MyStart by Incredibar bei Mozilla Firefox entfernen

MMMathisss · 27.07.2013, 19:18

Hallo,
ich habe hier schon einige Einträge zu diesem Thema gelesen und wollte das jetzt auch angehen. Ich benutze Firefox und habe seit einiger Zeit das Problem, dass bei jedem neuen Tab automatisch die Suchmaschine MyStart eingefügt wird. Ich habe auch schon defogger, OTL und GMER scannen lassen...

OTL.txt:

OTL logfile created on: 27.07.2013 18:13:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MMMathisss\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,91 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 61,34% Memory free
7,82 Gb Paging File | 5,71 Gb Available in Paging File | 73,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,01 Gb Total Space | 118,86 Gb Free Space | 26,35% Space Free | Partition Type: NTFS

Computer Name: MMMATHISSS-PC | User Name: MMMathisss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.07.27 18:12:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MMMathisss\Downloads\OTL.exe
PRC - [2013.07.18 08:02:17 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.07.18 08:01:52 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.07.18 08:01:44 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.07.18 08:01:44 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.07.13 10:48:22 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\MMMathisss\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.06.05 14:18:06 | 001,039,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
PRC - [2013.06.05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\MMMathisss\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\MMMathisss\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.07 10:55:02 | 000,015,152 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
PRC - [2013.01.29 15:29:00 | 000,188,760 | ---- | M] () -- C:\Programme\IB Updater\ExtensionUpdaterService.exe
PRC - [2013.01.11 16:31:14 | 000,050,208 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
PRC - [2013.01.11 16:29:20 | 000,024,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
PRC - [2012.10.08 18:04:18 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012.10.05 17:08:42 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012.09.26 19:14:10 | 000,168,864 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
PRC - [2012.07.30 18:34:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.07.16 17:49:10 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
PRC - [2012.07.02 11:16:06 | 000,695,448 | ---- | M] () -- C:\Users\MMMathisss\AppData\Roaming\BrowserCompanion\tbhcn.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.05.20 18:16:10 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2010.12.29 20:54:10 | 000,740,688 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
PRC - [2010.12.15 17:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010.11.17 19:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010.11.06 06:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.06 06:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.10.06 04:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.06 04:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.07.06 21:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

