\FULL-DISKfighter.lnk
2013-05-01 23:30 - 2011-11-10 00:52 - 00000000 ____D C:\ProgramData\Common Toolkit Suite
2013-05-01 23:12 - 2013-05-01 23:12 - 00000206 ____A C:\Users\Friedrich\Documents\cc_20130501_231214.reg
2013-05-01 22:52 - 2013-05-01 22:52 - 00002057 ____A C:\Users\Public\Desktop\SLOW-PCfighter.lnk
2013-05-01 22:51 - 2013-05-01 22:51 - 00000000 ____D C:\Program Files\Fighters
2013-05-01 20:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-01 14:18 - 2013-05-01 14:17 - 00000000 ____D C:\Windows\Temp55F0949B-8A90-1527-5654-B1366872E9CB-Signatures
2013-05-01 13:10 - 2013-05-01 13:10 - 00000000 ____D C:\Windows\TempFB35FD7F-1ED1-8A86-7D89-C36D3F2738BB-Signatures
2013-04-30 01:57 - 2013-04-30 01:57 - 00000000 ___HD C:\Windows\AxInstSV
2013-04-29 21:10 - 2013-04-27 14:19 - 00000000 ____D C:\Windows\Temp22A20089-2110-14E1-9571-C221261B9BC4-Signatures
2013-04-29 20:30 - 2013-04-28 23:43 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Emwied
2013-04-28 23:43 - 2013-04-28 23:43 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Awhan
2013-04-27 13:48 - 2013-04-27 13:47 - 00000000 ____D C:\Windows\Temp0B095ADC-70E4-20B4-1963-D2799FB171D2-Signatures

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-04-16 17:47

==================== End Of Log ============================

schrauber 27.05.2013 19:18
Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
HKCU\...\Run: [] [x]
HKCU\...\Run: [Rybearpye] C:\Users\Friedrich\AppData\Roaming\Qyynu\onis.exe [229888 2012-03-21] (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources)
SearchScopes: HKCU - {DFE479D3-C985-4C4F-B631-AAC8F63DFD2B} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=c07f8587-d6ca-47e1-9882-df6556140c4b&apn_sauid=35394BE4-D0DB-41CB-B55D-389AAA2E4BDB
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - No File
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
FF Extension: IMinent Toolbar - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
FF Extension: movie2kdownloader - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi
S2 HPSLPSVC; C:\Users\FRIEDR~1\AppData\Local\Temp\7zS2056\hpslpsvc64.dll [x]
2013-05-13 21:56 - 2013-05-22 23:34 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Azxeu
2013-05-13 21:56 - 2013-05-13 21:56 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Qyynu
2013-05-13 21:56 - 2013-05-13 21:56 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Mied
2013-04-29 20:30 - 2013-04-28 23:43 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Emwied
2013-04-28 23:43 - 2013-04-28 23:43 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Awhan
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


dann noch nen frischen Scan mit FRST bitte.

Bluebird55 27.05.2013 23:39
Hallo Schrauber,

ich hoffe, dass hier sind die richtigen Daten aus der Datei:

HKCU\...\Run: [] [x]
HKCU\...\Run: [Rybearpye] C:\Users\Friedrich\AppData\Roaming\Qyynu\onis.exe [229888 2012-03-21] (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources)
SearchScopes: HKCU - {DFE479D3-C985-4C4F-B631-AAC8F63DFD2B} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=c07f8587-d6ca-47e1-9882-df6556140c4b&apn_sauid=35394BE4-D0DB-41CB-B55D-389AAA2E4BDB
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - No File
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
FF Extension: IMinent Toolbar - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
FF Extension: movie2kdownloader - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi
S2 HPSLPSVC; C:\Users\FRIEDR~1\AppData\Local\Temp\7zS2056\hpslpsvc64.dll [x]
2013-05-13 21:56 - 2013-05-22 23:34 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Azxeu
2013-05-13 21:56 - 2013-05-13 21:56 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Qyynu
2013-05-13 21:56 - 2013-05-13 21:56 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Mied
2013-04-29 20:30 - 2013-04-28 23:43 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Emwied
2013-04-28 23:43 - 2013-04-28 23:43 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Awhan

Danke und Gruß
Bluebird

schrauber 28.05.2013 08:05
Das sieht nicht nach Fixlog aus. Schau bitte nochmal auf dem Desktop, wo auch FRST liegt. da müsste eine Fixlog.txt sein. Ebsnso bitte nochmal nen frischen Scan mit FRST machen.

Bluebird55 28.05.2013 13:28
Hallo!

Ist es diese:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-05-2013
Ran by Friedrich at 2013-05-28 14:19:08 Run:2
Running from C:\Users\Friedrich\Downloads
Boot Mode: Normal
==============================================

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Rybearpye => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DFE479D3-C985-4C4F-B631-AAC8F63DFD2B} => Key not found.
HKCR\CLSID\{DFE479D3-C985-4C4F-B631-AAC8F63DFD2B} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} => Value not found.
HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} => Key not found.
HKCR\PROTOCOLS\Handler\msdaipp => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\msdaipp => Key not found.
C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} not found.
C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi not found.
HPSLPSVC => Service not found.
C:\Users\Friedrich\AppData\Roaming\Azxeu => Moved successfully.
C:\Users\Friedrich\AppData\Roaming\Qyynu => File/Directory not found.
C:\Users\Friedrich\AppData\Roaming\Mied => File/Directory not found.
C:\Users\Friedrich\AppData\Roaming\Emwied => File/Directory not found.
C:\Users\Friedrich\AppData\Roaming\Awhan => File/Directory not found.

==== End of Fixlog ====


Und dann noch einmal die neue FRST...

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-05-2013
Ran by Friedrich (administrator) on 28-05-2013 14:24:59
Running from C:\Users\Friedrich\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Preventon Technologies Limited) C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Preventon Technologies Limited) C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\FighterSuiteService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
(Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\MSWorks.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Farbar) C:\Users\Friedrich\Downloads\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKCU\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1090040 2012-12-21] (Nokia)
HKCU\...\Run: [Microsoft Works Update Detection] C:\Program Files (x86)\Microsoft Works\WkDetect.exe [x]
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1480736 2013-03-29] (SPAMfighter ApS)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [154144 2010-07-29] ()
IMEO: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\nokiasuite.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
Startup: C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - xplugin - {DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - C:\Users\Friedrich\AppData\Roaming\xplugin\toolbar.dll ()
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Flagfox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: ReminderFox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF Extension: text2voice - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\text2voice@vik.josh.xpi
FF Extension: No Name - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG)
S3 Common Toolkit 2; C:\Program Files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe [338432 2013-04-08] (SPAMfighter ApS)
S4 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [246520 2010-04-04] (WildTangent, Inc.)
S4 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [399432 2012-09-07] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [676936 2012-09-07] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)
R2 Suite Service; C:\Program Files (x86)\Fighters\FighterSuiteService.exe [1281568 2013-03-18] (SPAMfighter ApS)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R2 AV Engine Scanning Service; C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe [x]
R2 AV Watch Service; C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe [x]

==================== Drivers (Whitelisted) ====================

R3 AVFSFilter; C:\Windows\System32\DRIVERS\avfsfilter.sys [13720 2012-09-17] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-03-29] (TuneUp Software)
R2 avgntflt; system32\DRIVERS\avgntflt.sys [x]
R1 avipbb; system32\DRIVERS\avipbb.sys [x]
R1 avkmgr; system32\DRIVERS\avkmgr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-28 14:13 - 2013-05-28 14:13 - 00000356 ____A C:\Windows\PFRO.log
2013-05-28 14:08 - 2013-05-28 14:08 - 00001165 ____A C:\Users\Friedrich\Desktop\FRST64 - Verknüpfung.lnk
2013-05-28 13:48 - 2013-05-28 13:48 - 00039351 ____A C:\Users\Friedrich\Desktop\FRST.txt
2013-05-28 13:47 - 2013-05-28 14:10 - 00001617 ____A C:\Users\Friedrich\Desktop\Fixlist.txt
2013-05-27 20:06 - 2013-05-27 20:07 - 00019134 ____A C:\Users\Friedrich\Downloads\Addition.txt
2013-05-27 20:05 - 2013-05-28 14:12 - 00000000 ____D C:\FRST
2013-05-27 20:03 - 2013-05-27 20:03 - 01915616 ____A (Farbar) C:\Users\Friedrich\Downloads\FRST64.exe
2013-05-27 17:51 - 2013-05-28 14:14 - 00000448 ____A C:\Windows\setupact.log
2013-05-27 17:50 - 2013-05-27 17:50 - 00410824 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-27 17:08 - 2013-05-27 17:08 - 00109120 ____A C:\Users\Friedrich\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-27 17:07 - 2013-05-27 17:07 - 00000000 ____D C:\Windows\Temp249118D2-EA98-01BC-5DED-54F8AAE73DCF-Signatures
2013-05-24 20:24 - 2013-05-27 16:04 - 00000000 ____D C:\Windows\TempDA294B54-90F4-DBDA-E468-6B138DD8D7A6-Signatures
2013-05-24 19:55 - 2013-05-24 19:55 - 00000000 ____D C:\Windows\Temp7EBDBC94-E9AC-C197-19D9-C5F4D2574315-Signatures
2013-05-22 16:37 - 2013-05-22 16:38 - 19677152 ____A (Mozilla) C:\Users\Friedrich\Downloads\Thunderbird_Setup_17.0.6.exe
2013-05-19 16:24 - 2013-05-19 16:24 - 00000000 ____D C:\Windows\TempF45BB662-C4CC-0626-1144-8A26E2AB3719-Signatures
2013-05-18 21:53 - 2013-05-18 21:53 - 00000000 ____D C:\Windows\Temp154576B1-829B-4C02-75E9-E473E7645806-Signatures
2013-05-18 21:51 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-18 21:51 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-18 21:51 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-18 21:51 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-18 21:51 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-18 21:51 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-18 21:51 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-18 21:51 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-18 21:51 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-18 21:51 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-18 21:50 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-18 21:50 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-18 21:50 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-18 21:50 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-18 21:50 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-18 21:50 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-18 21:50 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-18 21:50 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-18 21:50 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-18 21:50 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-18 21:50 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-18 21:50 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-18 21:50 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-18 21:50 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 18:48 - 2013-05-14 18:48 - 00000000 ____D C:\Windows\TempD4431C01-97E5-0993-763E-64CBE77FC181-Signatures
2013-05-14 14:05 - 2013-05-14 14:07 - 00000000 ____D C:\Users\Friedrich\CT
2013-05-10 19:14 - 2013-05-10 19:14 - 00000000 ____D C:\Windows\Temp74E1B6FB-072C-7531-0CD9-27780464EBF6-Signatures
2013-05-10 02:28 - 2013-05-10 02:28 - 00000037 ____A C:\Users\Friedrich\.gtk-bookmarks
2013-05-07 16:09 - 2013-05-07 16:09 - 00000000 ____D C:\Windows\TempD36FD95A-20F7-DF91-C8D0-7E14904625F4-Signatures
2013-05-06 20:19 - 2013-05-06 20:19 - 00000000 ____D C:\Windows\TempBCC69D3A-2B4D-AA15-DE67-23731A485793-Signatures
2013-05-06 02:10 - 2012-06-19 16:54 - 04065296 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2013-05-06 02:10 - 2012-06-19 13:31 - 00293889 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT
2013-05-06 02:10 - 2012-06-14 13:43 - 05096448 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2013-05-06 02:10 - 2012-06-08 16:18 - 03615888 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2013-05-06 02:10 - 2012-06-06 10:44 - 00869520 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2013-05-06 02:10 - 2012-06-01 09:37 - 02674320 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2013-05-06 02:10 - 2012-05-31 18:08 - 00105616 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2013-05-06 02:10 - 2012-05-17 11:29 - 07163744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
2013-05-06 02:10 - 2012-05-17 11:29 - 00433504 ____A (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
2013-05-06 02:10 - 2012-05-17 11:29 - 00141152 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
2013-05-06 02:10 - 2012-05-17 11:29 - 00123744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
2013-05-06 02:10 - 2012-05-17 11:29 - 00074592 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
2013-05-06 02:10 - 2012-05-10 15:22 - 01262696 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2013-05-06 02:10 - 2012-04-10 14:40 - 02533952 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2013-05-06 02:10 - 2012-04-03 18:42 - 01345368 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek264.dll
2013-05-06 02:10 - 2012-04-03 18:42 - 01015640 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell64.dll
2013-05-06 02:10 - 2012-02-21 19:45 - 02605400 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll
2013-05-06 02:10 - 2012-02-17 15:54 - 00396632 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxVolumeSDAPO.dll
2013-05-06 02:10 - 2012-02-14 00:05 - 08363864 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek.dll
2013-05-06 02:10 - 2012-01-30 11:43 - 00836544 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo264.dll
2013-05-06 02:10 - 2012-01-23 22:30 - 00537456 ____A (DTS) C:\Windows\System32\DTSU2PLFX64.dll
2013-05-06 02:10 - 2012-01-23 22:30 - 00524656 ____A (DTS) C:\Windows\System32\DTSU2PGFX64.dll
2013-05-06 02:10 - 2012-01-23 22:30 - 00449392 ____A (DTS) C:\Windows\System32\DTSU2PREC64.dll
2013-05-06 02:10 - 2012-01-10 10:20 - 00065944 ____A (TOSHIBA CORPORATION.) C:\Windows\System32\tepeqapo64.dll
2013-05-06 02:10 - 2011-12-20 15:32 - 00331880 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll
2013-05-06 02:10 - 2011-12-20 05:43 - 00220776 ____A (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2013-05-06 02:10 - 2011-12-18 17:58 - 02131288 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll
2013-05-06 02:10 - 2011-12-13 16:58 - 01560168 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2013-05-06 02:10 - 2011-11-22 16:28 - 00014952 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR64.dll
2013-05-06 02:10 - 2011-09-02 14:21 - 00221024 ____A (Synopsys, Inc.) C:\Windows\System32\SFNHK64.dll
2013-05-06 02:10 - 2011-09-02 14:21 - 00081248 ____A (Synopsys, Inc.) C:\Windows\System32\SFCOM64.dll
2013-05-06 02:10 - 2011-09-02 14:21 - 00078688 ____A (Synopsys, Inc.) C:\Windows\System32\SFAPO64.dll
2013-05-06 02:10 - 2011-08-23 17:00 - 00603984 ____A (Knowles Acoustics ) C:\Windows\System32\KAAPORT64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 01756264 ____A (DTS) C:\Windows\System32\DTSS2SpeakerDLL64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 01568360 ____A (DTS) C:\Windows\System32\DTSS2HeadphoneDLL64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 00712296 ____A (DTS) C:\Windows\System32\DTSSymmetryDLL64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 00693352 ____A (DTS) C:\Windows\System32\DTSVoiceClarityDLL64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 00491112 ____A (DTS) C:\Windows\System32\DTSNeoPCDLL64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 00432744 ____A (DTS) C:\Windows\System32\DTSLimiterDLL64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 00242792 ____A (DTS) C:\Windows\System32\DTSLFXAPO64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 00241768 ____A (DTS) C:\Windows\System32\DTSGFXAPONS64.dll
2013-05-06 02:10 - 2011-03-17 12:17 - 01361336 ____A (TOSHIBA Corporation) C:\Windows\System32\tosade.dll
2013-05-06 02:10 - 2011-03-07 17:11 - 00148416 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo.dll
2013-05-06 02:10 - 2010-11-08 07:31 - 00375128 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll
2013-05-06 02:10 - 2010-11-08 07:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll
2013-05-06 02:10 - 2010-11-08 07:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll
2013-05-06 02:10 - 2010-11-08 07:31 - 00204120 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll
2013-05-06 02:10 - 2010-11-08 07:31 - 00101208 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll
2013-05-06 02:10 - 2010-11-08 07:31 - 00078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll
2013-05-06 02:10 - 2010-11-03 18:30 - 00149608 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll
2013-05-06 02:10 - 2010-10-03 13:46 - 00341336 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO30.dll
2013-05-06 02:10 - 2010-09-27 09:34 - 00318808 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll
2013-05-06 02:10 - 2010-07-22 16:48 - 00074064 ____A (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2013-05-06 02:10 - 2009-11-24 09:55 - 00518896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll
2013-05-06 02:10 - 2009-11-24 09:55 - 00211184 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll
2013-05-06 02:10 - 2009-11-24 09:55 - 00198896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll
2013-05-06 02:10 - 2009-11-24 09:55 - 00155888 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll
2013-05-06 02:09 - 2012-03-08 11:47 - 00202336 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2013-05-06 02:09 - 2012-03-08 11:47 - 00108640 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll
2013-05-06 02:09 - 2011-05-31 09:42 - 01486952 ____A (DTS) C:\Windows\System32\DTSBoostDLL64.dll
2013-05-06 02:09 - 2011-05-31 09:42 - 00728680 ____A (DTS) C:\Windows\System32\DTSBassEnhancementDLL64.dll
2013-05-06 02:09 - 2011-05-31 09:42 - 00428648 ____A (DTS) C:\Windows\System32\DTSGainCompensatorDLL64.dll
2013-05-06 02:09 - 2011-05-31 09:42 - 00242792 ____A (DTS) C:\Windows\System32\DTSGFXAPO64.dll
2013-05-06 02:08 - 2012-12-26 18:26 - 00805088 ____A (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys
2013-05-06 02:08 - 2012-12-26 18:26 - 00074344 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RtNicProp64.dll
2013-05-06 02:05 - 2013-01-29 05:35 - 00194488 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2013-05-06 02:05 - 2013-01-29 05:35 - 00031672 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2013-05-05 01:00 - 2013-05-05 01:00 - 00000000 ____A C:\Windows\setuperr.log
2013-05-05 00:42 - 2013-05-05 00:42 - 00290816 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2013-05-05 00:42 - 2013-05-05 00:42 - 00074752 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2013-05-05 00:41 - 2013-05-05 00:41 - 00000315 ____A C:\Windows\ST6UNST.000
2013-05-02 22:56 - 2013-05-02 22:56 - 00000000 ____D C:\Windows\Temp834438DD-DD8A-86AE-A13B-18F47FD436F8-Signatures
2013-05-02 22:47 - 2013-05-02 22:47 - 00000000 ____D C:\Windows\Temp84C3D619-0598-7764-FD96-DFC565DC8FD6-Signatures
2013-05-02 16:09 - 2013-05-02 16:09 - 00000000 ___AD C:\Program Files (x86)\FromDocToPDF_65EI
2013-05-02 15:53 - 2013-05-28 14:18 - 00000406 ____A C:\Windows\Tasks\DRIVERfighter Auto Start.job
2013-05-02 15:53 - 2013-05-02 15:54 - 00000000 ____D C:\ProgramData\BSD
2013-05-02 15:53 - 2013-05-02 15:53 - 00002145 ____A C:\Users\Public\Desktop\DRIVERfighter.lnk
2013-05-01 23:31 - 2013-05-02 21:57 - 00000583 ____A C:\Windows\System32\MyDefrag.debuglog
2013-05-01 23:30 - 2013-05-01 23:30 - 00002013 ____A C:\Users\Public\Desktop\FULL-DISKfighter.lnk
2013-05-01 23:12 - 2013-05-01 23:12 - 00000206 ____A C:\Users\Friedrich\Documents\cc_20130501_231214.reg
2013-05-01 22:52 - 2013-05-28 14:14 - 00000392 ____A C:\Windows\Tasks\SLOW-PCfighter64-Friedrich-Notification.job
2013-05-01 22:52 - 2013-05-01 22:52 - 00002057 ____A C:\Users\Public\Desktop\SLOW-PCfighter.lnk
2013-05-01 22:51 - 2013-05-01 22:51 - 00000000 ____D C:\Program Files\Fighters
2013-05-01 14:17 - 2013-05-01 14:18 - 00000000 ____D C:\Windows\Temp55F0949B-8A90-1527-5654-B1366872E9CB-Signatures
2013-05-01 13:10 - 2013-05-01 13:10 - 00000000 ____D C:\Windows\TempFB35FD7F-1ED1-8A86-7D89-C36D3F2738BB-Signatures
2013-04-30 01:57 - 2013-04-30 01:57 - 00000000 ___HD C:\Windows\AxInstSV

==================== One Month Modified Files and Folders =======

2013-05-28 14:24 - 2011-09-23 12:48 - 00000000 ___RD C:\Users\Friedrich\Eigene Texte
2013-05-28 14:22 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-28 14:22 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-28 14:18 - 2013-05-02 15:53 - 00000406 ____A C:\Windows\Tasks\DRIVERfighter Auto Start.job
2013-05-28 14:18 - 2012-09-08 01:35 - 01920263 ____A C:\Windows\WindowsUpdate.log
2013-05-28 14:16 - 2009-07-14 04:34 - 00000466 ____A C:\Windows\win.ini
2013-05-28 14:14 - 2013-05-27 17:51 - 00000448 ____A C:\Windows\setupact.log
2013-05-28 14:14 - 2013-05-01 22:52 - 00000392 ____A C:\Windows\Tasks\SLOW-PCfighter64-Friedrich-Notification.job
2013-05-28 14:14 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-28 14:13 - 2013-05-28 14:13 - 00000356 ____A C:\Windows\PFRO.log
2013-05-28 14:12 - 2013-05-27 20:05 - 00000000 ____D C:\FRST
2013-05-28 14:10 - 2013-05-28 13:47 - 00001617 ____A C:\Users\Friedrich\Desktop\Fixlist.txt
2013-05-28 14:08 - 2013-05-28 14:08 - 00001165 ____A C:\Users\Friedrich\Desktop\FRST64 - Verknüpfung.lnk
2013-05-28 13:55 - 2012-11-10 13:48 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-28 13:48 - 2013-05-28 13:48 - 00039351 ____A C:\Users\Friedrich\Desktop\FRST.txt
2013-05-27 20:07 - 2013-05-27 20:06 - 00019134 ____A C:\Users\Friedrich\Downloads\Addition.txt
2013-05-27 20:03 - 2013-05-27 20:03 - 01915616 ____A (Farbar) C:\Users\Friedrich\Downloads\FRST64.exe
2013-05-27 17:50 - 2013-05-27 17:50 - 00410824 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-27 17:08 - 2013-05-27 17:08 - 00109120 ____A C:\Users\Friedrich\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-27 17:08 - 2012-11-07 19:26 - 00002113 ____A C:\Windows\epplauncher.mif
2013-05-27 17:07 - 2013-05-27 17:07 - 00000000 ____D C:\Windows\Temp249118D2-EA98-01BC-5DED-54F8AAE73DCF-Signatures
2013-05-27 16:06 - 2011-10-21 14:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-27 16:06 - 2011-09-21 17:16 - 00000000 ____D C:\users\Friedrich
2013-05-27 16:04 - 2013-05-24 20:24 - 00000000 ____D C:\Windows\TempDA294B54-90F4-DBDA-E468-6B138DD8D7A6-Signatures
2013-05-27 16:04 - 2012-11-19 19:44 - 00000000 ____D C:\Users\Friedrich\AppData\Local\Mozilla
2013-05-27 16:04 - 2011-11-10 00:53 - 00000000 ____D C:\ProgramData\clp
2013-05-27 16:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-05-25 02:33 - 2011-10-12 19:27 - 00000000 ____D C:\Users\Friedrich\AppData\Local\CrashDumps
2013-05-24 19:55 - 2013-05-24 19:55 - 00000000 ____D C:\Windows\Temp7EBDBC94-E9AC-C197-19D9-C5F4D2574315-Signatures
2013-05-22 19:52 - 2012-10-15 13:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-22 16:40 - 2011-09-25 11:23 - 00000000 ____D C:\Users\Friedrich\AppData\Local\Thunderbird
2013-05-22 16:40 - 2011-09-25 11:21 - 00002099 ____A C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-05-22 16:40 - 2011-09-25 11:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-05-22 16:38 - 2013-05-22 16:37 - 19677152 ____A (Mozilla) C:\Users\Friedrich\Downloads\Thunderbird_Setup_17.0.6.exe
2013-05-19 18:22 - 2012-11-06 23:43 - 00000078 ____A C:\Users\Friedrich\AppData\Roaming\mbam.context.scan
2013-05-19 16:24 - 2013-05-19 16:24 - 00000000 ____D C:\Windows\TempF45BB662-C4CC-0626-1144-8A26E2AB3719-Signatures
2013-05-18 22:07 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-05-18 21:58 - 2011-09-21 18:29 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-18 21:56 - 2011-03-28 20:10 - 00654594 ____A C:\Windows\System32\perfh007.dat
2013-05-18 21:56 - 2011-03-28 20:10 - 00130208 ____A C:\Windows\System32\perfc007.dat
2013-05-18 21:56 - 2009-07-14 07:13 - 01521310 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-18 21:53 - 2013-05-18 21:53 - 00000000 ____D C:\Windows\Temp154576B1-829B-4C02-75E9-E473E7645806-Signatures
2013-05-15 14:55 - 2012-05-08 10:08 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 14:55 - 2011-09-28 19:16 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 18:48 - 2013-05-14 18:48 - 00000000 ____D C:\Windows\TempD4431C01-97E5-0993-763E-64CBE77FC181-Signatures
2013-05-14 14:07 - 2013-05-14 14:05 - 00000000 ____D C:\Users\Friedrich\CT
2013-05-10 19:14 - 2013-05-10 19:14 - 00000000 ____D C:\Windows\Temp74E1B6FB-072C-7531-0CD9-27780464EBF6-Signatures
2013-05-10 02:33 - 2011-09-25 16:00 - 00000000 ____D C:\Users\Friedrich\.gimp-2.6
2013-05-10 02:29 - 2012-06-18 22:32 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\gtk-2.0
2013-05-10 02:28 - 2013-05-10 02:28 - 00000037 ____A C:\Users\Friedrich\.gtk-bookmarks
2013-05-10 02:22 - 2011-09-25 14:54 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\PhotoScape
2013-05-07 16:09 - 2013-05-07 16:09 - 00000000 ____D C:\Windows\TempD36FD95A-20F7-DF91-C8D0-7E14904625F4-Signatures
2013-05-06 20:19 - 2013-05-06 20:19 - 00000000 ____D C:\Windows\TempBCC69D3A-2B4D-AA15-DE67-23731A485793-Signatures
2013-05-06 02:12 - 2011-04-07 13:59 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-05-06 02:11 - 2011-10-12 18:52 - 00000000 ____D C:\Program Files\DIFX
2013-05-05 01:00 - 2013-05-05 01:00 - 00000000 ____A C:\Windows\setuperr.log
2013-05-05 00:42 - 2013-05-05 00:42 - 00290816 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2013-05-05 00:42 - 2013-05-05 00:42 - 00074752 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2013-05-05 00:41 - 2013-05-05 00:41 - 00000315 ____A C:\Windows\ST6UNST.000
2013-05-02 23:51 - 2011-10-03 12:08 - 00000000 ____D C:\Program Files\Google
2013-05-02 23:51 - 2011-09-25 14:54 - 00000000 ____D C:\Program Files (x86)\Google
2013-05-02 23:27 - 2011-09-27 15:12 - 00002318 ____A C:\Users\Friedrich\Desktop\Internet Explorer.lnk
2013-05-02 22:56 - 2013-05-02 22:56 - 00000000 ____D C:\Windows\Temp834438DD-DD8A-86AE-A13B-18F47FD436F8-Signatures
2013-05-02 22:55 - 2011-10-03 12:07 - 00000000 ____D C:\Users\Friedrich\AppData\Local\Google
2013-05-02 22:47 - 2013-05-02 22:47 - 00000000 ____D C:\Windows\Temp84C3D619-0598-7764-FD96-DFC565DC8FD6-Signatures
2013-05-02 21:57 - 2013-05-01 23:31 - 00000583 ____A C:\Windows\System32\MyDefrag.debuglog
2013-05-02 21:49 - 2012-11-07 19:12 - 00000000 ____D C:\Users\Friedrich\Documents\avira_registry_70012cleaner_de
2013-05-02 21:49 - 2011-09-23 12:46 - 00000000 ____D C:\OfficeUpdate11
2013-05-02 21:49 - 2010-09-02 10:58 - 00000000 ___HD C:\OEM
2013-05-02 21:49 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-05-02 21:48 - 2013-03-20 15:29 - 00000000 ____D C:\MFT 186073
2013-05-02 21:48 - 2011-04-07 14:02 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-02 17:29 - 2012-04-23 14:21 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-02 16:09 - 2013-05-02 16:09 - 00000000 ___AD C:\Program Files (x86)\FromDocToPDF_65EI
2013-05-02 15:54 - 2013-05-02 15:53 - 00000000 ____D C:\ProgramData\BSD
2013-05-02 15:53 - 2013-05-02 15:53 - 00002145 ____A C:\Users\Public\Desktop\DRIVERfighter.lnk
2013-05-02 15:53 - 2012-11-03 12:50 - 00000000 ____D C:\Program Files (x86)\Fighters
2013-05-02 15:53 - 2011-11-10 00:53 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Fighters
2013-05-02 15:52 - 2011-11-10 00:51 - 00000000 ____D C:\ProgramData\Fighters
2013-05-01 23:30 - 2013-05-01 23:30 - 00002013 ____A C:\Users\Public\Desktop\FULL-DISKfighter.lnk
2013-05-01 23:30 - 2011-11-10 00:52 - 00000000 ____D C:\ProgramData\Common Toolkit Suite
2013-05-01 23:12 - 2013-05-01 23:12 - 00000206 ____A C:\Users\Friedrich\Documents\cc_20130501_231214.reg
2013-05-01 22:52 - 2013-05-01 22:52 - 00002057 ____A C:\Users\Public\Desktop\SLOW-PCfighter.lnk
2013-05-01 22:51 - 2013-05-01 22:51 - 00000000 ____D C:\Program Files\Fighters
2013-05-01 20:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-01 14:18 - 2013-05-01 14:17 - 00000000 ____D C:\Windows\Temp55F0949B-8A90-1527-5654-B1366872E9CB-Signatures
2013-05-01 13:10 - 2013-05-01 13:10 - 00000000 ____D C:\Windows\TempFB35FD7F-1ED1-8A86-7D89-C36D3F2738BB-Signatures
2013-04-30 01:57 - 2013-04-30 01:57 - 00000000 ___HD C:\Windows\AxInstSV
2013-04-29 21:10 - 2013-04-27 14:19 - 00000000 ____D C:\Windows\Temp22A20089-2110-14E1-9571-C221261B9BC4-Signatures

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-04-16 17:47

==================== End Of Log ============================

Hoffe, du kommst jetzt weiter! Danke!

Gruß
Bluebird

schrauber 28.05.2013 15:10
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Und ein frisches FRST Scanlog. Wie läuft der Rechner?

Bluebird55 28.05.2013 18:37
Hallo Schrauber,

hier das Ergebnis von adwcleaner:AdwCleaner Logfile:
Code:
# AdwCleaner v2.301 - Datei am 28/05/2013 um 19:25:43 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Friedrich - MACK327
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Friedrich\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : IBUpdaterService

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\StartWeb.xml
Datei Gelöscht : C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\searchplugins\SweetIM Search.xml
Datei Gelöscht : C:\Users\Friedrich\Desktop\Check for Updates.lnk
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Umbrella
Ordner Gelöscht : C:\Program Files (x86)\FilesFrog Update Checker
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\Program Files (x86)\IMinent toolbar
Ordner Gelöscht : C:\Program Files (x86)\Movie2KDownloader.com
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\sweetpacks bundle uninstaller
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Iminent
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Friedrich\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Friedrich\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Friedrich\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\Friedrich\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Friedrich\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Friedrich\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Friedrich\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Friedrich\AppData\Roaming\HELPER
Ordner Gelöscht : C:\Users\Friedrich\AppData\Roaming\Iminent
Ordner Gelöscht : C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Ordner Gelöscht : C:\Users\Friedrich\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\Friedrich\AppData\Roaming\xplugin
Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Somoto
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SweetIM Bundle by SweetPacks
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?ptr=100&crg=3.1010000.10039&barid={60F2140C-C7BA-11E2-AFF7-1078D2CC536B} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?ptr=100&crg=3.1010000.10039&barid={60F2140C-C7BA-11E2-AFF7-1078D2CC536B} --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\prefs.js

C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.15.1748.0

Datei : C:\Users\Friedrich\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [12540 octets] - [28/05/2013 19:25:43]

########## EOF - C:\AdwCleaner[S1].txt - [12601 octets] ##########
--- --- ---


Ich muss jetzt doch sicherheitshalber lieber nochmal fragen:

Welche Schutzsoftware sollte ich denn ausschalten?
- Windows Firewall?
- Microsoft Security Essentials?
Und evtl. auch noch andere Tools von TuneUp Utilities und Spywarefighter?

Möchte nichts falsch machen! Danke!

LG
Bluebird

schrauber 28.05.2013 21:02
Spywarefighter und MSE reicht :)

Bluebird55 29.05.2013 01:22
Hallo Schrauber,

hier die JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Friedrich on 28.05.2013 at 22:25:11,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] suite service
Successfully deleted: [Service] suite service



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\commontoolkittray



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim



~~~ Files

Successfully deleted: [File] "C:\Windows\tasks\driverfighter auto start.job"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\Friedrich\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Program Files (x86)\fighters"
Successfully deleted: [Folder] "C:\Program Files (x86)\wiseconvert"
Successfully deleted: [Empty Folder] C:\Users\Friedrich\appdata\local\{072307CD-2EBD-404C-9E69-799C1572A4CA}
Successfully deleted: [Empty Folder] C:\Users\Friedrich\appdata\local\{20DFC76E-9229-4E70-BC32-D1D1E25E0721}
Successfully deleted: [Empty Folder] C:\Users\Friedrich\appdata\local\{3D45D6F4-1190-496D-915E-BA69295C80C2}
Successfully deleted: [Empty Folder] C:\Users\Friedrich\appdata\local\{4E5403ED-07E1-4C99-AF24-99AB32B135A3}
Successfully deleted: [Empty Folder] C:\Users\Friedrich\appdata\local\{A5CE8088-BF03-429C-B966-0213FA62BABB}
Successfully deleted: [Empty Folder] C:\Users\Friedrich\appdata\local\{A6401F25-AA0A-4207-BB71-5286306DCFC5}
Successfully deleted: [Empty Folder] C:\Users\Friedrich\appdata\local\{BB5CC51A-2B41-4691-9D49-6D054E7483D6}
Successfully deleted: [Empty Folder] C:\Users\Friedrich\appdata\local\{C5D851C1-D6B0-4860-A347-7842CB61D220}
Successfully deleted: [Empty Folder] C:\Users\Friedrich\appdata\local\{E7B4DCD3-E109-4811-AF1A-9733341A13C9}
Successfully deleted: [Empty Folder] C:\Users\Friedrich\appdata\local\{EDAE00AC-1E56-4ED9-A44F-C39B7FBBB4F7}



~~~ FireFox

Emptied folder: C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\minidumps [4 files]


~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.05.2013 at 22:28:51,32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



ESET Online Scann log.txt:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e339cae2d40c194886232465e98ee673
# engine=13941
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-28 11:52:58
# local_time=2013-05-29 01:52:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 33205959 121415028 0 0
# scanned=231745
# found=1
# cleaned=0
# scan_time=11796
sh=28716BB63D3BDE348C6DAD2AA408F98DDFFFB094 ft=1 fh=7ecac49c5bc1bafb vn="Win32/Spy.Zbot.AAO trojan" ac=I fn="C:\FRST\Quarantine\Qyynu\onis.exe"