========== Modules (No Company Name) ==========

MOD - [2013.07.13 03:57:01 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\14dd60b57c8e7542cc9711866ef63e8a\IAStorCommon.ni.dll
MOD - [2013.07.13 03:57:00 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\bf97db1b84277902561096c62d42ee22\IAStorUtil.ni.dll
MOD - [2013.07.13 03:48:39 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\dcc781ebbddf98a9cf6dd4f3b17f1063\System.Web.ni.dll
MOD - [2013.07.13 03:48:32 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c8ea295fd4dce110b32c3c4f0e3807b2\System.Runtime.Remoting.ni.dll
MOD - [2013.07.13 03:48:02 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013.07.13 03:47:54 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013.07.13 03:47:39 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013.07.13 03:47:33 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013.07.13 03:47:29 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013.07.13 03:47:28 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013.07.13 03:47:22 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013.06.05 14:21:18 | 000,071,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
MOD - [2013.04.07 10:55:02 | 000,015,152 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
MOD - [2013.04.07 10:54:20 | 000,306,176 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\lmrn.dll
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\MMMathisss\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.02.05 09:25:06 | 000,362,029 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\sqlite3.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\MMMathisss\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012.09.26 19:14:10 | 000,168,864 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
MOD - [2012.07.02 11:16:06 | 000,695,448 | ---- | M] () -- C:\Users\MMMathisss\AppData\Roaming\BrowserCompanion\tbhcn.exe
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.09.17 02:21:05 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.12.15 17:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010.11.25 05:44:02 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
MOD - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013.04.07 10:54:58 | 001,455,408 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2011.05.12 08:53:46 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.12.03 17:26:34 | 003,143,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV - [2013.07.18 08:02:17 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.07.18 08:01:52 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.07.18 08:01:44 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.07.10 03:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.07.06 12:57:08 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.07.05 15:54:02 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013.06.21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.06.12 18:42:29 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.26 12:34:25 | 001,824,288 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2013.01.29 15:29:00 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV - [2013.01.29 14:15:49 | 002,060,912 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2013.01.11 16:31:14 | 000,050,208 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
SRV - [2012.10.08 18:04:18 | 000,166,912 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.10.05 17:08:42 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012.08.08 19:26:42 | 000,918,064 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2012.07.30 18:34:29 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.16 17:49:10 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.05.20 18:16:10 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.05.20 18:15:20 | 000,080,032 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.01.25 11:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.12.29 20:54:24 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2010.12.03 17:14:58 | 002,696,496 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010.11.25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010.11.25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010.11.06 06:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.10.06 04:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.10.06 04:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.09.23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 20:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.07.18 08:02:34 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.07.18 08:02:34 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.06 16:13:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.01.09 13:39:34 | 000,109,080 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.11.13 20:33:12 | 000,174,016 | ---- | M] () [Kernel | System | Running] -- C:\windows\SysNative\DRIVERS\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2012.10.30 14:49:32 | 000,238,960 | ---- | M] (© Guillemot R&D, 2012. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJBulk.sys -- (Bulk)
DRV:64bit: - [2012.10.30 14:49:30 | 000,271,216 | ---- | M] (© Guillemot R&D, 2012. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJMidi.sys -- (HDJMidi)
DRV:64bit: - [2012.10.30 12:08:48 | 000,082,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\windows\SysNative\DRIVERS\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2012.10.30 12:08:10 | 000,065,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\windows\SysNative\DRIVERS\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2012.09.25 23:46:20 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.18 18:54:57 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.03.18 18:54:57 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.16 15:40:20 | 000,176,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.20 18:15:34 | 000,282,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.05.20 18:15:34 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.05.20 18:15:34 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.05.20 18:15:34 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.05.20 18:15:34 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.05.20 18:15:34 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.05.20 18:15:32 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.05.13 10:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.05.12 12:16:38 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.12 08:16:54 | 000,304,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.22 03:17:10 | 002,727,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.04.10 21:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.25 11:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.12.13 16:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010.12.10 23:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 23:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.07 01:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.30 02:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 11:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.08.20 18:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010.03.19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.11.02 12:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.26 15:36:32 | 000,030,352 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synusb64.sys -- (synusb64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.06.25 10:42:30 | 000,130,088 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117unic.sys -- (s117unic)
DRV:64bit: - [2007.06.25 10:42:30 | 000,123,432 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117obex.sys -- (s117obex)
DRV:64bit: - [2007.06.25 10:42:30 | 000,031,272 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117nd5.sys -- (s117nd5)
DRV:64bit: - [2007.06.25 10:42:24 | 000,144,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117mdm.sys -- (s117mdm)
DRV:64bit: - [2007.06.25 10:42:24 | 000,125,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117mgmt.sys -- (s117mgmt)
DRV:64bit: - [2007.06.25 10:42:24 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117mdfl.sys -- (s117mdfl)
DRV:64bit: - [2007.06.25 10:42:22 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117bus.sys -- (s117bus)
DRV - [2012.11.13 22:53:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2012.07.17 13:37:44 | 000,344,376 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2012.07.17 13:37:16 | 000,042,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys -- (TmPreFilter)
DRV - [2012.07.17 13:28:46 | 002,224,952 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys -- (VSApiNt)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb185?a=6Oz0QEMZIk&i=26
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{036100C0-A8DF-419B-A2DF-C52E7D92EA29}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=23761D64-DAE2-40DF-9553-C6DE6CB84430&apn_sauid=FB934B90-7720-437A-BA4F-4929D54022EC
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb203?a=6Oz0QEMZIk&search={searchTerms}&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7Ba3a5c777-f583-4fef-9380-ab4add1bc2a2%7D:2.1
FF - prefs.js..extensions.enabledAddons: %7BFE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052%7D:2.0.0.574
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0039-ABCDEFFEDCBA%7D:6.0.39
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb185/?loc=IB_DS&a=6Oz0QEMZIk&&i=26&search="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MMMathisss\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MMMathisss\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\MMMathisss\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\MMMathisss\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.18 17:18:30 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.18 17:18:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011.09.17 00:29:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension [2012.10.07 17:37:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013.03.18 17:18:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013.03.18 17:18:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Users\MMMathisss\AppData\Local\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Users\MMMathisss\AppData\Local\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011.10.24 14:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MMMathisss\AppData\Roaming\mozilla\Extensions
[2013.03.31 21:20:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MMMathisss\AppData\Roaming\mozilla\Firefox\Profiles\d7k0vg3w.default\extensions
[2013.03.31 21:20:28 | 000,000,000 | ---D | M] (Broowsee2sAAvye) -- C:\Users\MMMathisss\AppData\Roaming\mozilla\Firefox\Profiles\d7k0vg3w.default\extensions\vnk5vuay@eooaazo.net
[2013.02.23 10:05:18 | 000,023,181 | ---- | M] () (No name found) -- C:\Users\MMMathisss\AppData\Roaming\mozilla\firefox\profiles\d7k0vg3w.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a2}.xpi
[2012.01.03 17:27:44 | 000,002,333 | ---- | M] () -- C:\Users\MMMathisss\AppData\Roaming\mozilla\firefox\profiles\d7k0vg3w.default\searchplugins\askcom.xml
[2013.07.27 11:36:40 | 000,002,120 | ---- | M] () -- C:\Users\MMMathisss\AppData\Roaming\mozilla\firefox\profiles\d7k0vg3w.default\searchplugins\MyStart Search.xml
[2012.07.26 13:22:50 | 000,002,792 | ---- | M] () -- C:\Users\MMMathisss\AppData\Roaming\mozilla\firefox\profiles\d7k0vg3w.default\searchplugins\Plusnetwork.xml
[2013.07.06 12:56:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.07.06 12:56:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.07.06 12:56:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.07.06 12:56:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.07.06 12:56:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.07.06 12:56:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013.07.06 12:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.07.06 12:57:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: hxxp://www.google.com
CHR - Extension: No name found = C:\Users\MMMathisss\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjhebojdhnojbfopjjdlifhjfbmjaibj\1\
CHR - Extension: No name found = C:\Users\MMMathisss\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\MMMathisss\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\MMMathisss\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.574_0\
CHR - Extension: No name found = C:\Users\MMMathisss\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\MMMathisss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkchbifjjnafgoolbibfmgkibbngknkk\1.23.46_0\crossrider
CHR - Extension: No name found = C:\Users\MMMathisss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkchbifjjnafgoolbibfmgkibbngknkk\1.23.46_0\
CHR - Extension: No name found = C:\Users\MMMathisss\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: No name found = C:\Users\MMMathisss\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: No name found = C:\Users\MMMathisss\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.0.21_0\
CHR - Extension: No name found = C:\Users\MMMathisss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension64.dll ()
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Savings Explorer) - {11111111-1111-1111-1111-110211101158} - C:\Program Files (x86)\Savings Explorer\Savings Explorer.dll (215 Apps)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension32.dll ()
O2 - BHO: (Broowsee2sAAvye) - {7166141E-11FE-030C-C002-87B3240A7063} - C:\ProgramData\Broowsee2sAAvye\515894332814f.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [OE] C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\MMMathisss\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\MMMathisss\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\MMMathisss\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\MMMathisss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MMMathisss\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\MMMathisss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\MMMathisss\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\MMMathisss\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\MMMathisss\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{890C6EDC-351C-4F7A-8418-9ECF0492D6A6}: DhcpNameServer = 192.168.220.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2F0D3F4-4FA2-4CF9-A3AD-C8B1CBBAE940}: DhcpNameServer = 192.168.220.1
O18:64bit: - Protocol\Handler\base64 - No CLSID value found
O18:64bit: - Protocol\Handler\chrome - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\prox - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.)
O20 - AppInit_DLLs: (c:\progra~2\browse~2\sprote~1.dll) - c:\progra~2\browse~2\sprote~1.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9a0f3f6d-ecbe-11e2-a4b9-1803737c0e2c}\Shell - "" = AutoRun
O33 - MountPoints2\{9a0f3f6d-ecbe-11e2-a4b9-1803737c0e2c}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.07.27 18:03:55 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\AppData\Local\{3EDFCC6B-74B8-466A-8BCE-12C99FAA0F6D}
[2013.07.27 17:52:06 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\AppData\Local\Mozilla Firefox
[2013.07.26 17:24:13 | 000,083,672 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avnetflt.sys
[2013.07.25 18:30:55 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\AppData\Roaming\Avira