Und die erneut durchgeführte FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-05-2013
Ran by Friedrich (administrator) on 29-05-2013 02:17:48
Running from C:\Users\Friedrich\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Preventon Technologies Limited) C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
(Preventon Technologies Limited) C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Farbar) C:\Users\Friedrich\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKCU\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1090040 2012-12-21] (Nokia)
HKCU\...\Run: [Microsoft Works Update Detection] C:\Program Files (x86)\Microsoft Works\WkDetect.exe [x]
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [154144 2010-07-29] ()
IMEO: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\nokiasuite.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
Startup: C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://emachines.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Flagfox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: ReminderFox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF Extension: text2voice - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\text2voice@vik.josh.xpi
FF Extension: No Name - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG)
S3 Common Toolkit 2; C:\Program Files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe [338432 2013-04-08] (SPAMfighter ApS)
S4 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [246520 2010-04-04] (WildTangent, Inc.)
S4 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [399432 2012-09-07] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [676936 2012-09-07] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
S2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R2 AV Engine Scanning Service; C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe [x]
R2 AV Watch Service; C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe [x]

==================== Drivers (Whitelisted) ====================

R3 AVFSFilter; C:\Windows\System32\DRIVERS\avfsfilter.sys [13720 2012-09-17] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-03-29] (TuneUp Software)
R2 avgntflt; system32\DRIVERS\avgntflt.sys [x]
R1 avipbb; system32\DRIVERS\avipbb.sys [x]
R1 avkmgr; system32\DRIVERS\avkmgr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-29 02:17 - 2013-05-29 02:17 - 01915774 ____A (Farbar) C:\Users\Friedrich\Downloads\FRST64 (1).exe
2013-05-28 22:33 - 2013-05-28 22:33 - 02347384 ____A (ESET) C:\Users\Friedrich\Downloads\esetsmartinstaller_enu.exe
2013-05-28 22:28 - 2013-05-28 22:28 - 00002590 ____A C:\Users\Friedrich\Desktop\JRT.txt
2013-05-28 22:25 - 2013-05-28 22:25 - 00000000 ____D C:\Windows\ERUNT
2013-05-28 22:22 - 2013-05-28 22:22 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Friedrich\Downloads\JRT.exe
2013-05-28 22:22 - 2013-05-28 22:22 - 00000000 ____D C:\JRT
2013-05-28 19:28 - 2013-05-28 19:28 - 00000000 ____D C:\ProgramData\Preventon
2013-05-28 19:25 - 2013-05-28 19:27 - 00012637 ____A C:\AdwCleaner[S1].txt
2013-05-28 19:21 - 2013-05-28 19:22 - 00632031 ____A C:\Users\Friedrich\Downloads\adwcleaner.exe
2013-05-28 19:17 - 2013-05-28 19:17 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-05-28 19:17 - 2013-05-28 19:17 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-05-28 19:17 - 2013-05-16 14:32 - 01277744 ____A C:\Windows\System32\dmwu.exe
2013-05-28 19:17 - 2013-05-16 14:31 - 00035328 ____A (IncrediMail, Ltd.) C:\Windows\System32\ImHttpComm.dll
2013-05-28 14:52 - 2013-05-28 22:30 - 00000000 ____D C:\Users\Friedrich\Downloads\Trojaner Board
2013-05-28 14:13 - 2013-05-28 14:13 - 00000356 ____A C:\Windows\PFRO.log
2013-05-27 20:06 - 2013-05-27 20:07 - 00019134 ____A C:\Users\Friedrich\Documents\Addition.txt
2013-05-27 20:05 - 2013-05-28 14:12 - 00000000 ____D C:\FRST
2013-05-27 20:03 - 2013-05-27 20:03 - 01915616 ____A (Farbar) C:\Users\Friedrich\Downloads\FRST64.exe
2013-05-27 17:51 - 2013-05-28 19:29 - 00000616 ____A C:\Windows\setupact.log
2013-05-27 17:50 - 2013-05-27 17:50 - 00410824 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-27 17:08 - 2013-05-27 17:08 - 00109120 ____A C:\Users\Friedrich\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-27 17:07 - 2013-05-27 17:07 - 00000000 ____D C:\Windows\Temp249118D2-EA98-01BC-5DED-54F8AAE73DCF-Signatures
2013-05-24 20:24 - 2013-05-27 16:04 - 00000000 ____D C:\Windows\TempDA294B54-90F4-DBDA-E468-6B138DD8D7A6-Signatures
2013-05-24 19:55 - 2013-05-24 19:55 - 00000000 ____D C:\Windows\Temp7EBDBC94-E9AC-C197-19D9-C5F4D2574315-Signatures
2013-05-22 16:37 - 2013-05-22 16:38 - 19677152 ____A (Mozilla) C:\Users\Friedrich\Downloads\Thunderbird_Setup_17.0.6.exe
2013-05-19 16:24 - 2013-05-19 16:24 - 00000000 ____D C:\Windows\TempF45BB662-C4CC-0626-1144-8A26E2AB3719-Signatures
2013-05-18 21:53 - 2013-05-18 21:53 - 00000000 ____D C:\Windows\Temp154576B1-829B-4C02-75E9-E473E7645806-Signatures
2013-05-18 21:51 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-18 21:51 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-18 21:51 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-18 21:51 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-18 21:51 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-18 21:51 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-18 21:51 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-18 21:51 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-18 21:51 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-18 21:51 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-18 21:51 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-18 21:51 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-18 21:50 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-18 21:50 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-18 21:50 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-18 21:50 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-18 21:50 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-18 21:50 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-18 21:50 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-18 21:50 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-18 21:50 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-18 21:50 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-18 21:50 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-18 21:50 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-18 21:50 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-18 21:50 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 18:48 - 2013-05-14 18:48 - 00000000 ____D C:\Windows\TempD4431C01-97E5-0993-763E-64CBE77FC181-Signatures
2013-05-14 14:05 - 2013-05-14 14:07 - 00000000 ____D C:\Users\Friedrich\CT
2013-05-10 19:14 - 2013-05-10 19:14 - 00000000 ____D C:\Windows\Temp74E1B6FB-072C-7531-0CD9-27780464EBF6-Signatures
2013-05-10 02:28 - 2013-05-10 02:28 - 00000037 ____A C:\Users\Friedrich\.gtk-bookmarks
2013-05-07 16:09 - 2013-05-07 16:09 - 00000000 ____D C:\Windows\TempD36FD95A-20F7-DF91-C8D0-7E14904625F4-Signatures
2013-05-06 20:19 - 2013-05-06 20:19 - 00000000 ____D C:\Windows\TempBCC69D3A-2B4D-AA15-DE67-23731A485793-Signatures
2013-05-06 02:10 - 2012-06-19 16:54 - 04065296 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2013-05-06 02:10 - 2012-06-19 13:31 - 00293889 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT
2013-05-06 02:10 - 2012-06-14 13:43 - 05096448 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2013-05-06 02:10 - 2012-06-08 16:18 - 03615888 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2013-05-06 02:10 - 2012-06-06 10:44 - 00869520 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2013-05-06 02:10 - 2012-06-01 09:37 - 02674320 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2013-05-06 02:10 - 2012-05-31 18:08 - 00105616 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2013-05-06 02:10 - 2012-05-17 11:29 - 07163744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
2013-05-06 02:10 - 2012-05-17 11:29 - 00433504 ____A (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
2013-05-06 02:10 - 2012-05-17 11:29 - 00141152 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
2013-05-06 02:10 - 2012-05-17 11:29 - 00123744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
2013-05-06 02:10 - 2012-05-17 11:29 - 00074592 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
2013-05-06 02:10 - 2012-05-10 15:22 - 01262696 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2013-05-06 02:10 - 2012-04-10 14:40 - 02533952 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2013-05-06 02:10 - 2012-04-03 18:42 - 01345368 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek264.dll
2013-05-06 02:10 - 2012-04-03 18:42 - 01015640 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell64.dll
2013-05-06 02:10 - 2012-02-21 19:45 - 02605400 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll
2013-05-06 02:10 - 2012-02-17 15:54 - 00396632 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxVolumeSDAPO.dll
2013-05-06 02:10 - 2012-02-14 00:05 - 08363864 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek.dll
2013-05-06 02:10 - 2012-01-30 11:43 - 00836544 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo264.dll
2013-05-06 02:10 - 2012-01-23 22:30 - 00537456 ____A (DTS) C:\Windows\System32\DTSU2PLFX64.dll
2013-05-06 02:10 - 2012-01-23 22:30 - 00524656 ____A (DTS) C:\Windows\System32\DTSU2PGFX64.dll
2013-05-06 02:10 - 2012-01-23 22:30 - 00449392 ____A (DTS) C:\Windows\System32\DTSU2PREC64.dll
2013-05-06 02:10 - 2012-01-10 10:20 - 00065944 ____A (TOSHIBA CORPORATION.) C:\Windows\System32\tepeqapo64.dll
2013-05-06 02:10 - 2011-12-20 15:32 - 00331880 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll
2013-05-06 02:10 - 2011-12-20 05:43 - 00220776 ____A (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2013-05-06 02:10 - 2011-12-18 17:58 - 02131288 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll
2013-05-06 02:10 - 2011-12-13 16:58 - 01560168 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2013-05-06 02:10 - 2011-11-22 16:28 - 00014952 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR64.dll
2013-05-06 02:10 - 2011-09-02 14:21 - 00221024 ____A (Synopsys, Inc.) C:\Windows\System32\SFNHK64.dll
2013-05-06 02:10 - 2011-09-02 14:21 - 00081248 ____A (Synopsys, Inc.) C:\Windows\System32\SFCOM64.dll
2013-05-06 02:10 - 2011-09-02 14:21 - 00078688 ____A (Synopsys, Inc.) C:\Windows\System32\SFAPO64.dll
2013-05-06 02:10 - 2011-08-23 17:00 - 00603984 ____A (Knowles Acoustics ) C:\Windows\System32\KAAPORT64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 01756264 ____A (DTS) C:\Windows\System32\DTSS2SpeakerDLL64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 01568360 ____A (DTS) C:\Windows\System32\DTSS2HeadphoneDLL64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 00712296 ____A (DTS) C:\Windows\System32\DTSSymmetryDLL64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 00693352 ____A (DTS) C:\Windows\System32\DTSVoiceClarityDLL64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 00491112 ____A (DTS) C:\Windows\System32\DTSNeoPCDLL64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 00432744 ____A (DTS) C:\Windows\System32\DTSLimiterDLL64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 00242792 ____A (DTS) C:\Windows\System32\DTSLFXAPO64.dll
2013-05-06 02:10 - 2011-05-31 09:42 - 00241768 ____A (DTS) C:\Windows\System32\DTSGFXAPONS64.dll
2013-05-06 02:10 - 2011-03-17 12:17 - 01361336 ____A (TOSHIBA Corporation) C:\Windows\System32\tosade.dll
2013-05-06 02:10 - 2011-03-07 17:11 - 00148416 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo.dll
2013-05-06 02:10 - 2010-11-08 07:31 - 00375128 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll
2013-05-06 02:10 - 2010-11-08 07:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll
2013-05-06 02:10 - 2010-11-08 07:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll
2013-05-06 02:10 - 2010-11-08 07:31 - 00204120 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll
2013-05-06 02:10 - 2010-11-08 07:31 - 00101208 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll
2013-05-06 02:10 - 2010-11-08 07:31 - 00078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll
2013-05-06 02:10 - 2010-11-03 18:30 - 00149608 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll
2013-05-06 02:10 - 2010-10-03 13:46 - 00341336 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO30.dll
2013-05-06 02:10 - 2010-09-27 09:34 - 00318808 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll
2013-05-06 02:10 - 2010-07-22 16:48 - 00074064 ____A (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2013-05-06 02:10 - 2009-11-24 09:55 - 00518896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll
2013-05-06 02:10 - 2009-11-24 09:55 - 00211184 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll
2013-05-06 02:10 - 2009-11-24 09:55 - 00198896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll
2013-05-06 02:10 - 2009-11-24 09:55 - 00155888 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll
2013-05-06 02:09 - 2012-03-08 11:47 - 00202336 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2013-05-06 02:09 - 2012-03-08 11:47 - 00108640 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll
2013-05-06 02:09 - 2011-05-31 09:42 - 01486952 ____A (DTS) C:\Windows\System32\DTSBoostDLL64.dll
2013-05-06 02:09 - 2011-05-31 09:42 - 00728680 ____A (DTS) C:\Windows\System32\DTSBassEnhancementDLL64.dll
2013-05-06 02:09 - 2011-05-31 09:42 - 00428648 ____A (DTS) C:\Windows\System32\DTSGainCompensatorDLL64.dll
2013-05-06 02:09 - 2011-05-31 09:42 - 00242792 ____A (DTS) C:\Windows\System32\DTSGFXAPO64.dll
2013-05-06 02:08 - 2012-12-26 18:26 - 00805088 ____A (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys
2013-05-06 02:08 - 2012-12-26 18:26 - 00074344 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RtNicProp64.dll
2013-05-06 02:05 - 2013-01-29 05:35 - 00194488 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2013-05-06 02:05 - 2013-01-29 05:35 - 00031672 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2013-05-05 01:00 - 2013-05-05 01:00 - 00000000 ____A C:\Windows\setuperr.log
2013-05-05 00:42 - 2013-05-05 00:42 - 00290816 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2013-05-05 00:42 - 2013-05-05 00:42 - 00074752 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2013-05-05 00:41 - 2013-05-05 00:41 - 00000315 ____A C:\Windows\ST6UNST.000
2013-05-02 22:56 - 2013-05-02 22:56 - 00000000 ____D C:\Windows\Temp834438DD-DD8A-86AE-A13B-18F47FD436F8-Signatures
2013-05-02 22:47 - 2013-05-02 22:47 - 00000000 ____D C:\Windows\Temp84C3D619-0598-7764-FD96-DFC565DC8FD6-Signatures
2013-05-02 16:09 - 2013-05-02 16:09 - 00000000 ___AD C:\Program Files (x86)\FromDocToPDF_65EI
2013-05-02 15:53 - 2013-05-02 15:54 - 00000000 ____D C:\ProgramData\BSD
2013-05-02 15:53 - 2013-05-02 15:53 - 00002145 ____A C:\Users\Public\Desktop\DRIVERfighter.lnk
2013-05-01 23:31 - 2013-05-02 21:57 - 00000583 ____A C:\Windows\System32\MyDefrag.debuglog
2013-05-01 23:30 - 2013-05-01 23:30 - 00002013 ____A C:\Users\Public\Desktop\FULL-DISKfighter.lnk
2013-05-01 23:12 - 2013-05-01 23:12 - 00000206 ____A C:\Users\Friedrich\Documents\cc_20130501_231214.reg
2013-05-01 22:52 - 2013-05-28 22:52 - 00000392 ____A C:\Windows\Tasks\SLOW-PCfighter64-Friedrich-Notification.job
2013-05-01 22:52 - 2013-05-01 22:52 - 00002057 ____A C:\Users\Public\Desktop\SLOW-PCfighter.lnk
2013-05-01 22:51 - 2013-05-01 22:51 - 00000000 ____D C:\Program Files\Fighters
2013-05-01 14:17 - 2013-05-01 14:18 - 00000000 ____D C:\Windows\Temp55F0949B-8A90-1527-5654-B1366872E9CB-Signatures
2013-05-01 13:10 - 2013-05-01 13:10 - 00000000 ____D C:\Windows\TempFB35FD7F-1ED1-8A86-7D89-C36D3F2738BB-Signatures
2013-04-30 01:57 - 2013-04-30 01:57 - 00000000 ___HD C:\Windows\AxInstSV