[2013.07.25 18:25:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.07.25 18:24:06 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013.07.25 18:24:03 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.07.25 18:24:03 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.07.25 18:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.07.25 18:23:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.07.25 03:01:19 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT
[2013.07.24 17:36:20 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\directx
[2013.07.24 17:28:18 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\AppData\Local\{A8133B90-A0EB-478E-92A3-DC11EC2EFE6F}
[2013.07.19 19:13:50 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\Documents\Rockstar Games
[2013.07.19 19:12:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013.07.19 19:12:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2013.07.19 19:11:12 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\AppData\Local\Rockstar Games
[2013.07.19 19:10:59 | 000,000,000 | RH-D | C] -- C:\Users\MMMathisss\AppData\Roaming\SecuROM
[2013.07.19 19:10:58 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt_x64.dll
[2013.07.19 19:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2013.07.19 19:10:00 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\xlive
[2013.07.19 19:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013.07.19 11:14:08 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\Documents\The Witcher
[2013.07.19 11:14:08 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\AppData\Local\The Witcher
[2013.07.19 11:10:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\The Witcher
[2013.07.17 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\AppData\Local\{ECB5D034-77DB-4566-9CA7-DFA8014A38CD}
[2013.07.15 14:24:01 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\AppData\Local\{0F314344-8940-4CDE-8C7D-713D036D11F5}
[2013.07.15 14:15:06 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\.android
[2013.07.15 14:14:55 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
[2013.07.15 14:14:29 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\AppData\Local\Android
[2013.07.13 13:55:29 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\AppData\Local\{9F76D19E-175D-4B63-AE25-0AEDD82A99F4}
[2013.07.13 11:46:56 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\Documents\Square Enix
[2013.07.10 18:53:39 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\AppData\Local\{E1599DCB-0A60-49E5-B702-08E8A3CC2B73}
[2013.07.09 20:32:51 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\Desktop\Audio
[2013.07.09 18:17:59 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\Desktop\Hintergründe
[2013.07.08 20:25:39 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\AppData\Local\{0DFF2A99-BC45-4E97-B141-2A3D69CD1DB3}
[2013.07.08 16:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2013.07.08 16:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2013.07.08 16:01:57 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\AppData\Local\Oblivion
[2013.07.08 16:01:57 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\Documents\My Games
[2013.07.08 16:00:15 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\AppData\Local\{E6CC9DA3-459A-47D1-B718-D44EBC70AF69}
[2013.07.06 12:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.07.05 15:55:01 | 000,000,000 | ---D | C] -- C:\Users\MMMathisss\AppData\Local\{F13388B3-2486-4915-A430-A0DF181751F6}
[2013.05.26 18:22:01 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\MMMathisss\AppData\Roaming\SetupGFD.exe
[2013.05.26 18:21:42 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\MMMathisss\AppData\Roaming\Imgburn.exe
[2013.05.26 18:21:33 | 005,082,084 | ---- | C] (The Public) -- C:\Users\MMMathisss\AppData\Roaming\Avisynth.exe
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.07.27 18:11:45 | 000,000,000 | ---- | M] () -- C:\Users\MMMathisss\defogger_reenable
[2013.07.27 18:11:00 | 000,001,140 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-407728501-2777482580-3349739275-1000UA.job
[2013.07.27 17:52:13 | 000,001,240 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.07.27 17:50:00 | 000,000,948 | ---- | M] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-407728501-2777482580-3349739275-1000UA.job
[2013.07.27 17:42:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.07.27 17:35:00 | 000,001,118 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.27 17:31:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.07.27 16:40:20 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.27 16:40:20 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.27 11:37:29 | 000,000,336 | ---- | M] () -- C:\windows\tasks\GlaryInitialize.job
[2013.07.27 11:36:39 | 000,001,114 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.27 11:35:39 | 3148,222,464 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.26 17:23:57 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avnetflt.sys
[2013.07.26 17:23:19 | 000,001,088 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-407728501-2777482580-3349739275-1000Core.job
[2013.07.25 22:16:41 | 000,000,896 | ---- | M] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-407728501-2777482580-3349739275-1000Core.job
[2013.07.25 18:25:06 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.07.25 17:53:36 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
[2013.07.22 17:54:35 | 002,180,352 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.07.22 17:54:35 | 000,908,256 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.07.22 17:54:35 | 000,863,534 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.07.22 17:54:35 | 000,216,534 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.07.22 17:54:35 | 000,189,480 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.07.19 19:10:58 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt_x64.dll
[2013.07.18 08:02:34 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.07.18 08:02:34 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.07.13 03:38:02 | 005,021,496 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.07.09 21:20:08 | 000,081,303 | ---- | M] () -- C:\Users\MMMathisss\Desktop\PROGRESSIVE.bak
[2013.07.09 21:02:51 | 000,117,682 | ---- | M] () -- C:\Users\MMMathisss\Desktop\PROGRESSIVE-02.bak
[2013.07.09 20:47:51 | 000,068,272 | ---- | M] () -- C:\Users\MMMathisss\Desktop\PROGRESSIVE-03.bak
[2013.07.08 15:43:25 | 000,000,000 | ---- | M] () -- C:\END
[2013.07.05 16:03:41 | 000,019,325 | ---- | M] () -- C:\Users\MMMathisss\Desktop\Politische Dichtung.odt
[2013.07.05 15:44:15 | 000,019,968 | ---- | M] () -- C:\Users\MMMathisss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.07.27 18:11:45 | 000,000,000 | ---- | C] () -- C:\Users\MMMathisss\defogger_reenable
[2013.07.27 17:52:12 | 000,001,240 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.07.25 18:25:06 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.07.25 17:53:36 | 000,001,082 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
[2013.07.25 17:53:36 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
[2013.07.09 20:47:51 | 000,117,682 | ---- | C] () -- C:\Users\MMMathisss\Desktop\PROGRESSIVE-02.bak
[2013.07.09 20:47:51 | 000,081,303 | ---- | C] () -- C:\Users\MMMathisss\Desktop\PROGRESSIVE.bak
[2013.07.09 20:47:51 | 000,068,272 | ---- | C] () -- C:\Users\MMMathisss\Desktop\PROGRESSIVE-03.bak
[2013.07.05 16:03:40 | 000,019,325 | ---- | C] () -- C:\Users\MMMathisss\Desktop\Politische Dichtung.odt
[2013.05.26 18:23:17 | 000,034,936 | ---- | C] () -- C:\windows\SysWow64\uninstHelixYUV.exe
[2013.05.26 18:21:56 | 005,243,208 | ---- | C] ( ) -- C:\Users\MMMathisss\AppData\Roaming\AvsP.exe
[2013.05.26 18:21:51 | 001,357,348 | ---- | C] () -- C:\Users\MMMathisss\AppData\Roaming\MatroskaSplitter.exe
[2013.05.26 18:21:49 | 000,117,723 | ---- | C] () -- C:\Users\MMMathisss\AppData\Roaming\yuvcodecs-1.3.exe
[2012.12.30 18:14:11 | 000,000,136 | ---- | C] () -- C:\windows\SIERRA.INI
[2012.07.30 18:25:36 | 000,298,280 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012.07.30 18:25:35 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2012.07.30 18:25:33 | 003,360,624 | ---- | C] () -- C:\windows\SysWow64\pbsvc.exe
[2012.07.29 12:51:25 | 000,103,755 | ---- | C] () -- C:\Users\MMMathisss\final_bstSnapshot_51171.jpg
[2012.07.29 12:51:24 | 000,103,755 | ---- | C] () -- C:\Users\MMMathisss\final_bstSnapshot_96432.jpg
[2012.07.29 12:25:23 | 000,061,142 | ---- | C] () -- C:\Users\MMMathisss\final_bstSnapshot_86947.jpg
[2012.07.29 12:25:10 | 000,061,142 | ---- | C] () -- C:\Users\MMMathisss\final_bstSnapshot_59371.jpg
[2012.07.26 13:25:11 | 000,003,253 | ---- | C] () -- C:\Users\MMMathisss\.recently-used.xbel
[2012.03.04 12:40:50 | 000,000,000 | ---- | C] () -- C:\windows\LocoRoco 2 - Wave.ini
[2012.02.14 18:26:19 | 000,000,049 | ---- | C] () -- C:\Users\MMMathisss\jagex_cl_runescape_LIVE.dat
[2012.02.14 18:26:19 | 000,000,024 | ---- | C] () -- C:\Users\MMMathisss\random.dat
[2012.01.10 17:47:22 | 000,338,432 | ---- | C] () -- C:\windows\SysWow64\sqlite36_engine.dll
[2012.01.06 14:31:18 | 000,013,720 | ---- | C] () -- C:\windows\W3DemoUnin.dat
[2011.12.25 20:58:18 | 000,002,892 | ---- | C] () -- C:\windows\SysWow64\audcon.sys
[2011.12.25 20:55:39 | 000,000,051 | ---- | C] () -- C:\windows\SysWow64\SYNSOPOS.exe.cfg
[2011.12.25 20:55:36 | 000,086,016 | ---- | C] () -- C:\windows\SysWow64\SYNSOPOS.exe
[2011.12.13 20:47:27 | 004,353,804 | ---- | C] () -- C:\Program Files\Arptronv2.5.zip
[2011.12.13 20:43:50 | 000,005,170 | ---- | C] () -- C:\Program Files\Arptron
[2011.10.27 18:24:09 | 000,019,968 | ---- | C] () -- C:\Users\MMMathisss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.17 01:57:19 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011.09.17 01:57:19 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.09.17 01:57:19 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.09.17 01:57:19 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011.09.17 01:57:19 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011.09.17 01:57:19 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011.09.17 01:55:45 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011.09.17 01:55:41 | 000,000,324 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011.09.17 01:55:41 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011.09.17 01:55:41 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011.09.17 01:55:41 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011.09.17 01:55:41 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011.09.16 23:57:50 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011.09.16 23:54:56 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2011.09.16 23:52:06 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2011.09.16 23:46:00 | 002,068,942 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.09.16 23:43:19 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.07.29 13:40:44 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011.07.29 13:40:44 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.06.24 18:42:57 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\.minecraft
[2012.12.30 18:43:33 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\4Free
[2012.02.24 13:15:12 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\Amazon
[2013.04.06 13:10:02 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\Applied Acoustics Systems
[2013.03.07 15:58:08 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\Beat Hazard
[2013.07.27 18:31:06 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\BrowserCompanion
[2012.12.30 18:03:22 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\Canneverbe Limited
[2013.05.25 15:28:06 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\Canon
[2013.03.17 23:02:26 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\capy
[2012.02.18 09:16:42 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\cbuenger
[2012.07.30 14:59:28 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\Cobalt
[2013.03.17 13:17:58 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\Crayon Physics Deluxe
[2012.01.11 19:01:55 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\DesktopIconForAmazon
[2011.10.24 06:49:43 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\DigitalPersona
[2013.07.27 11:40:02 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\Dropbox
[2013.05.26 16:43:53 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\DVDVideoSoft
[2011.10.29 18:37:30 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.03.31 21:50:51 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\Dynamite Jack
[2013.03.17 16:53:11 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\ExpressFiles
[2012.07.26 13:25:11 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\geany
[2012.01.11 18:54:16 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\GetRightToGo
[2012.12.25 09:39:21 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\GlarySoft
[2012.07.26 13:24:38 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\gtk-2.0
[2013.02.05 17:30:14 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\HTC
[2013.02.05 17:30:11 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\HTC Sync
[2012.09.17 15:00:30 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\IDT
[2012.09.19 15:06:43 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\Isotope 244
[2012.01.11 18:09:56 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\Keolab
[2013.04.06 13:13:13 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\Korg
[2013.03.24 16:59:33 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\LibreOffice
[2012.05.23 16:11:14 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\MakeMusic
[2013.06.07 19:14:20 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2012.05.16 14:11:45 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2013.02.05 17:27:28 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\MyPhoneExplorer
[2013.03.17 12:53:47 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\Nicalis
[2012.10.17 21:36:57 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\ooVoo Details
[2011.10.24 14:50:17 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\OpenOffice.org
[2011.10.25 18:26:45 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\PCDr
[2013.06.08 11:36:21 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\PDAppFlex
[2011.10.29 18:42:54 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\PhotoScape
[2012.04.01 15:34:25 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\redsn0w
[2012.12.30 19:55:18 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\smc
[2013.07.26 21:16:54 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\SoftGrid Client
[2013.07.27 17:31:22 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\Spotify
[2012.01.06 23:31:19 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\Steinberg
[2011.12.02 20:45:51 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\Teeworlds
[2011.11.11 18:03:17 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\TP
[2013.01.16 21:50:07 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\TS3Client
[2013.01.13 00:11:51 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\ts3overlay
[2013.06.23 19:43:23 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\uTorrent
[2011.12.25 21:18:23 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\VST3 Presets
[2011.10.26 16:08:06 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\Windows Live Writer
[2012.03.20 15:30:47 | 000,000,000 | ---D | M] -- C:\Users\MMMathisss\AppData\Roaming\Xilisoft

========== Purity Check ==========

< End of report >

Extras.txt und gmer.log im Anhang

Ich hoffe, das stimmt alles so

Danke schonmal im vorraus,

Mathis

Aneri · 27.07.2013, 19:21

Mein Name ist Heiko und ich werde dir helfen.

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld

Aneri · 27.07.2013, 21:50

Die Bereinigung deines Systems ist individuell auf dich zugeschnitten und mitunter mit viel Arbeit für uns beide verbunden.[/CENTER]

Bitte Lesen:
Regeln für die Bereinigung

Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schließn von Sicherheitslücken und sollte gründlich durchgeführt werden.
Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist.

Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du mit der abarbeitung der Schritte beginnst.

Beim ersten Anzeichen illegal genutzter Software (Cracks, Patches und Co) wird der Support unterbrochen. Wir klären dann weitere Schritt wenn es soweit ist.
Falls es sich bei dem Rechner um einen Firmenrechner handelt teile es mir bitte mit.

Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt die angeforderte Rückmeldung (Logfile oder Antwort)
und zwar gesammelt, wenn du alles erledigt hast, in einer Antwort.
Bitte führe nur Scanns durch zu denen Du aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu von mir oder einem anderen Teammitglied aufgefordert.
Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags - #-Symbol im Editor anklicken). Nicht anhängen oder zippen, außer ich fordere Dich dazu auf, oder das Logfile wäre zu gross. Erschwert mir nämlich das Auswerten.
Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss (erleichtert uns die Arbeit).
Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.
Ich werde dir ganz deutlich mitteilen, dass du "sauber" bist. Bis dahin arbeite bitte gut mit.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.

Dann fangen wir mal mit Schritt 1 an:

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

MMMathisss · 29.07.2013, 12:56

Hey Aneri,
hier die Dateien

adwCleaner[S1].txt

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 29/07/2013 um 13:38:44 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : MMMathisss - MMMATHISSS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\MMMathisss\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : IB Updater
Gestoppt & Gelöscht : IBUpdaterService
Gestoppt & Gelöscht : WajamUpdater

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\MMMathisss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
Datei Gelöscht : C:\Users\MMMathisss\AppData\Roaming\Mozilla\Firefox\Profiles\d7k0vg3w.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\MMMathisss\AppData\Roaming\Mozilla\Firefox\Profiles\d7k0vg3w.default\searchplugins\MyStart Search.xml
Datei Gelöscht : C:\Users\MMMathisss\AppData\Roaming\Mozilla\Firefox\Profiles\d7k0vg3w.default\searchplugins\Plusnetwork.xml
Ordner Gelöscht : C:\Program Files (x86)\BrowserCompanion
Ordner Gelöscht : C:\Program Files (x86)\ExpressFiles
Ordner Gelöscht : C:\Program Files (x86)\Perion
Ordner Gelöscht : C:\Program Files (x86)\PricePeep
Ordner Gelöscht : C:\Program Files (x86)\Wajam
Ordner Gelöscht : C:\Program Files\IB Updater
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Broowsee2sAAvye
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broowsee2sAAvye
Ordner Gelöscht : C:\Users\MMMathisss\AppData\Local\APN
Ordner Gelöscht : C:\Users\MMMathisss\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjhebojdhnojbfopjjdlifhjfbmjaibj
Ordner Gelöscht : C:\Users\MMMathisss\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Ordner Gelöscht : C:\Users\MMMathisss\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg
Ordner Gelöscht : C:\Users\MMMathisss\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Ordner Gelöscht : C:\Users\MMMathisss\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gelöscht : C:\Users\MMMathisss\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Ordner Gelöscht : C:\Users\MMMathisss\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\MMMathisss\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\MMMathisss\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\MMMathisss\AppData\LocalLow\bbrs_002.tb
Ordner Gelöscht : C:\Users\MMMathisss\AppData\LocalLow\Broowsee2sAAvye
Ordner Gelöscht : C:\Users\MMMathisss\AppData\LocalLow\incredibar.com
Ordner Gelöscht : C:\Users\MMMathisss\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\MMMathisss\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\MMMathisss\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\MMMathisss\AppData\Roaming\ExpressFiles
Ordner Gelöscht : C:\Users\MMMathisss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Ordner Gelöscht : C:\Users\MMMathisss\AppData\Roaming\Mozilla\Firefox\Profiles\d7k0vg3w.default\extensions\vnk5vuay@eooaazo.net
Ordner Gelöscht : C:\windows\SysWOW64\ARFC
Ordner Gelöscht : C:\windows\SysWOW64\jmdp
Ordner Gelöscht : C:\windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PricePeep
Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211101158}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7166141E-11FE-030C-C002-87B3240A7063}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211101158}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7166141E-11FE-030C-C002-87B3240A7063}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Wajam
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0021058.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0021058.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0021058.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0021058.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Schlüssel Gelöscht : HKLM\Software\ExpressFiles
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211101158}
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\Software\Wajam
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211101158}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7166141E-11FE-030C-C002-87B3240A7063}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211101158}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211101158}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211101158}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7166141E-11FE-030C-C002-87B3240A7063}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16496


-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\MMMathisss\AppData\Roaming\Mozilla\Firefox\Profiles\d7k0vg3w.default\prefs.js

C:\Users\MMMathisss\AppData\Roaming\Mozilla\Firefox\Profiles\d7k0vg3w.default\user.js ... Gelöscht !

Gelöscht : user_pref("aol_toolbar.default.homepage.check", false);
Gelöscht : user_pref("aol_toolbar.default.search.check", false);
Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb185?a=6Oz0QEMZIk&i=26");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Gelöscht : user_pref("extensions.incredibar.admin", false);
Gelöscht : user_pref("extensions.incredibar.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar.cntry", "DE");
Gelöscht : user_pref("extensions.incredibar.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar.dfltSrch", false);
Gelöscht : user_pref("extensions.incredibar.did", "10701");
Gelöscht : user_pref("extensions.incredibar.envrmnt", "production");
Gelöscht : user_pref("extensions.incredibar.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar.hdrMd5", "FA0F0E2912D02435F866EE0685952D84");
Gelöscht : user_pref("extensions.incredibar.hmpg", false);
Gelöscht : user_pref("extensions.incredibar.id", "7c4e86d40000000000005a59f9c37803");
Gelöscht : user_pref("extensions.incredibar.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar.instlDay", "15725");
Gelöscht : user_pref("extensions.incredibar.instlRef", "");
Gelöscht : user_pref("extensions.incredibar.isDcmntCmplt", true);
Gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1412:58:55");
Gelöscht : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Gelöscht : user_pref("extensions.incredibar.newTab", false);
Gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false);
Gelöscht : user_pref("extensions.incredibar.ppd", "123");
Gelöscht : user_pref("extensions.incredibar.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar.productid", "26");
Gelöscht : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar.sg", "none");
Gelöscht : user_pref("extensions.incredibar.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6Oz0QEMZIk&loc=IB_T[...]
Gelöscht : user_pref("extensions.incredibar.upn2", "6Oz0QEMZIk");
Gelöscht : user_pref("extensions.incredibar.upn2n", "92262829309681072");
Gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1412:58:55");
Gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar_i.did", "10701");
Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar_i.id", "7c4e86d40000000000005a59f9c37803");
Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15725");
Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Gelöscht : user_pref("extensions.incredibar_i.ppd", "123");
Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6Oz0QEMZIk&loc=IB[...]
Gelöscht : user_pref("extensions.incredibar_i.upn2", "6Oz0QEMZIk");
Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92262829309681072");
Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1412:58:55");
Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gelöscht : user_pref("extensions.ui.lastCategory", "addons://search/incredibar");
Gelöscht : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb185/?loc=IB_DS&a=6Oz0QEMZIk&&i=26&search="[...]
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "");
Gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\MMMathisss\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [23886 octets] - [29/07/2013 13:38:44]