==================== One Month Modified Files and Folders =======

2013-05-29 02:17 - 2013-05-29 02:17 - 01915774 ____A (Farbar) C:\Users\Friedrich\Downloads\FRST64 (1).exe
2013-05-29 01:55 - 2012-11-10 13:48 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-28 22:52 - 2013-05-01 22:52 - 00000392 ____A C:\Windows\Tasks\SLOW-PCfighter64-Friedrich-Notification.job
2013-05-28 22:33 - 2013-05-28 22:33 - 02347384 ____A (ESET) C:\Users\Friedrich\Downloads\esetsmartinstaller_enu.exe
2013-05-28 22:30 - 2013-05-28 14:52 - 00000000 ____D C:\Users\Friedrich\Downloads\Trojaner Board
2013-05-28 22:28 - 2013-05-28 22:28 - 00002590 ____A C:\Users\Friedrich\Desktop\JRT.txt
2013-05-28 22:25 - 2013-05-28 22:25 - 00000000 ____D C:\Windows\ERUNT
2013-05-28 22:22 - 2013-05-28 22:22 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Friedrich\Downloads\JRT.exe
2013-05-28 22:22 - 2013-05-28 22:22 - 00000000 ____D C:\JRT
2013-05-28 22:13 - 2012-09-08 01:35 - 01961848 ____A C:\Windows\WindowsUpdate.log
2013-05-28 19:37 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-28 19:37 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-28 19:32 - 2009-07-14 04:34 - 00000466 ____A C:\Windows\win.ini
2013-05-28 19:29 - 2013-05-27 17:51 - 00000616 ____A C:\Windows\setupact.log
2013-05-28 19:29 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-28 19:28 - 2013-05-28 19:28 - 00000000 ____D C:\ProgramData\Preventon
2013-05-28 19:27 - 2013-05-28 19:25 - 00012637 ____A C:\AdwCleaner[S1].txt
2013-05-28 19:22 - 2013-05-28 19:21 - 00632031 ____A C:\Users\Friedrich\Downloads\adwcleaner.exe
2013-05-28 19:21 - 2011-03-28 20:10 - 00654594 ____A C:\Windows\System32\perfh007.dat
2013-05-28 19:21 - 2011-03-28 20:10 - 00130208 ____A C:\Windows\System32\perfc007.dat
2013-05-28 19:21 - 2009-07-14 07:13 - 01500254 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-28 19:18 - 2011-09-21 17:16 - 00000000 ____D C:\users\Friedrich
2013-05-28 19:17 - 2013-05-28 19:17 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-05-28 19:17 - 2013-05-28 19:17 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-05-28 19:17 - 2012-11-19 19:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-28 14:29 - 2011-09-23 12:48 - 00000000 ___RD C:\Users\Friedrich\Eigene Texte
2013-05-28 14:13 - 2013-05-28 14:13 - 00000356 ____A C:\Windows\PFRO.log
2013-05-28 14:12 - 2013-05-27 20:05 - 00000000 ____D C:\FRST
2013-05-27 20:07 - 2013-05-27 20:06 - 00019134 ____A C:\Users\Friedrich\Documents\Addition.txt
2013-05-27 20:03 - 2013-05-27 20:03 - 01915616 ____A (Farbar) C:\Users\Friedrich\Downloads\FRST64.exe
2013-05-27 17:50 - 2013-05-27 17:50 - 00410824 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-27 17:08 - 2013-05-27 17:08 - 00109120 ____A C:\Users\Friedrich\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-27 17:08 - 2012-11-07 19:26 - 00002113 ____A C:\Windows\epplauncher.mif
2013-05-27 17:07 - 2013-05-27 17:07 - 00000000 ____D C:\Windows\Temp249118D2-EA98-01BC-5DED-54F8AAE73DCF-Signatures
2013-05-27 16:06 - 2011-10-21 14:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-27 16:04 - 2013-05-24 20:24 - 00000000 ____D C:\Windows\TempDA294B54-90F4-DBDA-E468-6B138DD8D7A6-Signatures
2013-05-27 16:04 - 2012-11-19 19:44 - 00000000 ____D C:\Users\Friedrich\AppData\Local\Mozilla
2013-05-27 16:04 - 2011-11-10 00:53 - 00000000 ____D C:\ProgramData\clp
2013-05-27 16:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-05-25 02:33 - 2011-10-12 19:27 - 00000000 ____D C:\Users\Friedrich\AppData\Local\CrashDumps
2013-05-24 19:55 - 2013-05-24 19:55 - 00000000 ____D C:\Windows\Temp7EBDBC94-E9AC-C197-19D9-C5F4D2574315-Signatures
2013-05-22 19:52 - 2012-10-15 13:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-22 16:40 - 2011-09-25 11:23 - 00000000 ____D C:\Users\Friedrich\AppData\Local\Thunderbird
2013-05-22 16:40 - 2011-09-25 11:21 - 00002099 ____A C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-05-22 16:40 - 2011-09-25 11:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-05-22 16:38 - 2013-05-22 16:37 - 19677152 ____A (Mozilla) C:\Users\Friedrich\Downloads\Thunderbird_Setup_17.0.6.exe
2013-05-19 18:22 - 2012-11-06 23:43 - 00000078 ____A C:\Users\Friedrich\AppData\Roaming\mbam.context.scan
2013-05-19 16:24 - 2013-05-19 16:24 - 00000000 ____D C:\Windows\TempF45BB662-C4CC-0626-1144-8A26E2AB3719-Signatures
2013-05-18 22:07 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-05-18 21:58 - 2011-09-21 18:29 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-18 21:53 - 2013-05-18 21:53 - 00000000 ____D C:\Windows\Temp154576B1-829B-4C02-75E9-E473E7645806-Signatures
2013-05-16 14:32 - 2013-05-28 19:17 - 01277744 ____A C:\Windows\System32\dmwu.exe
2013-05-16 14:31 - 2013-05-28 19:17 - 00035328 ____A (IncrediMail, Ltd.) C:\Windows\System32\ImHttpComm.dll
2013-05-16 14:02 - 2011-02-19 23:51 - 00608080 ____A (Microsoft Corporation) C:\Windows\System32\msvcp100.dll
2013-05-16 14:02 - 2011-02-19 01:52 - 00829264 ____A (Microsoft Corporation) C:\Windows\System32\msvcr100.dll
2013-05-15 14:55 - 2012-05-08 10:08 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 14:55 - 2011-09-28 19:16 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 18:48 - 2013-05-14 18:48 - 00000000 ____D C:\Windows\TempD4431C01-97E5-0993-763E-64CBE77FC181-Signatures
2013-05-14 14:07 - 2013-05-14 14:05 - 00000000 ____D C:\Users\Friedrich\CT
2013-05-10 19:14 - 2013-05-10 19:14 - 00000000 ____D C:\Windows\Temp74E1B6FB-072C-7531-0CD9-27780464EBF6-Signatures
2013-05-10 02:33 - 2011-09-25 16:00 - 00000000 ____D C:\Users\Friedrich\.gimp-2.6
2013-05-10 02:29 - 2012-06-18 22:32 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\gtk-2.0
2013-05-10 02:28 - 2013-05-10 02:28 - 00000037 ____A C:\Users\Friedrich\.gtk-bookmarks
2013-05-10 02:22 - 2011-09-25 14:54 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\PhotoScape
2013-05-07 16:09 - 2013-05-07 16:09 - 00000000 ____D C:\Windows\TempD36FD95A-20F7-DF91-C8D0-7E14904625F4-Signatures
2013-05-06 20:19 - 2013-05-06 20:19 - 00000000 ____D C:\Windows\TempBCC69D3A-2B4D-AA15-DE67-23731A485793-Signatures
2013-05-06 02:12 - 2011-04-07 13:59 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-05-06 02:11 - 2011-10-12 18:52 - 00000000 ____D C:\Program Files\DIFX
2013-05-05 01:00 - 2013-05-05 01:00 - 00000000 ____A C:\Windows\setuperr.log
2013-05-05 00:42 - 2013-05-05 00:42 - 00290816 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2013-05-05 00:42 - 2013-05-05 00:42 - 00074752 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2013-05-05 00:41 - 2013-05-05 00:41 - 00000315 ____A C:\Windows\ST6UNST.000
2013-05-02 23:51 - 2011-10-03 12:08 - 00000000 ____D C:\Program Files\Google
2013-05-02 23:51 - 2011-09-25 14:54 - 00000000 ____D C:\Program Files (x86)\Google
2013-05-02 23:27 - 2011-09-27 15:12 - 00002318 ____A C:\Users\Friedrich\Desktop\Internet Explorer.lnk
2013-05-02 22:56 - 2013-05-02 22:56 - 00000000 ____D C:\Windows\Temp834438DD-DD8A-86AE-A13B-18F47FD436F8-Signatures
2013-05-02 22:55 - 2011-10-03 12:07 - 00000000 ____D C:\Users\Friedrich\AppData\Local\Google
2013-05-02 22:47 - 2013-05-02 22:47 - 00000000 ____D C:\Windows\Temp84C3D619-0598-7764-FD96-DFC565DC8FD6-Signatures
2013-05-02 21:57 - 2013-05-01 23:31 - 00000583 ____A C:\Windows\System32\MyDefrag.debuglog
2013-05-02 21:49 - 2012-11-07 19:12 - 00000000 ____D C:\Users\Friedrich\Documents\avira_registry_70012cleaner_de
2013-05-02 21:49 - 2011-09-23 12:46 - 00000000 ____D C:\OfficeUpdate11
2013-05-02 21:49 - 2010-09-02 10:58 - 00000000 ___HD C:\OEM
2013-05-02 21:49 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-05-02 21:48 - 2013-03-20 15:29 - 00000000 ____D C:\MFT 186073
2013-05-02 21:48 - 2011-04-07 14:02 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-02 17:29 - 2012-04-23 14:21 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-02 16:09 - 2013-05-02 16:09 - 00000000 ___AD C:\Program Files (x86)\FromDocToPDF_65EI
2013-05-02 15:54 - 2013-05-02 15:53 - 00000000 ____D C:\ProgramData\BSD
2013-05-02 15:53 - 2013-05-02 15:53 - 00002145 ____A C:\Users\Public\Desktop\DRIVERfighter.lnk
2013-05-01 23:30 - 2013-05-01 23:30 - 00002013 ____A C:\Users\Public\Desktop\FULL-DISKfighter.lnk
2013-05-01 23:30 - 2011-11-10 00:52 - 00000000 ____D C:\ProgramData\Common Toolkit Suite
2013-05-01 23:12 - 2013-05-01 23:12 - 00000206 ____A C:\Users\Friedrich\Documents\cc_20130501_231214.reg
2013-05-01 22:52 - 2013-05-01 22:52 - 00002057 ____A C:\Users\Public\Desktop\SLOW-PCfighter.lnk
2013-05-01 22:51 - 2013-05-01 22:51 - 00000000 ____D C:\Program Files\Fighters
2013-05-01 20:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-01 14:18 - 2013-05-01 14:17 - 00000000 ____D C:\Windows\Temp55F0949B-8A90-1527-5654-B1366872E9CB-Signatures
2013-05-01 13:10 - 2013-05-01 13:10 - 00000000 ____D C:\Windows\TempFB35FD7F-1ED1-8A86-7D89-C36D3F2738BB-Signatures
2013-04-30 01:57 - 2013-04-30 01:57 - 00000000 ___HD C:\Windows\AxInstSV
2013-04-29 21:10 - 2013-04-27 14:19 - 00000000 ____D C:\Windows\Temp22A20089-2110-14E1-9571-C221261B9BC4-Signatures

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-04-16 17:47

==================== End Of Log ============================


Ich sage erstmal Danke! Und versuche mal, ob jetzt 'alles' wieder normal läuft!

Vielen, vielen Dank! Ansonsten melde ich mich noch mal!

Herzliche Grüße
Bluebird

schrauber 29.05.2013 04:28
Sieht gut aus, teste das System mal :)

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

Bluebird55 29.05.2013 14:45
Hallo!

Ergebnis:

Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
TuneUp Utilities 2012
TuneUp Utilities Language Pack (de-DE)
Java(TM) 6 Update 29
Java(TM) 6 Update 31
Java version out of Date!
Adobe Flash Player 11.7.700.202
Adobe Reader XI
Mozilla Firefox (20.0.1)
Mozilla Thunderbird (17.0.6)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Ich hab da doch noch eine Frage:

Wie kann es sein, dass der Computer es nicht zulässt, dass ich Avira Antivir update, denn jedes Mal sagt er mir, dass der Zugriff wegen einer 'Gruppenrichtlinie' nicht erlaubt ist und mir die notwendigen Administratorrechte fehlen! Das selbe bei Malware bytes Antimalwar! Ich habe von beiden Programmen kein Symbol mehr auf dem Desktop und in der Softwareliste der gespeicherten Programme auf dem Computer stehen die beiden auch nicht, so dass ich sie dort löschen könnte...?!

Manuell lässt der Computer auch kein Löschen der gefundenen Avira-Dateien zu!

Danke und Grüße
Bluebird

schrauber 29.05.2013 14:48
Deinstallier mal bitte alles von Java und installier die aktuelle Version.


Downloade dir bitte Farbar's Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.
Poste bitte den Inhalt hier.

Bluebird55 29.05.2013 15:15
Es erscheint folgende Meldung, beim Versuch eine Deinstallation vorzunehmen:

"Die Funktion, die Sie verwenden möchten, befindet sich auf einer Netzressource, die nicht zur Verfügung steht."

Klicken Sie auf "OK", um den Vorgang zu wiederholen. Oder geben Sie in das untenstehende Feld den Pfad zu einem anderen Ordner ein, der das Installationspaket "jre 1.6.0_31-c-l.msi" enthält.

Bei erneutem OK ernscheint:

Der Pfad "C.\Users\Friedrich\AppData\LocalLow\Sun\Java\jre 1.6.0_31\jre1.6.0_31-c-l.msi" wurde nicht gefunden. Stellen Sie sicher, dass Sie Zugriff auf diesen Ordner haben und wiederholen Sie den Vorgang. Oder suchen Sie das Installationpaket "jre1.6.0_31-c-l-.msi" in einem Ordner, von dem aus Sie das Produkt "Java(TM) 6 Update 31" installieren können.

Abschließend erscheint dann noch ein kleines Fenster:

"Die Installationsquelle für dieses Produkt steht nicht zur Verfügung. Stellen Sie sicher, dass die Quelle existiert und dass Sie darauf zugriefen können."

Microsoft Security Essentials meldet zwischenzeitlich mehrfach: "Erkannte Bedrohungen werden bereinigt, keine Aktionen erforderlich."

Was ist da los bzw. was muss oder kann ich jetzt machen? Danke!

Grüße
Bluebird

schrauber 29.05.2013 18:57
Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
  • Doppelklick auf die OTL.exe.
  • Kopiere den Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
    Code:
    reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths" /s /c
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.

Bluebird55 29.05.2013 19:17
Hier das Ergebnis der OTL:OTL Logfile:
Code:
OTL logfile created on: 29.05.2013 20:05:45 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Friedrich\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 44,55% Memory free
8,00 Gb Paging File | 5,29 Gb Available in Paging File | 66,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,91 Gb Total Space | 843,48 Gb Free Space | 91,99% Space Free | Partition Type: NTFS
Drive E: | 3,73 Gb Total Space | 0,74 Gb Free Space | 19,77% Space Free | Partition Type: FAT32
 
Computer Name: MACK327 | User Name: Friedrich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.29 20:04:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Friedrich\Downloads\OTL.exe
PRC - [2013.05.10 02:20:51 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.17 17:58:30 | 001,246,744 | ---- | M] (Preventon Technologies Limited) -- C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
PRC - [2012.09.17 17:58:30 | 000,468,064 | ---- | M] (Preventon Technologies Limited) -- C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.10 02:20:34 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
MOD - [2013.05.10 02:20:33 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2013.05.10 02:20:29 | 002,244,504 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.05.29 13:09:50 | 000,035,680 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV - [2013.05.15 14:55:49 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.16 19:55:52 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.08 13:21:12 | 000,338,432 | ---- | M] (SPAMfighter ApS) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe -- (Common Toolkit 2)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.09.17 17:58:30 | 001,246,744 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe -- (AV Engine Scanning Service)
SRV - [2012.09.17 17:58:30 | 000,468,064 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe -- (AV Watch Service)
SRV - [2012.09.12 22:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 22:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.01.26 17:48:52 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.04.04 01:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.01.29 05:35:28 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.12.26 18:26:12 | 000,805,088 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.11.09 16:33:30 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2012.11.09 16:33:30 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.09.17 17:58:32 | 000,013,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfsfilter.sys -- (AVFSFilter)
DRV:64bit: - [2012.08.30 23:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.12.09 11:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.03.29 16:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://emachines.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:tabs
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: text2voice%40vik.josh:1.10
FF - prefs.js..extensions.enabledAddons: %7BC9B68337-E93A-44EA-94DC-CB300EC06444%7D:5.30.4
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.1
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.16 19:55:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.22 16:40:19 | 000,000,000 | ---D | M]
 