########## EOF - C:\AdwCleaner[S1].txt - [23947 octets] ##########

FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013
Ran by MMMathisss (administrator) on 29-07-2013 13:48:16
Running from C:\Users\MMMathisss\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\windows\system32\atieclxx.exe
(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DPAgent.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Akamai Technologies, Inc.) C:\Users\MMMathisss\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\MMMathisss\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\windows\SysWOW64\PnkBstrA.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Dropbox, Inc.) C:\Users\MMMathisss\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Akamai Technologies, Inc.) C:\Users\MMMathisss\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Users\MMMathisss\AppData\Local\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\ipmGui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-22] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-15] ()
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [627360 2011-05-20] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [379552 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
HKCU\...\Run: [Google Update] - C:\Users\MMMathisss\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-29] (Google Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\MMMathisss\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\MMMathisss\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-13] (Spotify Ltd)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [Spotify] - C:\Users\MMMathisss\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-07-13] (Spotify Ltd)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1672616 2013-07-10] (Valve Corporation)
MountPoints2: {9a0f3f6d-ecbe-11e2-a4b9-1803737c0e2c} - E:\HTC_Sync_Manager_PC.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RoxWatchTray] - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [OfficeScanNT Monitor] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [2111520 2012-12-28] (Trend Micro Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [OE] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe [846672 2010-08-10] (Trend Micro Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577536 2012-05-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-07-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-18] (Avira Operations GmbH & Co. KG)
AppInit_DLLs-x32: c:\progra~2\browse~2\sprote~1.dll [1050112 2013-01-24] ()
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (No File)
Startup: C:\Users\MMMathisss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\MMMathisss\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb185?a=6Oz0QEMZIk&i=26
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {036100C0-A8DF-419B-A2DF-C52E7D92EA29} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=23761D64-DAE2-40DF-9553-C6DE6CB84430&apn_sauid=FB934B90-7720-437A-BA4F-4929D54022EC
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.220.1

FireFox:
========
FF ProfilePath: C:\Users\MMMathisss\AppData\Roaming\Mozilla\Firefox\Profiles\d7k0vg3w.default
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF NetworkProxy: "type", 0
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_39 - C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\MMMathisss\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\MMMathisss\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\MMMathisss\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @us-w1.rockmelt.com/RockMelt Update;version=8 - C:\Users\MMMathisss\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF Extension: No Name - C:\Users\MMMathisss\AppData\Roaming\Mozilla\Firefox\Profiles\d7k0vg3w.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a2}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension
FF StartMenuInternet: FIREFOX.EXE - C:\Users\MMMathisss\AppData\Local\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR Extension: (YouTube) - C:\Users\MMMATH~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\MMMATH~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (Savings Explorer) - C:\Users\MMMATH~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkchbifjjnafgoolbibfmgkibbngknkk\1.23.46_0
CHR Extension: (Gmail) - C:\Users\MMMATH~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR StartMenuInternet: Google Chrome - "C:\Users\MMMathisss\AppData\Local\Google\Chrome\Application\chrome.exe"