[2011.09.25 11:23:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Friedrich\AppData\Roaming\mozilla\Extensions
[2013.05.28 14:10:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Friedrich\AppData\Roaming\mozilla\Firefox\Profiles\h89tyrh8.default\extensions
[2013.05.22 23:33:20 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Friedrich\AppData\Roaming\mozilla\Firefox\Profiles\h89tyrh8.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.05.20 22:08:12 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Friedrich\AppData\Roaming\mozilla\Firefox\Profiles\h89tyrh8.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012.12.14 04:32:37 | 000,061,608 | ---- | M] () (No name found) -- C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\extensions\text2voice@vik.josh.xpi
[2013.05.08 22:57:13 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.11 02:20:39 | 000,002,079 | ---- | M] () -- C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\searchplugins\00602db9-9247-49a9-9a29-0f2b8c6dba8e.xml
[2013.02.11 02:22:15 | 000,002,079 | ---- | M] () -- C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\searchplugins\af2f1ea8-ef71-4a3b-825a-a693a69d6b5e.xml
[2013.02.11 02:20:42 | 000,002,077 | ---- | M] () -- C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\searchplugins\{99180D6A-540D-4681-9B76-67B304FEA462}.xml
[2013.02.11 02:20:42 | 000,002,188 | ---- | M] () -- C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\searchplugins\{A81C69A3-DFF4-460B-B7AF-004D6CD4E3B4}.xml
[2013.02.11 02:20:42 | 000,001,870 | ---- | M] () -- C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\searchplugins\{E018BDE8-CC94-4DDB-9C7C-C76E1867A68B}.xml
[2012.11.19 19:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\FRIEDRICH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H89TYRH8.DEFAULT\EXTENSIONS\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2013.04.16 19:55:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.27 18:32:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.27 18:32:45 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.27 18:32:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.27 18:32:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.27 18:32:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.27 18:32:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://start.iminent.com/?appId=96091ACA-167C-4AA0-9AE8-916F0296ADC6
CHR - homepage: hxxp://start.iminent.com/?appId=96091ACA-167C-4AA0-9AE8-916F0296ADC6
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Friedrich\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Friedrich\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Friedrich\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Friedrich\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42A41F4B-69CB-4DAF-9321-DDF1C4AB820F}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\ccleaner64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\fighterlauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\logfilescollector.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nokiasuite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\shortcutlauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\slow-pcfighter64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\sync.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\ccleaner64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\fighterlauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\logfilescollector.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\nokiasuite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\shortcutlauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\slow-pcfighter64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\sync.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.28 22:25:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.28 22:22:36 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.28 19:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Preventon
[2013.05.28 19:18:44 | 000,000,000 | ---D | C] -- C:\Users\Friedrich\Local Settings
[2013.05.28 19:17:08 | 000,035,328 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013.05.28 19:17:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp
[2013.05.28 19:17:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC
[2013.05.27 20:05:19 | 000,000,000 | ---D | C] -- C:\FRST
[2013.05.27 17:07:26 | 000,000,000 | ---D | C] -- C:\Windows\Temp249118D2-EA98-01BC-5DED-54F8AAE73DCF-Signatures
[2013.05.24 20:24:02 | 000,000,000 | ---D | C] -- C:\Windows\TempDA294B54-90F4-DBDA-E468-6B138DD8D7A6-Signatures
[2013.05.24 19:55:04 | 000,000,000 | ---D | C] -- C:\Windows\Temp7EBDBC94-E9AC-C197-19D9-C5F4D2574315-Signatures
[2013.05.19 16:24:31 | 000,000,000 | ---D | C] -- C:\Windows\TempF45BB662-C4CC-0626-1144-8A26E2AB3719-Signatures
[2013.05.18 21:53:42 | 000,000,000 | ---D | C] -- C:\Windows\Temp154576B1-829B-4C02-75E9-E473E7645806-Signatures
[2013.05.18 21:51:48 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.18 21:51:47 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.18 21:51:47 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.18 21:51:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.18 21:51:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.18 21:51:46 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.18 21:51:45 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.18 21:51:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.18 21:51:45 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.18 21:51:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.18 21:51:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.18 21:51:44 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.18 21:51:42 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.18 21:51:42 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.18 21:51:41 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.18 21:50:32 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.18 21:50:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.18 21:50:31 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.18 21:50:31 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.18 21:50:16 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.18 21:50:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.18 21:50:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.14 18:48:48 | 000,000,000 | ---D | C] -- C:\Windows\TempD4431C01-97E5-0993-763E-64CBE77FC181-Signatures
[2013.05.14 14:05:06 | 000,000,000 | ---D | C] -- C:\Users\Friedrich\CT
[2013.05.10 19:14:40 | 000,000,000 | ---D | C] -- C:\Windows\Temp74E1B6FB-072C-7531-0CD9-27780464EBF6-Signatures
[2013.05.07 16:09:58 | 000,000,000 | ---D | C] -- C:\Windows\TempD36FD95A-20F7-DF91-C8D0-7E14904625F4-Signatures
[2013.05.06 20:19:45 | 000,000,000 | ---D | C] -- C:\Windows\TempBCC69D3A-2B4D-AA15-DE67-23731A485793-Signatures
[2013.05.06 02:10:21 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.05.06 02:10:21 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll
[2013.05.06 02:10:21 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2013.05.06 02:10:20 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2013.05.06 02:10:20 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.05.06 02:10:20 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.05.06 02:10:20 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll
[2013.05.06 02:10:19 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.05.06 02:10:19 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.05.06 02:10:18 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013.05.06 02:10:18 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2013.05.06 02:10:18 | 000,220,776 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2013.05.06 02:10:18 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2013.05.06 02:10:18 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2013.05.06 02:10:18 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013.05.06 02:10:17 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013.05.06 02:10:16 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013.05.06 02:10:15 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2013.05.06 02:10:14 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013.05.06 02:10:14 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013.05.06 02:10:13 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013.05.06 02:10:13 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.05.06 02:10:13 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.05.06 02:10:13 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.05.06 02:10:12 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.05.06 02:10:11 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013.05.06 02:10:11 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.05.06 02:10:11 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.05.06 02:10:10 | 005,096,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2013.05.06 02:10:10 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2013.05.06 02:10:08 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013.05.06 02:10:08 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013.05.06 02:10:08 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013.05.06 02:10:07 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2013.05.06 02:10:07 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013.05.06 02:10:07 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013.05.06 02:10:07 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013.05.06 02:10:06 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2013.05.06 02:10:05 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.05.06 02:10:05 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.05.06 02:10:05 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2013.05.06 02:10:05 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013.05.06 02:10:05 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.05.06 02:10:02 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.05.06 02:10:02 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013.05.06 02:10:02 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2013.05.06 02:10:02 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2013.05.06 02:10:01 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013.05.06 02:10:01 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013.05.06 02:10:01 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2013.05.06 02:10:00 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013.05.06 02:10:00 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013.05.06 02:10:00 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013.05.06 02:10:00 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013.05.06 02:10:00 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013.05.06 02:09:59 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013.05.06 02:09:59 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013.05.06 02:09:59 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013.05.06 02:09:59 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013.05.06 02:09:57 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013.05.06 02:09:57 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013.05.06 02:08:26 | 000,805,088 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013.05.06 02:08:26 | 000,074,344 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2013.05.06 02:05:11 | 000,031,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013.05.06 02:05:10 | 000,194,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013.05.05 00:42:12 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2013.05.05 00:42:01 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2013.05.02 22:56:16 | 000,000,000 | ---D | C] -- C:\Windows\Temp834438DD-DD8A-86AE-A13B-18F47FD436F8-Signatures
[2013.05.02 22:47:02 | 000,000,000 | ---D | C] -- C:\Windows\Temp84C3D619-0598-7764-FD96-DFC565DC8FD6-Signatures
[2013.05.02 16:09:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FromDocToPDF_65EI
[2013.05.02 15:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\BSD
[2013.05.01 22:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Fighters
[2013.05.01 14:17:59 | 000,000,000 | ---D | C] -- C:\Windows\Temp55F0949B-8A90-1527-5654-B1366872E9CB-Signatures
[2013.05.01 13:10:34 | 000,000,000 | ---D | C] -- C:\Windows\TempFB35FD7F-1ED1-8A86-7D89-C36D3F2738BB-Signatures
[2013.04.30 01:57:20 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.29 19:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.29 19:05:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.29 17:34:46 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.29 17:34:46 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.29 15:35:55 | 000,890,825 | ---- | M] () -- C:\Users\Friedrich\Desktop\SecurityCheck.exe
[2013.05.29 15:32:14 | 000,410,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.29 15:32:05 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter64-Friedrich-Notification.job
[2013.05.28 19:21:48 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.28 19:21:48 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.28 19:21:48 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.28 19:21:48 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.28 19:21:48 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.27 17:08:17 | 000,002,113 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.05.22 16:40:37 | 000,002,099 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013.05.19 18:22:57 | 000,000,078 | ---- | M] () -- C:\Users\Friedrich\AppData\Roaming\mbam.context.scan
[2013.05.16 14:32:46 | 001,277,744 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe
[2013.05.16 14:31:26 | 000,035,328 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013.05.16 14:02:40 | 000,829,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll
[2013.05.16 14:02:40 | 000,608,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll
[2013.05.15 14:55:49 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 14:55:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.10 02:28:52 | 000,000,037 | ---- | M] () -- C:\Users\Friedrich\.gtk-bookmarks
[2013.05.05 00:42:12 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2013.05.05 00:42:01 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2013.05.05 00:41:12 | 000,000,315 | ---- | M] () -- C:\Windows\ST6UNST.000
[2013.05.02 23:27:35 | 000,002,318 | ---- | M] () -- C:\Users\Friedrich\Desktop\Internet Explorer.lnk
[2013.05.02 21:57:27 | 000,000,583 | ---- | M] () -- C:\Windows\SysNative\MyDefrag.debuglog
[2013.05.01 23:12:25 | 000,000,206 | ---- | M] () -- C:\Users\Friedrich\Documents\cc_20130501_231214.reg
[2013.05.01 22:52:11 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\SLOW-PCfighter.lnk
 
========== Files Created - No Company Name ==========
 
[2013.05.29 15:35:44 | 000,890,825 | ---- | C] () -- C:\Users\Friedrich\Desktop\SecurityCheck.exe
[2013.05.29 15:31:53 | 000,410,824 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.28 19:17:08 | 001,277,744 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe
[2013.05.10 02:28:52 | 000,000,037 | ---- | C] () -- C:\Users\Friedrich\.gtk-bookmarks
[2013.05.06 02:10:11 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.05.05 00:41:10 | 000,000,315 | ---- | C] () -- C:\Windows\ST6UNST.000
[2013.05.01 23:31:47 | 000,000,583 | ---- | C] () -- C:\Windows\SysNative\MyDefrag.debuglog
[2013.05.01 23:12:16 | 000,000,206 | ---- | C] () -- C:\Users\Friedrich\Documents\cc_20130501_231214.reg
[2013.05.01 22:52:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter64-Friedrich-Notification.job
[2013.05.01 22:52:11 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\SLOW-PCfighter.lnk
[2012.11.06 23:43:39 | 000,000,078 | ---- | C] () -- C:\Users\Friedrich\AppData\Roaming\mbam.context.scan
[2012.09.22 20:19:01 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012.09.22 20:19:01 | 000,012,031 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-Jardinains!.dat
[2012.06.18 22:32:44 | 000,000,900 | ---- | C] () -- C:\Users\Friedrich\.recently-used.xbel
[2011.10.12 19:27:35 | 000,033,792 | ---- | C] () -- C:\Users\Friedrich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.21 18:37:01 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.21 17:39:03 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
 
========== ZeroAccess Check ==========
 
[2012.07.14 19:11:12 | 000,000,596 | ---- | M] () -- C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths" /s /c >
HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{1E3769EA-C4B6-4859-9057-A45DC3EF654C}
    ItemData    REG_SZ    C:\Program Files (x86)\Common Files\Symantec Shared
    SaferFlags    REG_DWORD    0x2
HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{32F6C39E-6185-49FB-B334-61C610EAA2C5}
    ItemData    REG_SZ    C:\Documents and Settings\All Users\Application Data\Malwarebytes
    SaferFlags    REG_DWORD    0x2
HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{6DD84D39-FA7E-4CAD-89C5-09E37E78F132}
    ItemData    REG_SZ    C:\Program Files (x86)\Symantec
    SaferFlags    REG_DWORD    0x2
HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{8FA0F90D-21AF-4C9A-B413-F84D72BE388D}
    ItemData    REG_SZ    C:\Program Files (x86)\Symantec
    SaferFlags    REG_DWORD    0x2
HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{A538F46F-62A6-4602-8A34-EB9E7C868716}
    ItemData    REG_SZ    C:\Documents and Settings\All Users\Application Data\Avira
    SaferFlags    REG_DWORD    0x2
HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{B008F467-448D-40A8-AFE4-F493C286E8AA}
    ItemData    REG_SZ    C:\Program Files (x86)\Malwarebytes' Anti-Malware
    SaferFlags    REG_DWORD    0x2
HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{C2D73F65-8436-41F8-B4DC-1C7D80E6B78E}
    ItemData    REG_SZ    C:\Program Files (x86)\Symantec
    SaferFlags    REG_DWORD    0x2
HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{EBAA4144-B991-49E8-9CDF-F6E6C6F6560B}
    ItemData    REG_SZ    C:\Program Files (x86)\Avira
    SaferFlags    REG_DWORD    0x2

< End of report >
--- --- ---


Und hier das Ergebnis der "Extras":OTL Logfile:
Code:
OTL Extras logfile created on: 29.05.2013 20:05:46 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Friedrich\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 44,55% Memory free
8,00 Gb Paging File | 5,29 Gb Available in Paging File | 66,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,91 Gb Total Space | 843,48 Gb Free Space | 91,99% Space Free | Partition Type: NTFS
Drive E: | 3,73 Gb Total Space | 0,74 Gb Free Space | 19,77% Space Free | Partition Type: FAT32
 
Computer Name: MACK327 | User Name: Friedrich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{168CC3BA-363E-4DDE-BF10-88CC5C5198A3}" = rport=137 | protocol=17 | dir=out | app=system |
"{2E392F0E-0A46-4C7A-9B70-29BEC40449E1}" = rport=139 | protocol=6 | dir=out | app=system |
"{737563DA-D8C8-4A2A-A92E-94E163734EF6}" = rport=138 | protocol=17 | dir=out | app=system |
"{7A2CB22E-81F8-4244-8BC7-CC97AF82D3D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{803F3ED8-0522-45A8-9D1C-6BC4500EC3C4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8220E085-538A-48E4-BB20-D40178E725F4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9AB627FE-6F17-4B7F-AA84-D8EF27D2E181}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9AF36E9C-6EC6-46C7-B8B6-5BA178DE3540}" = rport=445 | protocol=6 | dir=out | app=system |
"{B3183A6E-3E39-4419-87ED-21BBB90370E4}" = lport=137 | protocol=17 | dir=in | app=system |
"{BB311B25-1B83-4505-818D-5FBF0BE3A3D7}" = lport=138 | protocol=17 | dir=in | app=system |
"{CF72C636-0DF6-4EEB-8BA6-6D272C234EAB}" = lport=139 | protocol=6 | dir=in | app=system |
"{D3550AFA-D3A1-4C87-B067-2C36CBED34D2}" = lport=445 | protocol=6 | dir=in | app=system |
"{DB317E37-F143-4ECC-B456-A3D13F9419E1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F0BF1525-2AF2-43E0-9DD9-A2A7055F31E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AAAF29D-898B-430B-AAE0-701B0D3B89F3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{16D86479-B51D-4C42-88C4-779CCB779A6D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{2FC1515B-C4F8-4F36-A97C-5781E2F9924A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{31DB56C0-535D-4317-93BA-5FFA7FB16945}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{35BF0A36-F0C9-4DD8-A325-337442440EE1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6019CF2B-5C1D-4ED1-9A8B-395391999287}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{7F12E415-86F6-415B-89D2-99908D4953C7}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{9572A8EF-087F-47DA-BD0B-8052FE93F17C}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{A8940885-1007-4A47-B184-55C5AF7934C8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DA7C5949-AE66-4C9D-86F7-D85CEC4781A1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{DD0DA510-1D42-4261-9B38-F77AC1A10A71}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{E5CF20A3-ECAF-4245-80DB-527EA5F7FAE4}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"TCP Query User{C7BAB410-4390-4CE5-8B59-0B8F1D93EA4C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{6EA1F1EF-09BC-4F3D-B7C6-C16D26049420}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{7648D847-AEBC-4DEF-ADA2-F93314A5F4F2}" = SLOW-PCfighter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.84
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.84
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"29B76F9C91EE9BA9A63E88D9F0000E010363DCB5" = Windows-Treiberpaket - Intel hdc  (10/05/2012 9.1.9.1002)
"4A5EF81C80190F479C6FB16BC8CF595275AAC778" = Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (06/19/2012 6.0.1.6662)
"53E1594B2022B94BADE3466EE5459687E18D582E" = Windows-Treiberpaket - NVIDIA Corporation (NVHDA) MEDIA  (12/18/2012 1.3.23.1)
"5E9040CBF06133134873F64C0D152BEBA5F98677" = Windows-Treiberpaket - Intel System  (10/05/2012 9.1.9.1002)
"62461C94E7F67025AC113795AF5428E1B73EA068" = Windows-Treiberpaket - Intel USB  (10/05/2012 9.1.9.1002)
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"6C352BEA80A0DBEB6FCE6F10DEDB382409B6E4CF" = Windows-Treiberpaket - Intel System  (10/05/2012 9.1.9.1002)
"85BB2284011D96871518CFA7B57630FE47BEA2B4" = Windows-Treiberpaket - Realtek (RTL8167) Net  (12/26/2012 7.067.1226.2012)
"Agent Ransack (64-bit)_is1" = Agent Ransack 2010 (64-bit)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"SLOW-PCfighter" = SLOW-PCfighter
"Stellarium_is1" = Stellarium 0.11.4
"WinGimp-2.0_is1" = GIMP 2.6.8
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01008202-823E-46CD-A70E-BEE818F97169}" = Microsoft Encarta Enzyklopädie 2002
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{19d74c6e-c6f0-493a-832f-03edf5aad5b8}" = Nero 9 Essentials
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{25F60491-F5AB-4985-9354-37C146783F35}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2E987046-5398-47A5-9AB2-26A6AC271F94}" = FULL-DISKfighter
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44104223-5CFF-4ADE-AF33-584CF83FA1B8}" = Sonnensystem 3.0
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8BECCB29-DA5E-4002-B211-C3A148E48D63}" = map&guide base
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Foto 2002
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D121161E-AD64-4438-97A0-66A1AB7FFDE3}" = Works Suite-Betriebssystem-Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5FFAC59-7519-4652-AD8C-FBFA97AEE1DA}" = DRIVERfighter
"{DD0D087F-9DDE-43F3-B2CE-98B22849E1AB}" = Fighters
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5EDCD0-5745-4B13-8061-58C9833FD06D}" = Microsoft Works 6.0
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2260E94-80F2-4CB1-B6B1-6043D9BFFA47}" = Works-Synchronisierung
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7F2DC0A-C22E-49AD-AD37-797309A54E7B}" = Microsoft AutoRoute 2002
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Efficient Diary_is1" = Efficient Diary 3.0
"eMachines Game Console" = eMachines Game Console
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"Free Studio_is1" = Free Studio version 5.5.0
"Free YouTube Download_is1" = Free YouTube Download version 3.1.39.1015
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"Jardinains!" = Jardinains!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.15.1748" = Opera 12.15
"PhotoScape" = PhotoScape
"Shockwave" = Shockwave
"Teachmaster 4.3" = Teachmaster 4.3 (nur Entfernen)
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 2.0.6
"WildTangent emachines Master Uninstall" = eMachines Games
"WinLiveSuite" = Windows Live Essentials
"Works2002Setup" = Microsoft Works 2002-Setup-Start
"WT088147" = Agatha Christie - Death on the Nile
"WT088155" = Bejeweled 2 Deluxe
"WT088159" = Build-a-lot 2
"WT088166" = Chuzzle Deluxe
"WT088175" = Diner Dash 2 Restaurant Rescue
"WT088181" = Farm Frenzy
"WT088189" = Insaniquarium Deluxe
"WT088194" = Jewel Quest Solitaire 2
"WT088203" = Plants vs. Zombies
"WT088215" = Zuma Deluxe
"WT088414" = FATE
"WT088418" = Final Drive Nitro
"WT088446" = John Deere Drive Green
"WT088450" = Penguins!
"WT088454" = Polar Bowler
"WT088458" = Polar Golfer
"WT088506" = Virtual Villagers 4 - The Tree of Life
"WT088521" = Zuma's Revenge
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.05.2013 16:33:34 | Computer Name = Mack327 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Friedrich\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 28.05.2013 16:33:44 | Computer Name = Mack327 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Friedrich\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 28.05.2013 20:10:43 | Computer Name = Mack327 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 29.05.2013 10:59:24 | Computer Name = Mack327 | Source = Application Hang | ID = 1002
Description = Programm IEXPLORE.EXE, Version 10.0.9200.16576 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: f80    Startzeit: 01ce5c715aab9842    Endzeit: 80    Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE    Berichts-ID: 
 
[ System Events ]
Error - 28.05.2013 20:31:06 | Computer Name = Mack327 | Source = Service Control Manager | ID = 7034
Description = Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
 
Error - 28.05.2013 20:32:10 | Computer Name = Mack327 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?05.?2013 um 02:30:50 unerwartet heruntergefahren.
 
Error - 29.05.2013 09:32:02 | Computer Name = Mack327 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?05.?2013 um 04:23:53 unerwartet heruntergefahren.
 
Error - 29.05.2013 11:29:55 | Computer Name = Mack327 | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
 
< End of report >
--- --- ---


Danke und Gruß
Bluebird

schrauber 29.05.2013 19:25
Hi,

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{A538F46F-62A6-4602-8A34-EB9E7C868716}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{B008F467-448D-40A8-AFE4-F493C286E8AA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{EBAA4144-B991-49E8-9CDF-F6E6C6F6560B}]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Bluebird55 29.05.2013 19:38
Kurze Nachfrage:

An welche Stelle sollte ich meinen Benutzernamen evtl. mit ***** eingegeben haben?

Entschuldigung, mir ist gerade aufgefallen, dass ich bei den Anweisungen von 19.57 Uhr den Schritt "All users" anklicken vergessen hatte! Sorry! Soll ich das noch einmal wiederholen?

schrauber 29.05.2013 19:47
Nee, das mit Username kannste in dem Fall ignorieren, auch keinen neuen Scan, mach einfach den Fix, reboot, und check Avira und MBAM :)

Bluebird55 29.05.2013 20:02
Das war ja in einer Millisekunde fertig!

Das Ergebnis war Folgendes:

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{A538F46F-62A6-4602-8A34-EB9E7C868716}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A538F46F-62A6-4602-8A34-EB9E7C868716}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{B008F467-448D-40A8-AFE4-F493C286E8AA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B008F467-448D-40A8-AFE4-F493C286E8AA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{EBAA4144-B991-49E8-9CDF-F6E6C6F6560B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBAA4144-B991-49E8-9CDF-F6E6C6F6560B}\ not found.

OTL by OldTimer - Version 3.2.69.0 log created on 05292013_205629

Gruß, Bluebird

schrauber 29.05.2013 20:26
Check check :). Avira, MBAM?

Bluebird55 29.05.2013 21:10
Hallo Schrauber,

es läuft endlich wieder! Ich konnte Antivir neu erstellen und es läuft! Und MBAM läuft ebenfalls. Ich danke dir recht herzlich! Vielen, vielen Dank!

Herzliche Grüße und einen schönen Abend
Bluebird

schrauber 29.05.2013 21:34
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob/Kritik loswerden möchtest:
http://www.trojaner-board.de/lob-kritik-wuensche/


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Bluebird55 30.05.2013 15:07
Hallo Schrauber, ich habe momentan noch kein neues Java installieren können und das alte muss man ja auch vorher deinstallieren... geht aber nicht! Ich hatte auch einen 'abgesicherten Modus' versucht, aber damit ging es auch nicht und beim Neustart hat sich die Grafik der Windows-Bildschirme leicht verändert (die Buttons oben rechts jedes Fensters sind jetzt in 'Fettdruck' - aber das ist nicht so schlimm). Wie kann ich das Java-Problem lösen? Danke!

Und wie kann es sein, dass Antivir trotz Virenschutz usw. trotzdem gleich wieder Viren/Trojaner findet: Trojaner: WIN32/Bublik.I ; TR/Bublik.I.11 ; TR/Bublik.I.13 ; TR/Drop.Dapato.cdtt...?

Gruß
Bluebird

schrauber 30.05.2013 15:11
Wo findet Avira denn was? Und was ist dein Problem mit Java?

Bluebird55 30.05.2013 18:17
Entschuldigung, im Verlauf der Problembehandlung hattest du mir gesagt, irgendwann mal Java neu zu installieren. Brauche ich das jetzt doch nicht mehr! Na ja, ist nicht so schlimm, wenn Avira mal wieder was findet! Vielleicht sind die Sachen gestern draufgewandert als ich eine Zeitlang die 'Schilde' runterfahren sollte! Trotzdem vielen Dank!

schrauber 30.05.2013 19:15
Ich würd nur gerne wissen was Avira anmeckert :).

Lad einfach schnell en neues OTL und poste die Logfiles.

Bluebird55 30.05.2013 19:49
In der Hoffnung, dass es das richtige ist:OTL Logfile:
Code:
OTL logfile created on: 30.05.2013 20:37:58 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Friedrich\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 47,93% Memory free
8,00 Gb Paging File | 5,20 Gb Available in Paging File | 64,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,91 Gb Total Space | 842,75 Gb Free Space | 91,91% Space Free | Partition Type: NTFS
 
Computer Name: MACK327 | User Name: Friedrich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.30 20:36:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Friedrich\Downloads\OTL.exe
PRC - [2013.05.29 21:38:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.05.29 21:37:44 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.05.29 21:37:42 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.05.10 02:20:51 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.17 17:58:30 | 001,246,744 | ---- | M] (Preventon Technologies Limited) -- C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
PRC - [2012.09.17 17:58:30 | 000,468,064 | ---- | M] (Preventon Technologies Limited) -- C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.10 02:20:34 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
MOD - [2013.05.10 02:20:33 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2013.05.10 02:20:29 | 002,244,504 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.05.29 13:09:50 | 000,035,680 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV - [2013.05.29 21:38:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.05.29 21:37:44 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.05.15 14:55:49 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.18 11:06:42 | 000,737,616 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2013.04.16 19:55:52 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.08 13:21:12 | 000,338,432 | ---- | M] (SPAMfighter ApS) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe -- (Common Toolkit 2)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.17 17:58:30 | 001,246,744 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe -- (AV Engine Scanning Service)
SRV - [2012.09.17 17:58:30 | 000,468,064 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe -- (AV Watch Service)
SRV - [2012.09.12 22:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 22:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.01.26 17:48:52 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.04.04 01:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.29 21:39:21 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.05.29 21:39:21 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.05.29 21:39:21 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.01.29 05:35:28 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.01.23 10:31:52 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2013.01.23 10:31:52 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2013.01.23 10:31:52 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2013.01.23 10:31:52 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.12.26 18:26:12 | 000,805,088 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.09.17 17:58:32 | 000,013,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfsfilter.sys -- (AVFSFilter)
DRV:64bit: - [2012.08.30 23:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.12.09 11:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.03.29 16:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3993219044-2753971007-1908284826-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://emachines.msn.com
IE - HKU\S-1-5-21-3993219044-2753971007-1908284826-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:tabs
IE - HKU\S-1-5-21-3993219044-2753971007-1908284826-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3993219044-2753971007-1908284826-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: text2voice%40vik.josh:1.10
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.1
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.16 19:55:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.22 16:40:19 | 000,000,000 | ---D | M]
 
[2011.09.25 11:23:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Friedrich\AppData\Roaming\mozilla\Extensions
[2013.05.28 14:10:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Friedrich\AppData\Roaming\mozilla\Firefox\Profiles\h89tyrh8.default\extensions
[2013.05.22 23:33:20 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Friedrich\AppData\Roaming\mozilla\Firefox\Profiles\h89tyrh8.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.05.20 22:08:12 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Friedrich\AppData\Roaming\mozilla\Firefox\Profiles\h89tyrh8.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012.12.14 04:32:37 | 000,061,608 | ---- | M] () (No name found) -- C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\extensions\text2voice@vik.josh.xpi
[2013.05.08 22:57:13 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.11 02:20:39 | 000,002,079 | ---- | M] () -- C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\searchplugins\00602db9-9247-49a9-9a29-0f2b8c6dba8e.xml
[2013.02.11 02:22:15 | 000,002,079 | ---- | M] () -- C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\searchplugins\af2f1ea8-ef71-4a3b-825a-a693a69d6b5e.xml
[2013.02.11 02:20:42 | 000,002,077 | ---- | M] () -- C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\searchplugins\{99180D6A-540D-4681-9B76-67B304FEA462}.xml
[2013.02.11 02:20:42 | 000,002,188 | ---- | M] () -- C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\searchplugins\{A81C69A3-DFF4-460B-B7AF-004D6CD4E3B4}.xml
[2013.02.11 02:20:42 | 000,001,870 | ---- | M] () -- C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\searchplugins\{E018BDE8-CC94-4DDB-9C7C-C76E1867A68B}.xml
[2012.11.19 19:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.16 19:55:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.27 18:32:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.27 18:32:45 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.27 18:32:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.27 18:32:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.27 18:32:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.27 18:32:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://start.iminent.com/?appId=96091ACA-167C-4AA0-9AE8-916F0296ADC6
CHR - homepage: hxxp://start.iminent.com/?appId=96091ACA-167C-4AA0-9AE8-916F0296ADC6
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3993219044-2753971007-1908284826-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-3993219044-2753971007-1908284826-1000..\Run: [Microsoft Works Update Detection] C:\Program Files (x86)\Microsoft Works\WkDetect.exe File not found
O4 - HKU\S-1-5-21-3993219044-2753971007-1908284826-1000..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKU\S-1-5-21-3993219044-2753971007-1908284826-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Friedrich\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Friedrich\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Friedrich\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Friedrich\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42A41F4B-69CB-4DAF-9321-DDF1C4AB820F}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\ccleaner64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\fighterlauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\logfilescollector.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nokiasuite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\shortcutlauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\slow-pcfighter64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\sync.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\ccleaner64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\fighterlauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\logfilescollector.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\nokiasuite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\shortcutlauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\slow-pcfighter64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\sync.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.30 16:08:19 | 000,000,000 | ---D | C] -- C:\Windows\TempB6A89D11-814F-0463-3822-7ACB36ECECF9-Signatures
[2013.05.30 15:28:30 | 000,000,000 | ---D | C] -- C:\Users\Friedrich\X
[2013.05.30 15:01:19 | 000,000,000 | ---D | C] -- C:\Windows\Temp83D0878C-B65E-3CD1-EE34-BB469CB4AECD-Signatures
[2013.05.30 14:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2013.05.30 14:06:17 | 000,026,112 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2013.05.30 14:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2013.05.30 03:01:32 | 000,000,000 | ---D | C] -- C:\Windows\Temp8E8C357F-A044-B503-83DB-73E4C3E0664D-Signatures
[2013.05.29 23:55:50 | 000,000,000 | ---D | C] -- C:\Windows\TempCAADE2DD-41E9-2178-7DD7-2409C257B48A-Signatures
[2013.05.29 21:57:39 | 000,000,000 | ---D | C] -- C:\Users\Friedrich\AppData\Roaming\Avira
[2013.05.29 21:57:16 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.29 21:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.29 21:56:24 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.05.29 21:56:24 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.05.29 21:56:24 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.05.29 21:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.29 21:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.05.28 22:25:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.28 19:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Preventon
[2013.05.28 19:18:44 | 000,000,000 | ---D | C] -- C:\Users\Friedrich\Local Settings
[2013.05.28 19:17:08 | 000,035,328 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013.05.28 19:17:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp
[2013.05.28 19:17:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC
[2013.05.27 17:07:26 | 000,000,000 | ---D | C] -- C:\Windows\Temp249118D2-EA98-01BC-5DED-54F8AAE73DCF-Signatures
[2013.05.24 20:24:02 | 000,000,000 | ---D | C] -- C:\Windows\TempDA294B54-90F4-DBDA-E468-6B138DD8D7A6-Signatures
[2013.05.24 19:55:04 | 000,000,000 | ---D | C] -- C:\Windows\Temp7EBDBC94-E9AC-C197-19D9-C5F4D2574315-Signatures
[2013.05.19 16:24:31 | 000,000,000 | ---D | C] -- C:\Windows\TempF45BB662-C4CC-0626-1144-8A26E2AB3719-Signatures
[2013.05.18 21:53:42 | 000,000,000 | ---D | C] -- C:\Windows\Temp154576B1-829B-4C02-75E9-E473E7645806-Signatures
[2013.05.18 21:51:48 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.18 21:51:47 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.18 21:51:47 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.18 21:51:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.18 21:51:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.18 21:51:46 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.18 21:51:45 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.18 21:51:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.18 21:51:45 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.18 21:51:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.18 21:51:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.18 21:51:44 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.18 21:51:42 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.18 21:51:42 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.18 21:51:41 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.18 21:50:32 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.18 21:50:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.18 21:50:31 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.18 21:50:31 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.18 21:50:16 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.18 21:50:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.18 21:50:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.14 18:48:48 | 000,000,000 | ---D | C] -- C:\Windows\TempD4431C01-97E5-0993-763E-64CBE77FC181-Signatures
[2013.05.14 14:05:06 | 000,000,000 | ---D | C] -- C:\Users\Friedrich\CT
[2013.05.10 19:14:40 | 000,000,000 | ---D | C] -- C:\Windows\Temp74E1B6FB-072C-7531-0CD9-27780464EBF6-Signatures
[2013.05.07 16:09:58 | 000,000,000 | ---D | C] -- C:\Windows\TempD36FD95A-20F7-DF91-C8D0-7E14904625F4-Signatures
[2013.05.06 20:19:45 | 000,000,000 | ---D | C] -- C:\Windows\TempBCC69D3A-2B4D-AA15-DE67-23731A485793-Signatures
[2013.05.06 02:10:21 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.05.06 02:10:21 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll
[2013.05.06 02:10:21 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2013.05.06 02:10:20 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2013.05.06 02:10:20 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.05.06 02:10:20 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.05.06 02:10:20 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll
[2013.05.06 02:10:19 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.05.06 02:10:19 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.05.06 02:10:18 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013.05.06 02:10:18 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2013.05.06 02:10:18 | 000,220,776 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2013.05.06 02:10:18 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2013.05.06 02:10:18 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2013.05.06 02:10:18 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013.05.06 02:10:17 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013.05.06 02:10:16 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013.05.06 02:10:15 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2013.05.06 02:10:14 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013.05.06 02:10:14 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013.05.06 02:10:13 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013.05.06 02:10:13 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.05.06 02:10:13 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.05.06 02:10:13 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.05.06 02:10:12 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.05.06 02:10:11 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013.05.06 02:10:11 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.05.06 02:10:11 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.05.06 02:10:10 | 005,096,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2013.05.06 02:10:10 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2013.05.06 02:10:08 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013.05.06 02:10:08 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013.05.06 02:10:08 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013.05.06 02:10:07 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2013.05.06 02:10:07 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013.05.06 02:10:07 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013.05.06 02:10:07 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013.05.06 02:10:06 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2013.05.06 02:10:05 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.05.06 02:10:05 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.05.06 02:10:05 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2013.05.06 02:10:05 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013.05.06 02:10:05 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.05.06 02:10:02 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.05.06 02:10:02 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013.05.06 02:10:02 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2013.05.06 02:10:02 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2013.05.06 02:10:01 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013.05.06 02:10:01 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013.05.06 02:10:01 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2013.05.06 02:10:00 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013.05.06 02:10:00 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013.05.06 02:10:00 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013.05.06 02:10:00 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013.05.06 02:10:00 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013.05.06 02:09:59 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013.05.06 02:09:59 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013.05.06 02:09:59 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013.05.06 02:09:59 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013.05.06 02:09:57 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013.05.06 02:09:57 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013.05.06 02:08:26 | 000,805,088 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013.05.06 02:08:26 | 000,074,344 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2013.05.06 02:05:11 | 000,031,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013.05.06 02:05:10 | 000,194,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013.05.05 00:42:12 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2013.05.05 00:42:01 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2013.05.02 22:56:16 | 000,000,000 | ---D | C] -- C:\Windows\Temp834438DD-DD8A-86AE-A13B-18F47FD436F8-Signatures
[2013.05.02 22:47:02 | 000,000,000 | ---D | C] -- C:\Windows\Temp84C3D619-0598-7764-FD96-DFC565DC8FD6-Signatures
[2013.05.02 16:09:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FromDocToPDF_65EI
[2013.05.02 15:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\BSD
[2013.05.01 22:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Fighters
[2013.05.01 14:17:59 | 000,000,000 | ---D | C] -- C:\Windows\Temp55F0949B-8A90-1527-5654-B1366872E9CB-Signatures
[2013.05.01 13:10:34 | 000,000,000 | ---D | C] -- C:\Windows\TempFB35FD7F-1ED1-8A86-7D89-C36D3F2738BB-Signatures
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.30 19:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.30 19:15:49 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.30 19:15:49 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.30 19:07:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.30 16:08:54 | 000,002,113 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.05.30 14:15:34 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.30 14:15:34 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.30 14:15:34 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.30 14:15:34 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.30 14:15:34 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.30 14:08:36 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2013.05.29 22:05:21 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.29 21:57:15 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.29 21:56:46 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.29 21:39:21 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.05.29 21:39:21 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.05.29 21:39:21 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.05.29 15:32:14 | 000,410,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.29 15:32:05 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter64-Friedrich-Notification.job
[2013.05.22 16:40:37 | 000,002,099 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013.05.19 18:22:57 | 000,000,078 | ---- | M] () -- C:\Users\Friedrich\AppData\Roaming\mbam.context.scan
[2013.05.16 14:32:46 | 001,277,744 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe
[2013.05.16 14:31:26 | 000,035,328 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013.05.16 14:02:40 | 000,829,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll
[2013.05.16 14:02:40 | 000,608,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll
[2013.05.15 14:55:49 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 14:55:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.10 02:28:52 | 000,000,037 | ---- | M] () -- C:\Users\Friedrich\.gtk-bookmarks
[2013.05.05 00:42:12 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2013.05.05 00:42:01 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2013.05.05 00:41:12 | 000,000,315 | ---- | M] () -- C:\Windows\ST6UNST.000
[2013.05.02 23:27:35 | 000,002,318 | ---- | M] () -- C:\Users\Friedrich\Desktop\Internet Explorer.lnk
[2013.05.02 21:57:27 | 000,000,583 | ---- | M] () -- C:\Windows\SysNative\MyDefrag.debuglog
[2013.05.01 23:12:25 | 000,000,206 | ---- | M] () -- C:\Users\Friedrich\Documents\cc_20130501_231214.reg
[2013.05.01 22:52:11 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\SLOW-PCfighter.lnk
 