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-05] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2012-07-16] (Nero AG)
S2 ntrtscan; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1824288 2013-02-26] (Trend Micro Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-30] ()
R2 svcGenericHost; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50208 2013-01-11] (Trend Micro Inc.)
S3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [571936 2012-12-17] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [2060912 2013-01-29] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [918064 2012-08-08] (Trend Micro Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [238960 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [271216 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
S3 s117bus; C:\Windows\System32\DRIVERS\s117bus.sys [108072 2007-06-25] (MCCI Corporation)
S3 s117mdfl; C:\Windows\System32\DRIVERS\s117mdfl.sys [19496 2007-06-25] (MCCI Corporation)
S3 s117mdm; C:\Windows\System32\DRIVERS\s117mdm.sys [144424 2007-06-25] (MCCI Corporation)
S3 s117mgmt; C:\Windows\System32\DRIVERS\s117mgmt.sys [125992 2007-06-25] (MCCI Corporation)
S3 s117nd5; C:\Windows\System32\DRIVERS\s117nd5.sys [31272 2007-06-25] (MCCI Corporation)
S3 s117obex; C:\Windows\System32\DRIVERS\s117obex.sys [123432 2007-06-25] (MCCI Corporation)
S3 s117unic; C:\Windows\System32\DRIVERS\s117unic.sys [130088 2007-06-25] (MCCI Corporation)
S3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2009-06-26] (Steinberg Media Technologies GmbH)
S3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [82840 2012-10-30] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [174016 2012-11-13] (Trend Micro Inc.)
S3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65872 2012-10-30] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [344376 2012-07-17] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42808 2012-07-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [109080 2013-01-09] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2224952 2012-07-17] (Trend Micro Inc.)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-11-13] (OpenLibSys.org)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-11-13] (OpenLibSys.org)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-29 13:48 - 2013-07-29 13:48 - 00000000 ____D C:\FRST
2013-07-29 13:47 - 2013-07-29 13:47 - 01780547 _____ (Farbar) C:\Users\MMMathisss\Downloads\FRST64.exe
2013-07-29 13:42 - 2013-07-29 13:42 - 00023989 _____ C:\Users\MMMathisss\Desktop\AdwCleaner[S1].txt
2013-07-29 13:38 - 2013-07-29 13:40 - 00023989 _____ C:\AdwCleaner[S1].txt
2013-07-29 13:37 - 2013-07-29 13:38 - 00666633 _____ C:\Users\MMMathisss\Downloads\adwcleaner.exe
2013-07-29 13:34 - 2013-07-29 13:34 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\{0D928E87-5162-4D9B-9C58-82BEFF99D0A3}
2013-07-27 20:50 - 2013-07-27 20:50 - 00000000 ____D C:\Users\MMMathisss\Desktop\MyStart Incredibar
2013-07-27 18:35 - 2013-07-27 18:35 - 00117728 _____ C:\Users\MMMathisss\Downloads\Extras.Txt
2013-07-27 18:34 - 2013-07-27 18:34 - 00162320 _____ C:\Users\MMMathisss\Downloads\OTL.Txt
2013-07-27 18:12 - 2013-07-27 18:12 - 00602112 _____ (OldTimer Tools) C:\Users\MMMathisss\Downloads\OTL.exe
2013-07-27 18:11 - 2013-07-27 18:11 - 00050477 _____ C:\Users\MMMathisss\Downloads\Defogger.exe
2013-07-27 18:11 - 2013-07-27 18:11 - 00000482 _____ C:\Users\MMMathisss\Downloads\defogger_disable.log
2013-07-27 18:11 - 2013-07-27 18:11 - 00000000 _____ C:\Users\MMMathisss\defogger_reenable
2013-07-27 18:03 - 2013-07-27 18:04 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\{3EDFCC6B-74B8-466A-8BCE-12C99FAA0F6D}
2013-07-27 17:52 - 2013-07-28 21:50 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\Mozilla Firefox
2013-07-27 17:52 - 2013-07-27 17:52 - 00001240 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-27 17:50 - 2013-07-27 17:51 - 21703480 _____ (Mozilla) C:\Users\MMMathisss\Downloads\Firefox_Setup_22.0.exe
2013-07-26 17:24 - 2013-07-26 17:23 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-07-25 18:30 - 2013-07-25 18:30 - 00000000 ____D C:\Users\MMMathisss\AppData\Roaming\Avira
2013-07-25 18:25 - 2013-07-25 18:25 - 00002068 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-07-25 18:24 - 2013-07-18 08:02 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-07-25 18:24 - 2013-07-18 08:02 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-07-25 18:24 - 2013-03-06 16:13 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-07-25 18:23 - 2013-07-25 18:24 - 00000000 ____D C:\ProgramData\Avira
2013-07-25 18:23 - 2013-07-25 18:23 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-25 17:56 - 2013-07-25 17:58 - 108422648 _____ C:\Users\MMMathisss\Downloads\avira_free_antivirus884_de.exe
2013-07-25 17:53 - 2013-07-25 17:53 - 00001070 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-07-25 03:01 - 2013-07-25 03:05 - 00000000 ____D C:\windows\system32\MRT
2013-07-24 17:36 - 2013-07-24 17:36 - 00000000 ___HD C:\windows\msdownld.tmp
2013-07-24 17:36 - 2013-07-24 17:36 - 00000000 ____D C:\windows\SysWOW64\directx
2013-07-24 17:35 - 2013-07-24 17:35 - 00292184 _____ (Microsoft Corporation) C:\Users\MMMathisss\Downloads\dxwebsetup.exe
2013-07-24 17:28 - 2013-07-24 17:28 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\{A8133B90-A0EB-478E-92A3-DC11EC2EFE6F}
2013-07-20 11:43 - 2013-07-20 11:43 - 00000000 _____ C:\windows\SysWOW64\shoAB81.tmp
2013-07-19 19:13 - 2013-07-19 19:13 - 00000000 ____D C:\Users\MMMathisss\Documents\Rockstar Games
2013-07-19 19:12 - 2013-07-19 19:12 - 00000000 __SHD C:\ProgramData\SecuROM
2013-07-19 19:11 - 2013-07-19 19:11 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\Rockstar Games
2013-07-19 19:10 - 2013-07-19 19:10 - 00178800 _____ (Sony DADC Austria AG.) C:\windows\SysWOW64\CmdLineExt_x64.dll
2013-07-19 19:10 - 2013-07-19 19:10 - 00000000 __RHD C:\Users\MMMathisss\AppData\Roaming\SecuROM
2013-07-19 19:10 - 2013-07-19 19:10 - 00000000 ____D C:\windows\SysWOW64\xlive
2013-07-19 19:10 - 2013-07-19 19:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-07-19 11:14 - 2013-07-19 12:50 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\The Witcher
2013-07-19 11:14 - 2013-07-19 11:43 - 00000000 ____D C:\Users\MMMathisss\Documents\The Witcher
2013-07-19 11:10 - 2013-07-19 11:10 - 00000000 ____D C:\Users\Public\Documents\The Witcher
2013-07-17 17:39 - 2013-07-17 17:39 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\{ECB5D034-77DB-4566-9CA7-DFA8014A38CD}
2013-07-15 14:24 - 2013-07-15 14:24 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\{0F314344-8940-4CDE-8C7D-713D036D11F5}
2013-07-15 14:15 - 2013-07-15 14:25 - 00000000 ____D C:\Users\MMMathisss\.android
2013-07-15 14:14 - 2013-07-15 14:14 - 00000000 ____D C:\Users\MMMathisss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2013-07-15 14:14 - 2013-07-15 14:14 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\Android
2013-07-15 14:11 - 2013-07-15 14:12 - 87498295 _____ (Google Inc.) C:\Users\MMMathisss\Downloads\installer_r22-windows.exe
2013-07-13 13:55 - 2013-07-13 13:55 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\{9F76D19E-175D-4B63-AE25-0AEDD82A99F4}
2013-07-13 11:46 - 2013-07-13 11:46 - 00000000 ____D C:\Users\MMMathisss\Documents\Square Enix
2013-07-13 03:10 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-13 03:10 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-13 03:10 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-13 03:10 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-13 03:10 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-13 03:10 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-07-13 03:10 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-07-13 03:10 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-13 03:10 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-13 03:10 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-07-13 03:10 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-07-13 03:10 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-13 03:10 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-13 03:10 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-13 03:10 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-07-13 03:10 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-13 03:10 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-13 03:10 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-13 03:10 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-13 03:10 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-07-13 03:10 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-13 03:10 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-13 03:10 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-07-13 03:10 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-13 03:10 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-07-13 03:10 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-07-13 03:10 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-13 03:10 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-13 03:10 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-13 03:10 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-13 03:10 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-07-13 03:10 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-11 18:26 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-11 18:26 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-11 18:26 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-11 18:26 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-11 18:26 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-11 18:26 - 2013-04-10 07:45 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-11 18:26 - 2013-04-10 07:02 - 01077760 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-10 18:53 - 2013-07-10 18:53 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\{E1599DCB-0A60-49E5-B702-08E8A3CC2B73}
2013-07-09 20:47 - 2013-07-09 21:20 - 00081303 _____ C:\Users\MMMathisss\Desktop\PROGRESSIVE.bak
2013-07-09 20:47 - 2013-07-09 21:02 - 00117682 _____ C:\Users\MMMathisss\Desktop\PROGRESSIVE-02.bak
2013-07-09 20:47 - 2013-07-09 20:47 - 00068272 _____ C:\Users\MMMathisss\Desktop\PROGRESSIVE-03.bak
2013-07-09 20:32 - 2013-07-09 20:32 - 00000000 ____D C:\Users\MMMathisss\Desktop\Audio
2013-07-09 18:17 - 2013-07-20 11:37 - 00000000 ____D C:\Users\MMMathisss\Desktop\Hintergründe
2013-07-08 20:25 - 2013-07-08 20:25 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\{0DFF2A99-BC45-4E97-B141-2A3D69CD1DB3}
2013-07-08 16:45 - 2013-07-08 16:45 - 00003052 _____ C:\windows\System32\Tasks\{8CF076AA-7BD8-4A65-8397-12462DCB3CAA}
2013-07-08 16:03 - 2013-07-08 16:03 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2013-07-08 16:01 - 2013-07-08 20:04 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\Oblivion
2013-07-08 16:01 - 2013-07-08 16:01 - 00000000 ____D C:\Users\MMMathisss\Documents\My Games
2013-07-08 16:00 - 2013-07-08 16:00 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\{E6CC9DA3-459A-47D1-B718-D44EBC70AF69}
2013-07-06 12:56 - 2013-07-27 17:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-05 16:03 - 2013-07-05 16:03 - 00019325 _____ C:\Users\MMMathisss\Desktop\Politische Dichtung.odt
2013-07-05 15:55 - 2013-07-05 15:55 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\{F13388B3-2486-4915-A430-A0DF181751F6}
112