========== Files Created - No Company Name ==========
 
[2013.05.30 14:08:36 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2013.05.29 22:05:21 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.29 21:56:46 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.29 15:31:53 | 000,410,824 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.28 19:17:08 | 001,277,744 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe
[2013.05.10 02:28:52 | 000,000,037 | ---- | C] () -- C:\Users\Friedrich\.gtk-bookmarks
[2013.05.06 02:10:11 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.05.05 00:41:10 | 000,000,315 | ---- | C] () -- C:\Windows\ST6UNST.000
[2013.05.01 23:31:47 | 000,000,583 | ---- | C] () -- C:\Windows\SysNative\MyDefrag.debuglog
[2013.05.01 23:12:16 | 000,000,206 | ---- | C] () -- C:\Users\Friedrich\Documents\cc_20130501_231214.reg
[2013.05.01 22:52:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter64-Friedrich-Notification.job
[2013.05.01 22:52:11 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\SLOW-PCfighter.lnk
[2012.11.06 23:43:39 | 000,000,078 | ---- | C] () -- C:\Users\Friedrich\AppData\Roaming\mbam.context.scan
[2012.09.22 20:19:01 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012.09.22 20:19:01 | 000,012,031 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-Jardinains!.dat
[2012.06.18 22:32:44 | 000,000,900 | ---- | C] () -- C:\Users\Friedrich\.recently-used.xbel
[2011.10.12 19:27:35 | 000,033,792 | ---- | C] () -- C:\Users\Friedrich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.21 18:37:01 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.21 17:39:03 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
 
========== ZeroAccess Check ==========
 
[2012.07.14 19:11:12 | 000,000,596 | ---- | M] () -- C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths" /s /c >
HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{1E3769EA-C4B6-4859-9057-A45DC3EF654C}
    ItemData    REG_SZ    C:\Program Files (x86)\Common Files\Symantec Shared
    SaferFlags    REG_DWORD    0x2
HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{32F6C39E-6185-49FB-B334-61C610EAA2C5}
    ItemData    REG_SZ    C:\Documents and Settings\All Users\Application Data\Malwarebytes
    SaferFlags    REG_DWORD    0x2
HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{6DD84D39-FA7E-4CAD-89C5-09E37E78F132}
    ItemData    REG_SZ    C:\Program Files (x86)\Symantec
    SaferFlags    REG_DWORD    0x2
HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{8FA0F90D-21AF-4C9A-B413-F84D72BE388D}
    ItemData    REG_SZ    C:\Program Files (x86)\Symantec
    SaferFlags    REG_DWORD    0x2
HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{C2D73F65-8436-41F8-B4DC-1C7D80E6B78E}
    ItemData    REG_SZ    C:\Program Files (x86)\Symantec
    SaferFlags    REG_DWORD    0x2
 
<          >

< End of report >
--- --- ---


Gruß
Bluebird

schrauber 30.05.2013 19:53
Hi,

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
O4 - HKU\S-1-5-21-3993219044-2753971007-1908284826-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-3993219044-2753971007-1908284826-1000..\Run: [Microsoft Works Update Detection] C:\Program Files (x86)\Microsoft Works\WkDetect.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKU\S-1-5-21-3993219044-2753971007-1908284826-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Versuch danach Java wieder.

Avira öffnen -> Protokolle -> findest Du da die Meldungen die Du eben erwähnt hast?

Bluebird55 30.05.2013 21:21
Hier die OTL

========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3993219044-2753971007-1908284826-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3993219044-2753971007-1908284826-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Works Update Detection deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPath deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3993219044-2753971007-1908284826-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 05302013_221045


Hier die Info aus dem Avira-Protokoll:


Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 30. Mai 2013 13:53


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Friedrich
Computername : MACK327

Versionsinformationen:
BUILD.DAT : 13.0.0.3640 54852 Bytes 18.04.2013 13:29:00
AVSCAN.EXE : 13.6.0.1262 636984 Bytes 29.05.2013 19:37:52
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 29.05.2013 19:37:52
LUKE.DLL : 13.6.0.1262 65080 Bytes 29.05.2013 19:38:39
AVSCPLR.DLL : 13.6.0.1262 92216 Bytes 29.05.2013 19:57:14
AVREG.DLL : 13.6.0.1262 247864 Bytes 29.05.2013 19:57:14
avlode.dll : 13.6.2.1262 432184 Bytes 29.05.2013 19:37:48
avlode.rdf : 13.0.1.12 25921 Bytes 29.05.2013 19:39:23
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 22:08:10
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 22:08:41
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 20:26:33
VBASE003.VDF : 7.11.80.61 2048 Bytes 28.05.2013 20:26:33
VBASE004.VDF : 7.11.80.62 2048 Bytes 28.05.2013 20:26:33
VBASE005.VDF : 7.11.80.63 2048 Bytes 28.05.2013 20:26:33
VBASE006.VDF : 7.11.80.64 2048 Bytes 28.05.2013 20:26:33
VBASE007.VDF : 7.11.80.65 2048 Bytes 28.05.2013 20:26:33
VBASE008.VDF : 7.11.80.66 2048 Bytes 28.05.2013 20:26:33
VBASE009.VDF : 7.11.80.67 2048 Bytes 28.05.2013 20:26:33
VBASE010.VDF : 7.11.80.68 2048 Bytes 28.05.2013 20:26:33
VBASE011.VDF : 7.11.80.69 2048 Bytes 28.05.2013 20:26:33
VBASE012.VDF : 7.11.80.70 2048 Bytes 28.05.2013 20:26:33
VBASE013.VDF : 7.11.80.71 2048 Bytes 28.05.2013 20:26:33
VBASE014.VDF : 7.11.81.57 145408 Bytes 29.05.2013 19:37:11
VBASE015.VDF : 7.11.81.58 2048 Bytes 29.05.2013 19:37:11
VBASE016.VDF : 7.11.81.59 2048 Bytes 29.05.2013 19:37:11
VBASE017.VDF : 7.11.81.60 2048 Bytes 29.05.2013 19:37:11
VBASE018.VDF : 7.11.81.61 2048 Bytes 29.05.2013 19:37:11
VBASE019.VDF : 7.11.81.62 2048 Bytes 29.05.2013 19:37:11
VBASE020.VDF : 7.11.81.63 2048 Bytes 29.05.2013 19:37:11
VBASE021.VDF : 7.11.81.64 2048 Bytes 29.05.2013 19:37:11
VBASE022.VDF : 7.11.81.65 2048 Bytes 29.05.2013 19:37:11
VBASE023.VDF : 7.11.81.66 2048 Bytes 29.05.2013 19:37:11
VBASE024.VDF : 7.11.81.67 2048 Bytes 29.05.2013 19:37:11
VBASE025.VDF : 7.11.81.68 2048 Bytes 29.05.2013 19:37:11
VBASE026.VDF : 7.11.81.69 2048 Bytes 29.05.2013 19:37:11
VBASE027.VDF : 7.11.81.70 2048 Bytes 29.05.2013 19:37:11
VBASE028.VDF : 7.11.81.71 2048 Bytes 29.05.2013 19:37:11
VBASE029.VDF : 7.11.81.72 2048 Bytes 29.05.2013 19:37:12
VBASE030.VDF : 7.11.81.73 2048 Bytes 29.05.2013 19:37:12
VBASE031.VDF : 7.11.81.132 122880 Bytes 30.05.2013 11:21:14
Engineversion : 8.2.12.50
AEVDF.DLL : 8.1.2.10 102772 Bytes 11.07.2012 09:08:34
AESCRIPT.DLL : 8.1.4.118 487805 Bytes 23.05.2013 18:13:40
AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 23:05:36
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 20:26:49
AERDL.DLL : 8.2.0.88 643444 Bytes 11.01.2013 00:09:27
AEPACK.DLL : 8.3.2.12 754040 Bytes 08.05.2013 22:08:53
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 08.03.2013 21:46:56
AEHEUR.DLL : 8.1.4.386 5947769 Bytes 27.05.2013 20:26:32
AEHELP.DLL : 8.1.25.10 258425 Bytes 08.05.2013 22:08:47
AEGEN.DLL : 8.1.7.4 442741 Bytes 08.05.2013 22:08:46
AEEXP.DLL : 8.4.0.32 201078 Bytes 23.05.2013 18:13:40
AEEMU.DLL : 8.1.3.2 393587 Bytes 11.07.2012 09:08:33
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 21:36:43
AEBB.DLL : 8.1.1.4 53619 Bytes 09.11.2012 21:23:15
AVWINLL.DLL : 13.6.0.480 26480 Bytes 29.05.2013 19:37:04
AVPREF.DLL : 13.6.0.480 51056 Bytes 29.05.2013 19:37:50
AVREP.DLL : 13.6.0.480 178544 Bytes 29.05.2013 19:39:22
AVARKT.DLL : 13.6.0.1262 258104 Bytes 29.05.2013 19:37:37
AVEVTLOG.DLL : 13.6.0.1262 164920 Bytes 29.05.2013 19:37:41
SQLITE3.DLL : 3.7.0.1 397704 Bytes 29.05.2013 19:38:59
AVSMTP.DLL : 13.6.0.480 62832 Bytes 29.05.2013 19:37:59
NETNT.DLL : 13.6.0.480 16240 Bytes 29.05.2013 19:38:47
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 29.05.2013 19:37:06
RCTEXT.DLL : 13.6.0.976 69344 Bytes 29.05.2013 19:37:06

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldrives.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, Q:, F:, G:, D:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Donnerstag, 30. Mai 2013 13:53

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'MsMpEng.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '169' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'NvXDSync.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVScanningService.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '157' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWatchService.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamscheduler.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'msseces.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesService64.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesApp64.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'NisSrv.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'thunderbird.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'IEXPLORE.EXE' - '133' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil64_11_7_700_202_ActiveX.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'IEXPLORE.EXE' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'TUAutoReactivator64.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'NokiaSuite.exe' - '212' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '35' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2310' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <eMachines>
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{1DA38287-496D-6CF6-7C4F-F0B99851C77D}-%2e_files_17[1].exe
[FUND] Ist das Trojanische Pferd TR/Bublik.I.11
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{3A3E00F4-DA90-B888-BEFA-A1EC0863C960}-ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Drop.Dapato.cdtt
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{4C278782-3B35-8EF0-84FA-1AD728852CCB}-ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Bublik.I.13
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{703808A8-E074-1008-372D-CA4EE0D0B3FC}-ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Drop.Dapato.cdtt
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{766C9549-81AC-D3ED-00DB-F3656EBF9E64}-ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Bublik.I.13
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{78D90740-2E5F-533E-3593-73CBC4A9F2AA}-ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Bublik.I.11
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{894220A9-F7A1-41B2-DC1B-CE32FE171F36}-ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Drop.Dapato.cdtt
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{90C27775-89C4-DB17-BECB-65366D72394A}-ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Drop.Dapato.cdtt
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{B822D19E-03AF-CD36-8745-A9610A4EDF86}-%2e_files_32[1].exe
[FUND] Ist das Trojanische Pferd TR/Bublik.I.13
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{DFA29352-E481-CEDB-BAC0-149117E780DA}-ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Bublik.I.11
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{FBCA1FAD-DCEB-4ECF-A301-F7FF80D1972C}-ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Bublik.I.11
Beginne mit der Suche in 'Q:\'
Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!
Systemfehler [5]: Zugriff verweigert
Beginne mit der Suche in 'F:\'
Der zu durchsuchende Pfad F:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'G:\'
Der zu durchsuchende Pfad G:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'D:\'
Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.

Beginne mit der Desinfektion:
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{FBCA1FAD-DCEB-4ECF-A301-F7FF80D1972C}-ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Bublik.I.11
[HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[HINWEIS] Die Datei existiert nicht!
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{DFA29352-E481-CEDB-BAC0-149117E780DA}-ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Bublik.I.11
[HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[HINWEIS] Die Datei existiert nicht!
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{B822D19E-03AF-CD36-8745-A9610A4EDF86}-%2e_files_32[1].exe
[FUND] Ist das Trojanische Pferd TR/Bublik.I.13
[HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[HINWEIS] Die Datei existiert nicht!
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{90C27775-89C4-DB17-BECB-65366D72394A}-ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Drop.Dapato.cdtt
[HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[HINWEIS] Die Datei existiert nicht!
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{894220A9-F7A1-41B2-DC1B-CE32FE171F36}-ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Drop.Dapato.cdtt
[HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[HINWEIS] Die Datei existiert nicht!
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{78D90740-2E5F-533E-3593-73CBC4A9F2AA}-ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Bublik.I.11
[HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[HINWEIS] Die Datei existiert nicht!
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{766C9549-81AC-D3ED-00DB-F3656EBF9E64}-ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Bublik.I.13
[HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[HINWEIS] Die Datei existiert nicht!
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{703808A8-E074-1008-372D-CA4EE0D0B3FC}-ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Drop.Dapato.cdtt
[HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[HINWEIS] Die Datei existiert nicht!
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{4C278782-3B35-8EF0-84FA-1AD728852CCB}-ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Bublik.I.13
[HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[HINWEIS] Die Datei existiert nicht!
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{3A3E00F4-DA90-B888-BEFA-A1EC0863C960}-ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Drop.Dapato.cdtt
[HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[HINWEIS] Die Datei existiert nicht!
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{1DA38287-496D-6CF6-7C4F-F0B99851C77D}-%2e_files_17[1].exe
[FUND] Ist das Trojanische Pferd TR/Bublik.I.11
[HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[HINWEIS] Die Datei existiert nicht!


Ende des Suchlaufs: Donnerstag, 30. Mai 2013 15:34
Benötigte Zeit: 1:33:15 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

32698 Verzeichnisse wurden überprüft
653753 Dateien wurden geprüft
11 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
653742 Dateien ohne Befall
4952 Archive wurden durchsucht
0 Warnungen
11 Hinweise


Leider kann ich das alte Java weiterhin nicht deinstallieren, um ein neues herunterzuladen. Es bleibt weiterhin bei der Fehlermeldung, die ich schon einmal beschrieben hatte, dass eine Installationsdatei nicht gefunden wurde und ich die Ressource angeben soll... aber leider weiß ich das nicht, wo ich diese Datei "jre1.6.0_31-c-l.msi" finden soll!

Gruß
Bluebird

schrauber 30.05.2013 21:26
Die Funde sind alle schon in Quarantäne.


Und wenn Du ohne zu deinstallieren nur eine neue Version installierst? Schon versucht?

Bluebird55 30.05.2013 22:15
Hat geklappt. Soweit alles O.K.

Außer dass ich beim Update von Windows immer noch ein Update habe, dass sich nicht installieren lässt...


"Update for Microsoft Security Essentials - KB2804527 (4.2.223.1)

Installationsdatum: 30.05.2012 - 22:56

Sie müssen ggf. den Computer neu starten, damit die Ändereungen wirksam werden.

Installationsstatus: Fehlgeschlagen

Fehlerdetails: Code 8004FF80 ('Hilfe zu diesem Fehler')

Updatetyp: Wichtig

Durch dieses Paket wird der Microsoft Securita Essentials-Client auf dem Computer des Benutzers aktualisiert.

Weitere Informationen:
http_//go.microsoft.com/fwlink/?LinkId=195462

Hilfe und Support:
http_//go.microsoft.com/fwlink/?LinkId=195463"


Und die dort angebotenen Hilfsangebote helfen mir auch nicht weiter. Dieser Fehler ist und bleibt bestehen! Leider!

Was gibt es denn da für Möglichkeiten? Danke!

Gruß
Bluebird

schrauber 31.05.2013 11:10
Downloade dir bitte Farbar's Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.
Poste bitte den Inhalt hier.

Bluebird55 31.05.2013 13:08
Hallo Schrauber,

vielen Dank!

Hier das Ergebnis:

Farbar Service Scanner Version: 25-05-2013
Ran by Friedrich (administrator) on 31-05-2013 at 14:04:59
Running from "C:\Users\Friedrich\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Gruß
Bluebird

schrauber 31.05.2013 13:16
MSE bitte einmal deinstallieren und neu installieren.

Bluebird55 31.05.2013 13:39
Hallo Schrauber,

leider funktioniert dies nicht! Es erscheint folgende Meldung:

"Der Deinstallations-Assistent kann nicht fertig gestellt werden.

Der Deinstallions-Assistent für Security Essentials konnte aufgrund eines Fehlers nicht fortgesetzt werden. Starten Sie den Computer neu, und wiederholen Sie den Vorgang."

Das habe ich auch schon gemacht, aber es bleibt bei der Fehlermeldung:

"Fehlercode:0x8004FF80"

Gruß
Bluebird

schrauber 31.05.2013 13:44
Fix problems with programs that can't be installed or uninstalled

Laden, laufen lassen und nach der Suche MSE selektieren.

Bluebird55 31.05.2013 13:58
Es erscheint in der Liste nicht der Name

"Microsoft Security Essentials"

sondern unter den anderen Programmen nur:

"Microsoft Security Client"!

Was soll ich jetzt machen? Danke!

Gruß
Bluebird

schrauber 31.05.2013 14:10
Wähle den :)

Bluebird55 31.05.2013 14:22
Hat geklappt! Jetzt MSE neu installieren, ja?

schrauber 31.05.2013 14:23
jup :)

Bluebird55 31.05.2013 14:39
Hallo Schrauber,

leider klappt jetzt auch diese Installation nicht! Er empfiehlt ja alle anderen Antiviren- und Spywareprogramme zu deaktivieren. Kann das daran liegen?

Fehlercode zu diesem Problem: "0x80070645"

Gruß
Bluebird

schrauber 31.05.2013 15:40
Code:
reg query "HKEY_CLASSES_ROOT\Installer\UpgradeCodes\26D13F39948E1D546B0106B5539504D9" /s /c
reg query "HKEY_CLASSES_ROOT\Installer\UpgradeCodes\1F69ACF0D1CF2B7418F292F0E05EC20B" /s /c
Das bitte in OTL in die Custom Scan Box kopieren und Quick Scan klicken.