==================== One Month Modified Files and Folders =======

2013-07-29 13:48 - 2013-07-29 13:48 - 00000000 ____D C:\FRST
2013-07-29 13:47 - 2013-07-29 13:47 - 01780547 _____ (Farbar) C:\Users\MMMathisss\Downloads\FRST64.exe
2013-07-29 13:47 - 2012-08-31 13:29 - 00000000 ____D C:\Users\MMMathisss\AppData\Roaming\Spotify
2013-07-29 13:47 - 2011-12-25 21:47 - 00000000 ____D C:\Users\MMMathisss\AppData\Roaming\Dropbox
2013-07-29 13:46 - 2013-04-11 11:29 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-29 13:44 - 2013-02-05 17:29 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\HTC MediaHub
2013-07-29 13:44 - 2011-12-25 21:53 - 00000000 ___RD C:\Users\MMMathisss\Dropbox
2013-07-29 13:44 - 2011-10-24 17:26 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\Adobe
2013-07-29 13:44 - 2011-10-24 15:50 - 00000000 ____D C:\Users\MMMathisss\AppData\Roaming\Skype
2013-07-29 13:44 - 2011-09-17 00:17 - 00000000 ____D C:\ProgramData\Sonic
2013-07-29 13:43 - 2012-06-13 15:41 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-29 13:43 - 2011-10-29 17:57 - 00000336 _____ C:\windows\Tasks\GlaryInitialize.job
2013-07-29 13:42 - 2013-07-29 13:42 - 00023989 _____ C:\Users\MMMathisss\Desktop\AdwCleaner[S1].txt
2013-07-29 13:42 - 2011-10-29 18:40 - 00001114 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-29 13:41 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-29 13:41 - 2009-07-14 06:51 - 00119423 _____ C:\windows\setupact.log
2013-07-29 13:40 - 2013-07-29 13:38 - 00023989 _____ C:\AdwCleaner[S1].txt
2013-07-29 13:40 - 2011-09-16 23:30 - 01270097 _____ C:\windows\WindowsUpdate.log
2013-07-29 13:38 - 2013-07-29 13:37 - 00666633 _____ C:\Users\MMMathisss\Downloads\adwcleaner.exe
2013-07-29 13:38 - 2012-02-29 18:48 - 00001088 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-407728501-2777482580-3349739275-1000Core.job
2013-07-29 13:38 - 2011-11-11 18:03 - 00000000 ____D C:\Users\MMMathisss\AppData\Roaming\SoftGrid Client
2013-07-29 13:38 - 2011-10-24 06:52 - 00000000 ___RD C:\Users\MMMathisss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-29 13:35 - 2011-10-29 18:40 - 00001118 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-29 13:34 - 2013-07-29 13:34 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\{0D928E87-5162-4D9B-9C58-82BEFF99D0A3}
2013-07-29 13:34 - 2011-09-17 02:23 - 00908256 _____ C:\windows\system32\perfh007.dat
2013-07-29 13:34 - 2011-09-17 02:23 - 00216534 _____ C:\windows\system32\perfc007.dat
2013-07-29 13:34 - 2009-07-14 07:13 - 02180352 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-29 13:32 - 2009-07-14 06:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-29 13:32 - 2009-07-14 06:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-29 13:31 - 2012-07-11 21:45 - 00000948 _____ C:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-407728501-2777482580-3349739275-1000UA.job
2013-07-29 13:31 - 2012-02-29 18:48 - 00001140 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-407728501-2777482580-3349739275-1000UA.job
2013-07-28 21:50 - 2013-07-27 17:52 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\Mozilla Firefox
2013-07-28 21:50 - 2012-07-11 21:45 - 00000896 _____ C:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-407728501-2777482580-3349739275-1000Core.job
2013-07-28 21:49 - 2012-04-28 19:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-28 11:59 - 2013-06-17 07:36 - 00003440 _____ C:\windows\System32\Tasks\PCDEventLauncherTask
2013-07-27 20:50 - 2013-07-27 20:50 - 00000000 ____D C:\Users\MMMathisss\Desktop\MyStart Incredibar
2013-07-27 18:35 - 2013-07-27 18:35 - 00117728 _____ C:\Users\MMMathisss\Downloads\Extras.Txt
2013-07-27 18:34 - 2013-07-27 18:34 - 00162320 _____ C:\Users\MMMathisss\Downloads\OTL.Txt
2013-07-27 18:12 - 2013-07-27 18:12 - 00602112 _____ (OldTimer Tools) C:\Users\MMMathisss\Downloads\OTL.exe
2013-07-27 18:11 - 2013-07-27 18:11 - 00050477 _____ C:\Users\MMMathisss\Downloads\Defogger.exe
2013-07-27 18:11 - 2013-07-27 18:11 - 00000482 _____ C:\Users\MMMathisss\Downloads\defogger_disable.log
2013-07-27 18:11 - 2013-07-27 18:11 - 00000000 _____ C:\Users\MMMathisss\defogger_reenable
2013-07-27 18:11 - 2011-10-24 06:49 - 00000000 ____D C:\Users\MMMathisss
2013-07-27 18:04 - 2013-07-27 18:03 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\{3EDFCC6B-74B8-466A-8BCE-12C99FAA0F6D}
2013-07-27 17:52 - 2013-07-27 17:52 - 00001240 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-27 17:52 - 2013-07-06 12:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-27 17:51 - 2013-07-27 17:50 - 21703480 _____ (Mozilla) C:\Users\MMMathisss\Downloads\Firefox_Setup_22.0.exe
2013-07-27 11:35 - 2010-11-21 05:47 - 00093946 _____ C:\windows\PFRO.log
2013-07-26 20:33 - 2013-06-17 07:35 - 00000000 ____D C:\Program Files\My Dell
2013-07-26 20:33 - 2011-10-24 17:00 - 00000000 ____D C:\ProgramData\PCDr
2013-07-26 17:23 - 2013-07-26 17:24 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-07-25 20:37 - 2011-11-27 15:06 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\CrashDumps
2013-07-25 18:30 - 2013-07-25 18:30 - 00000000 ____D C:\Users\MMMathisss\AppData\Roaming\Avira
2013-07-25 18:25 - 2013-07-25 18:25 - 00002068 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-07-25 18:24 - 2013-07-25 18:23 - 00000000 ____D C:\ProgramData\Avira
2013-07-25 18:23 - 2013-07-25 18:23 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-25 17:58 - 2013-07-25 17:56 - 108422648 _____ C:\Users\MMMathisss\Downloads\avira_free_antivirus884_de.exe
2013-07-25 17:54 - 2011-10-24 06:54 - 00000000 ____D C:\Users\MMMathisss\AppData\Roaming\Adobe
2013-07-25 17:53 - 2013-07-25 17:53 - 00001070 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-07-25 17:51 - 2011-09-17 00:29 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-25 03:05 - 2013-07-25 03:01 - 00000000 ____D C:\windows\system32\MRT
2013-07-24 18:39 - 2013-04-21 19:32 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\Warframe
2013-07-24 17:36 - 2013-07-24 17:36 - 00000000 ___HD C:\windows\msdownld.tmp
2013-07-24 17:36 - 2013-07-24 17:36 - 00000000 ____D C:\windows\SysWOW64\directx
2013-07-24 17:35 - 2013-07-24 17:35 - 00292184 _____ (Microsoft Corporation) C:\Users\MMMathisss\Downloads\dxwebsetup.exe
2013-07-24 17:28 - 2013-07-24 17:28 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\{A8133B90-A0EB-478E-92A3-DC11EC2EFE6F}
2013-07-20 11:43 - 2013-07-20 11:43 - 00000000 _____ C:\windows\SysWOW64\shoAB81.tmp
2013-07-20 11:37 - 2013-07-09 18:17 - 00000000 ____D C:\Users\MMMathisss\Desktop\Hintergründe
2013-07-19 21:55 - 2013-05-23 14:51 - 00000000 ____D C:\Users\MMMathisss\Desktop\Games
2013-07-19 21:06 - 2013-04-21 15:23 - 00000000 ____D C:\Users\MMMathisss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-07-19 19:13 - 2013-07-19 19:13 - 00000000 ____D C:\Users\MMMathisss\Documents\Rockstar Games
2013-07-19 19:12 - 2013-07-19 19:12 - 00000000 __SHD C:\ProgramData\SecuROM
2013-07-19 19:11 - 2013-07-19 19:11 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\Rockstar Games
2013-07-19 19:10 - 2013-07-19 19:10 - 00178800 _____ (Sony DADC Austria AG.) C:\windows\SysWOW64\CmdLineExt_x64.dll
2013-07-19 19:10 - 2013-07-19 19:10 - 00000000 __RHD C:\Users\MMMathisss\AppData\Roaming\SecuROM
2013-07-19 19:10 - 2013-07-19 19:10 - 00000000 ____D C:\windows\SysWOW64\xlive
2013-07-19 19:10 - 2013-07-19 19:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-07-19 19:08 - 2011-09-17 00:15 - 00226251 _____ C:\windows\DirectX.log
2013-07-19 12:50 - 2013-07-19 11:14 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\The Witcher
2013-07-19 11:43 - 2013-07-19 11:14 - 00000000 ____D C:\Users\MMMathisss\Documents\The Witcher
2013-07-19 11:10 - 2013-07-19 11:10 - 00000000 ____D C:\Users\Public\Documents\The Witcher
2013-07-18 08:02 - 2013-07-25 18:24 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-07-18 08:02 - 2013-07-25 18:24 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-07-17 21:22 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2013-07-17 17:39 - 2013-07-17 17:39 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\{ECB5D034-77DB-4566-9CA7-DFA8014A38CD}
2013-07-15 15:46 - 2011-09-16 23:54 - 00497262 _____ C:\windows\DPINST.LOG
2013-07-15 14:25 - 2013-07-15 14:15 - 00000000 ____D C:\Users\MMMathisss\.android
2013-07-15 14:24 - 2013-07-15 14:24 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\{0F314344-8940-4CDE-8C7D-713D036D11F5}
2013-07-15 14:14 - 2013-07-15 14:14 - 00000000 ____D C:\Users\MMMathisss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2013-07-15 14:14 - 2013-07-15 14:14 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\Android
2013-07-15 14:12 - 2013-07-15 14:11 - 87498295 _____ (Google Inc.) C:\Users\MMMathisss\Downloads\installer_r22-windows.exe
2013-07-13 13:55 - 2013-07-13 13:55 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\{9F76D19E-175D-4B63-AE25-0AEDD82A99F4}
2013-07-13 13:25 - 2012-08-31 13:30 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\Spotify
2013-07-13 11:46 - 2013-07-13 11:46 - 00000000 ____D C:\Users\MMMathisss\Documents\Square Enix
2013-07-13 10:54 - 2011-09-17 00:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-13 10:54 - 2011-09-17 00:25 - 00000000 ____D C:\ProgramData\Skype
2013-07-13 10:06 - 2012-02-29 18:48 - 00004120 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-407728501-2777482580-3349739275-1000UA
2013-07-13 10:06 - 2012-02-29 18:48 - 00003724 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-407728501-2777482580-3349739275-1000Core
2013-07-13 09:30 - 2011-10-29 18:40 - 00004114 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 09:30 - 2011-10-29 18:40 - 00003862 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 03:38 - 2009-07-14 06:45 - 05021496 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-13 03:37 - 2013-03-19 04:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 03:37 - 2013-03-19 04:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 03:35 - 2011-09-17 02:25 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 03:35 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 03:35 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 18:53 - 2013-07-10 18:53 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\{E1599DCB-0A60-49E5-B702-08E8A3CC2B73}
2013-07-09 21:20 - 2013-07-09 20:47 - 00081303 _____ C:\Users\MMMathisss\Desktop\PROGRESSIVE.bak
2013-07-09 21:02 - 2013-07-09 20:47 - 00117682 _____ C:\Users\MMMathisss\Desktop\PROGRESSIVE-02.bak
2013-07-09 20:47 - 2013-07-09 20:47 - 00068272 _____ C:\Users\MMMathisss\Desktop\PROGRESSIVE-03.bak
2013-07-09 20:32 - 2013-07-09 20:32 - 00000000 ____D C:\Users\MMMathisss\Desktop\Audio
2013-07-09 18:17 - 2012-06-23 14:27 - 02601472 ___SH C:\Users\MMMathisss\Desktop\Thumbs.db
2013-07-08 20:25 - 2013-07-08 20:25 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\{0DFF2A99-BC45-4E97-B141-2A3D69CD1DB3}
2013-07-08 20:04 - 2013-07-08 16:01 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\Oblivion
2013-07-08 16:45 - 2013-07-08 16:45 - 00003052 _____ C:\windows\System32\Tasks\{8CF076AA-7BD8-4A65-8397-12462DCB3CAA}
2013-07-08 16:17 - 2011-11-21 17:00 - 00000000 ____D C:\Users\MMMathisss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-08 16:03 - 2013-07-08 16:03 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2013-07-08 16:03 - 2011-09-16 23:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-08 16:01 - 2013-07-08 16:01 - 00000000 ____D C:\Users\MMMathisss\Documents\My Games
2013-07-08 16:00 - 2013-07-08 16:00 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\{E6CC9DA3-459A-47D1-B718-D44EBC70AF69}
2013-07-05 16:03 - 2013-07-05 16:03 - 00019325 _____ C:\Users\MMMathisss\Desktop\Politische Dichtung.odt
2013-07-05 15:55 - 2013-07-05 15:55 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\{F13388B3-2486-4915-A430-A0DF181751F6}
2013-07-05 15:44 - 2011-10-27 18:24 - 00019968 _____ C:\Users\MMMATH~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-05 14:51 - 2012-03-08 22:03 - 00000000 ____D C:\Users\MMMATH~1\AppData\Local\Akamai