Bluebird55 31.05.2013 17:37
Und dann das Ergebnis hier reinstellen...? :-)OTL Logfile:
Code:
OTL logfile created on: 31.05.2013 18:18:46 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Friedrich\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 64,38% Memory free
8,00 Gb Paging File | 6,48 Gb Available in Paging File | 81,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,91 Gb Total Space | 840,79 Gb Free Space | 91,70% Space Free | Partition Type: NTFS
 
Computer Name: MACK327 | User Name: Friedrich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.30 20:36:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Friedrich\Downloads\OTL.exe
PRC - [2013.05.29 21:38:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.05.29 21:37:44 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.05.29 21:37:42 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.05.10 02:20:51 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.17 17:58:30 | 001,246,744 | ---- | M] (Preventon Technologies Limited) -- C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
PRC - [2012.09.17 17:58:30 | 000,468,064 | ---- | M] (Preventon Technologies Limited) -- C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.10 02:20:34 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
MOD - [2013.05.10 02:20:33 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2013.05.10 02:20:29 | 002,244,504 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012.05.29 13:09:50 | 000,035,680 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV - [2013.05.29 21:38:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.05.29 21:37:44 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.05.15 14:55:49 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.18 11:06:42 | 000,737,616 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2013.04.16 19:55:52 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.08 13:21:12 | 000,338,432 | ---- | M] (SPAMfighter ApS) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe -- (Common Toolkit 2)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.17 17:58:30 | 001,246,744 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe -- (AV Engine Scanning Service)
SRV - [2012.09.17 17:58:30 | 000,468,064 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe -- (AV Watch Service)
SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.01.26 17:48:52 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.04.04 01:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.29 21:39:21 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.05.29 21:39:21 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.05.29 21:39:21 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.01.29 05:35:28 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.01.23 10:31:52 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2013.01.23 10:31:52 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2013.01.23 10:31:52 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2013.01.23 10:31:52 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.12.26 18:26:12 | 000,805,088 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.09.17 17:58:32 | 000,013,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfsfilter.sys -- (AVFSFilter)
DRV:64bit: - [2012.08.30 23:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.12.09 11:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.03.29 16:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://emachines.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:tabs
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: text2voice%40vik.josh:1.10
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.1
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.16 19:55:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.22 16:40:19 | 000,000,000 | ---D | M]
 
[2011.09.25 11:23:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Friedrich\AppData\Roaming\mozilla\Extensions
[2013.05.28 14:10:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Friedrich\AppData\Roaming\mozilla\Firefox\Profiles\h89tyrh8.default\extensions
[2013.05.22 23:33:20 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Friedrich\AppData\Roaming\mozilla\Firefox\Profiles\h89tyrh8.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.05.20 22:08:12 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Friedrich\AppData\Roaming\mozilla\Firefox\Profiles\h89tyrh8.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012.12.14 04:32:37 | 000,061,608 | ---- | M] () (No name found) -- C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\extensions\text2voice@vik.josh.xpi
[2013.05.08 22:57:13 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.11 02:20:39 | 000,002,079 | ---- | M] () -- C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\searchplugins\00602db9-9247-49a9-9a29-0f2b8c6dba8e.xml
[2013.02.11 02:22:15 | 000,002,079 | ---- | M] () -- C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\searchplugins\af2f1ea8-ef71-4a3b-825a-a693a69d6b5e.xml
[2013.02.11 02:20:42 | 000,002,077 | ---- | M] () -- C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\searchplugins\{99180D6A-540D-4681-9B76-67B304FEA462}.xml
[2013.02.11 02:20:42 | 000,002,188 | ---- | M] () -- C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\searchplugins\{A81C69A3-DFF4-460B-B7AF-004D6CD4E3B4}.xml
[2013.02.11 02:20:42 | 000,001,870 | ---- | M] () -- C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\searchplugins\{E018BDE8-CC94-4DDB-9C7C-C76E1867A68B}.xml
[2012.11.19 19:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.16 19:55:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.27 18:32:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.27 18:32:45 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.27 18:32:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.27 18:32:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.27 18:32:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.27 18:32:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://start.iminent.com/?appId=96091ACA-167C-4AA0-9AE8-916F0296ADC6
CHR - homepage: hxxp://start.iminent.com/?appId=96091ACA-167C-4AA0-9AE8-916F0296ADC6
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Program Files (x86)\Microsoft Works\WkDetect.exe File not found
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Friedrich\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Friedrich\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Friedrich\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Friedrich\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42A41F4B-69CB-4DAF-9321-DDF1C4AB820F}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\ccleaner64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\fighterlauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\logfilescollector.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nokiasuite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\shortcutlauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\slow-pcfighter64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\sync.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\ccleaner64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\fighterlauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\logfilescollector.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\nokiasuite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\shortcutlauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\slow-pcfighter64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\sync.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.31 15:18:06 | 000,000,000 | ---D | C] -- C:\MATS
[2013.05.31 14:54:48 | 000,000,000 | ---D | C] -- C:\Users\Friedrich\AppData\Local\ElevatedDiagnostics
[2013.05.31 03:48:14 | 000,000,000 | ---D | C] -- C:\Windows\TempEDBF45C2-16DC-7B85-AF41-70AE0B04837C-Signatures
[2013.05.31 03:08:45 | 000,000,000 | ---D | C] -- C:\Windows\Temp7250D27F-7B78-2572-5764-93818DF30F1F-Signatures
[2013.05.30 22:55:33 | 000,000,000 | ---D | C] -- C:\Windows\Temp092D1224-3121-0072-1FAB-C4C826510DD5-Signatures
[2013.05.30 22:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.05.30 22:10:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.30 16:08:19 | 000,000,000 | ---D | C] -- C:\Windows\TempB6A89D11-814F-0463-3822-7ACB36ECECF9-Signatures
[2013.05.30 15:28:30 | 000,000,000 | ---D | C] -- C:\Users\Friedrich\X
[2013.05.30 15:01:19 | 000,000,000 | ---D | C] -- C:\Windows\Temp83D0878C-B65E-3CD1-EE34-BB469CB4AECD-Signatures
[2013.05.30 14:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2013.05.30 14:06:17 | 000,026,112 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2013.05.30 14:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2013.05.30 03:01:32 | 000,000,000 | ---D | C] -- C:\Windows\Temp8E8C357F-A044-B503-83DB-73E4C3E0664D-Signatures
[2013.05.29 23:55:50 | 000,000,000 | ---D | C] -- C:\Windows\TempCAADE2DD-41E9-2178-7DD7-2409C257B48A-Signatures
[2013.05.29 21:57:39 | 000,000,000 | ---D | C] -- C:\Users\Friedrich\AppData\Roaming\Avira
[2013.05.29 21:57:16 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.29 21:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.29 21:56:24 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.05.29 21:56:24 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.05.29 21:56:24 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.05.29 21:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.29 21:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.05.28 22:25:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.28 19:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Preventon
[2013.05.28 19:18:44 | 000,000,000 | ---D | C] -- C:\Users\Friedrich\Local Settings
[2013.05.28 19:17:08 | 000,035,328 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013.05.28 19:17:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp
[2013.05.28 19:17:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC
[2013.05.27 17:07:26 | 000,000,000 | ---D | C] -- C:\Windows\Temp249118D2-EA98-01BC-5DED-54F8AAE73DCF-Signatures
[2013.05.24 20:24:02 | 000,000,000 | ---D | C] -- C:\Windows\TempDA294B54-90F4-DBDA-E468-6B138DD8D7A6-Signatures
[2013.05.24 19:55:04 | 000,000,000 | ---D | C] -- C:\Windows\Temp7EBDBC94-E9AC-C197-19D9-C5F4D2574315-Signatures
[2013.05.19 16:24:31 | 000,000,000 | ---D | C] -- C:\Windows\TempF45BB662-C4CC-0626-1144-8A26E2AB3719-Signatures
[2013.05.18 21:53:42 | 000,000,000 | ---D | C] -- C:\Windows\Temp154576B1-829B-4C02-75E9-E473E7645806-Signatures
[2013.05.14 18:48:48 | 000,000,000 | ---D | C] -- C:\Windows\TempD4431C01-97E5-0993-763E-64CBE77FC181-Signatures
[2013.05.14 14:05:06 | 000,000,000 | ---D | C] -- C:\Users\Friedrich\CT
[2013.05.10 19:14:40 | 000,000,000 | ---D | C] -- C:\Windows\Temp74E1B6FB-072C-7531-0CD9-27780464EBF6-Signatures
[2013.05.07 16:09:58 | 000,000,000 | ---D | C] -- C:\Windows\TempD36FD95A-20F7-DF91-C8D0-7E14904625F4-Signatures
[2013.05.06 20:19:45 | 000,000,000 | ---D | C] -- C:\Windows\TempBCC69D3A-2B4D-AA15-DE67-23731A485793-Signatures
[2013.05.06 02:10:21 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.05.06 02:10:20 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.05.06 02:10:20 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.05.06 02:10:19 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.05.06 02:10:19 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.05.06 02:10:18 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2013.05.06 02:10:18 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2013.05.06 02:10:18 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2013.05.06 02:10:18 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013.05.06 02:10:13 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.05.06 02:10:13 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.05.06 02:10:13 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.05.06 02:10:12 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.05.06 02:10:11 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.05.06 02:10:11 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.05.06 02:10:08 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013.05.06 02:10:08 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013.05.06 02:10:08 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013.05.06 02:10:07 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2013.05.06 02:10:07 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013.05.06 02:10:07 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013.05.06 02:10:07 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013.05.06 02:10:06 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2013.05.06 02:10:05 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.05.06 02:10:05 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.05.06 02:10:05 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2013.05.06 02:10:05 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013.05.06 02:10:05 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.05.06 02:10:02 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.05.06 02:10:02 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013.05.06 02:10:02 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2013.05.06 02:10:02 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2013.05.06 02:10:01 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013.05.06 02:10:01 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013.05.06 02:10:01 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2013.05.06 02:10:00 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013.05.06 02:10:00 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013.05.06 02:10:00 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013.05.06 02:10:00 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013.05.06 02:10:00 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013.05.06 02:09:59 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013.05.06 02:09:59 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013.05.06 02:09:59 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013.05.06 02:09:59 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013.05.06 02:08:26 | 000,805,088 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013.05.02 22:56:16 | 000,000,000 | ---D | C] -- C:\Windows\Temp834438DD-DD8A-86AE-A13B-18F47FD436F8-Signatures
[2013.05.02 22:47:02 | 000,000,000 | ---D | C] -- C:\Windows\Temp84C3D619-0598-7764-FD96-DFC565DC8FD6-Signatures
[2013.05.02 16:09:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FromDocToPDF_65EI
[2013.05.02 15:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\BSD
[2013.05.01 22:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Fighters
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.31 18:26:07 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.31 18:26:07 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.31 18:26:07 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.31 18:26:07 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.31 18:26:07 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.31 18:23:38 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.31 18:23:38 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.31 18:16:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.31 15:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.31 15:39:09 | 000,002,122 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.05.31 13:01:35 | 000,410,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.30 14:08:36 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2013.05.29 22:05:21 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.29 21:57:15 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.29 21:56:46 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.29 21:39:21 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.05.29 21:39:21 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.05.29 21:39:21 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.05.29 15:32:05 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter64-Friedrich-Notification.job
[2013.05.22 16:40:37 | 000,002,099 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013.05.19 18:22:57 | 000,000,078 | ---- | M] () -- C:\Users\Friedrich\AppData\Roaming\mbam.context.scan
[2013.05.16 14:32:46 | 001,277,744 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe
[2013.05.16 14:31:26 | 000,035,328 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013.05.10 02:28:52 | 000,000,037 | ---- | M] () -- C:\Users\Friedrich\.gtk-bookmarks
[2013.05.05 00:41:12 | 000,000,315 | ---- | M] () -- C:\Windows\ST6UNST.000
[2013.05.02 23:27:35 | 000,002,318 | ---- | M] () -- C:\Users\Friedrich\Desktop\Internet Explorer.lnk
[2013.05.02 21:57:27 | 000,000,583 | ---- | M] () -- C:\Windows\SysNative\MyDefrag.debuglog
[2013.05.01 23:12:25 | 000,000,206 | ---- | M] () -- C:\Users\Friedrich\Documents\cc_20130501_231214.reg
[2013.05.01 22:52:11 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\SLOW-PCfighter.lnk
 
========== Files Created - No Company Name ==========
 
[2013.05.31 13:01:26 | 000,410,824 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.30 14:08:36 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2013.05.29 22:05:21 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.29 21:56:46 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.28 19:17:08 | 001,277,744 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe
[2013.05.10 02:28:52 | 000,000,037 | ---- | C] () -- C:\Users\Friedrich\.gtk-bookmarks
[2013.05.06 02:10:11 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.05.05 00:41:10 | 000,000,315 | ---- | C] () -- C:\Windows\ST6UNST.000
[2013.05.01 23:31:47 | 000,000,583 | ---- | C] () -- C:\Windows\SysNative\MyDefrag.debuglog
[2013.05.01 23:12:16 | 000,000,206 | ---- | C] () -- C:\Users\Friedrich\Documents\cc_20130501_231214.reg
[2013.05.01 22:52:23 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter64-Friedrich-Notification.job
[2013.05.01 22:52:11 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\SLOW-PCfighter.lnk
[2012.11.06 23:43:39 | 000,000,078 | ---- | C] () -- C:\Users\Friedrich\AppData\Roaming\mbam.context.scan
[2012.09.22 20:19:01 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012.09.22 20:19:01 | 000,012,031 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-Jardinains!.dat
[2012.06.18 22:32:44 | 000,000,900 | ---- | C] () -- C:\Users\Friedrich\.recently-used.xbel
[2011.10.12 19:27:35 | 000,033,792 | ---- | C] () -- C:\Users\Friedrich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.21 18:37:01 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.21 17:39:03 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
 
========== ZeroAccess Check ==========
 
[2012.07.14 19:11:12 | 000,000,596 | ---- | M] () -- C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.29 21:00:52 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\Acvuk
[2012.04.23 22:48:33 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\Amazon
[2012.09.29 15:36:38 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\Bekowa
[2012.10.18 00:52:14 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\DVDVideoSoft
[2013.02.26 22:44:35 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\Efficient Diary
[2012.11.06 23:47:21 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\Fezoip
[2012.11.03 01:08:29 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\Golyum
[2013.05.10 02:29:10 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\gtk-2.0
[2013.03.27 13:50:37 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\Gyuly
[2013.03.26 14:16:00 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\Inesd
[2011.10.31 22:13:15 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\map&guide
[2012.11.03 03:36:13 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\Noik
[2012.05.15 21:48:21 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\Nokia
[2011.09.21 17:14:41 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\OEM
[2011.09.24 21:32:29 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\OpenOffice.org
[2012.10.15 19:33:32 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\Opera
[2011.10.12 19:13:42 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\PC Suite
[2013.02.17 22:46:49 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\PDF Architect
[2013.05.10 02:22:51 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\PhotoScape
[2012.10.06 22:21:59 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\SoftGrid Client
[2013.03.17 16:06:08 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\Stellarium
[2011.09.25 11:23:02 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\Thunderbird
[2011.10.21 13:56:36 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\Tific
[2011.09.21 18:38:33 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\TP
[2012.06.01 00:54:14 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\TuneUp Software
[2012.11.06 22:59:15 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\Xiyt
[2012.09.29 22:50:20 | 000,000,000 | ---D | M] -- C:\Users\Friedrich\AppData\Roaming\Yqfiq
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< reg query "HKEY_CLASSES_ROOT\Installer\UpgradeCodes\26D13F39948E1D546B0106B5539504D9" /s /c >
HKEY_CLASSES_ROOT\INSTALLER\UPGRADECODES\26D13F39948E1D546B0106B5539504D9
    2303D87CDFD90D14D99E85AE7E05BC4A    REG_SZ   
 
< reg query "HKEY_CLASSES_ROOT\Installer\UpgradeCodes\1F69ACF0D1CF2B7418F292F0E05EC20B" /s /c >
 
<          >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.10.03 12:07:56 | 000,001,112 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.10.03 12:07:57 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.11.10 13:48:33 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.05.01 22:52:23 | 000,000,392 | ---- | C] () -- C:\Windows\Tasks\SLOW-PCfighter64-Friedrich-Notification.job

< End of report >
--- --- ---

schrauber 31.05.2013 18:37
Hi,

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:reg
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\26D13F39948E1D546B0106B5539504D9]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Reboot und nochmal MSE versuchen.

Bluebird55 01.06.2013 15:00
Hallo Schrauber,


hier das Ergebnis der OTL:

========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\Installer\UpgradeCodes\26D13F39948E1D546B0106B5539504D9\ deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 05312013_202955


Leider ließ sich die MSE immer noch nicht installieren!

Es erscheint eine Fehlermeldung: "Fehlercode:0x8004FF80"

Gruß
Friedrich

schrauber 01.06.2013 15:21
Microsoft Windows Installer Cleanup Utility 2.5.0.1 - Download | ZDNet.de

Windows Cleanup Installer Tool laden und ausführen, alles von MSE, Security Client und MS Antimalware weg machen, dann nochmal versuchen.

Bluebird55 01.06.2013 16:03
Das Tool ist jetzt auf meinem Computer installiert.

Von MSE habe ich momentan ja nichts auf dem Computer.

Und was ist Security Client und MS Antimalware? Wo kann ich diese finden und deinstallieren?

Gruß
Bluebird

schrauber 01.06.2013 17:41
Du musst dieses Tool laufen lassen, dort werden dir evtl MSE und die beiden anderen angezeigt, mit dem Tool dann diese Einträge entfernen.

Bluebird55 03.06.2013 23:11
Hallo Schrauber,

das Tool läuft dann unter dem Namen

"Windoes Installer Clean Up", ja?

Dort finde ich aber keinen Eintrag Security Client oder MS Malware! Oder haben die in der Liste einen anderen Namen...?

Beim Versuch MSE zu installieren erscheint immer wieder die selbe Fehlermeldung:

"Fehlercode:0x8004FF80"

Ich bin jetzt völlig ratlos!

Gruß
Bluebird

schrauber 04.06.2013 06:31
Mach mal bitte nen Screenshot was DU siehst wenn Du das CLeanup Tool startest.

Bluebird55 04.06.2013 18:44
Ich weiß zwar, wie man einen Screenshot macht, aber wie kann ich den (und in welchem Programm?) speichern? Und ihn dann hier einfügen? Sorry!

Gruß
Bluebird

schrauber 04.06.2013 19:56
Wenn du alt+drucken gedrückt hast, paint öffnen > reichtsklick einfügen. Als Jpg speichern und per Mail an schrauber(at)gmx.eu.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:05 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131