Files to move or delete:
====================
C:\Users\MMMathisss\jagex_cl_runescape_LIVE.dat
C:\Users\MMMathisss\random.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 03:29

==================== End Of Log ============================

--- --- ---

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-07-2013
Ran by MMMathisss at 2013-07-29 13:51:07
Running from C:\Users\MMMathisss\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
µTorrent (x32 Version: 3.3.0.29420)
4Free Video Converter 2 (x32)
4Front Rhode 1.0 VSTi (x32)
7-Zip 9.20 (x32)
91ÊÖ»úÖúÊÖ for Android (x32 Version: 1.7.15.276)
AccelerometerP11 (x32 Version: 2.00.10.21)
Ace of Spades (x32 Version: 0.75.015)
Adobe Creative Cloud (x32 Version: 2.0.2.189)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Photoshop CS6 (x32 Version: 13.0)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
Advanced Audio FX Engine (x32 Version: 1.12.05)
AION Free-To-Play (x32 Version: 2.70.0000)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17)
AMD APP SDK Runtime (Version: 2.4.595.1)
Android SDK Tools (x32 Version: 1.16)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ASIO4ALL (x32 Version: 2.10)
ATI AVIVO64 Codecs (Version: 11.6.0.10511)
ATI Catalyst Install Manager (Version: 3.0.820.0)
Aufstieg des Hexenkönigs™ (x32)
Avira Free Antivirus (x32 Version: 13.0.0.3884)
AviSynth 2.6 (x32 Version: 2.6.0.2)
AvsP (x32)
Awesomenauts (x32)
Bastion (x32 Version: 1.0.2)
BattleForge™ (x32 Version: 1.0.0.0)
Beat Hazard Ultra (x32)
Bluetooth Win7 Suite (64) (Version: 7.2.0.83)
Bonjour (Version: 3.0.0.10)
BrowseToSave 1.74 (x32)
Canon Easy-PhotoPrint EX (x32)
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (x32)
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (x32)
Canon Easy-PhotoPrint Pro (x32)
Canon MG6100 series Benutzerregistrierung (x32)
Canon MG6100 series MP Drivers
Canon MP Navigator EX 4.0 (x32)
Canon My Printer (x32)
Canon Solution Menu EX (x32)
Castle Crashers (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2011.0511.2322.40127)
Catalyst Control Center InstallProxy (x32 Version: 2011.0511.2322.40127)
Catalyst Control Center Localization All (x32 Version: 2011.0511.2322.40127)
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0511.2322.40127)
CCC Help Chinese Standard (x32 Version: 2011.0511.2321.40127)
CCC Help Chinese Traditional (x32 Version: 2011.0511.2321.40127)
CCC Help Danish (x32 Version: 2011.0511.2321.40127)
CCC Help Dutch (x32 Version: 2011.0511.2321.40127)
CCC Help English (x32 Version: 2011.0511.2321.40127)
CCC Help Finnish (x32 Version: 2011.0511.2321.40127)
CCC Help French (x32 Version: 2011.0511.2321.40127)
CCC Help German (x32 Version: 2011.0511.2321.40127)
CCC Help Italian (x32 Version: 2011.0511.2321.40127)
CCC Help Japanese (x32 Version: 2011.0511.2321.40127)
CCC Help Korean (x32 Version: 2011.0511.2321.40127)
CCC Help Norwegian (x32 Version: 2011.0511.2321.40127)
CCC Help Portuguese (x32 Version: 2011.0511.2321.40127)
CCC Help Russian (x32 Version: 2011.0511.2321.40127)
CCC Help Spanish (x32 Version: 2011.0511.2321.40127)
CCC Help Swedish (x32 Version: 2011.0511.2321.40127)
ccc-utility64 (Version: 2011.0511.2322.40127)
CD-LabelPrint (x32)
Counter-Strike: Source (x32)
Counter-Strike: Source Beta (x32)
Crayon Physics Deluxe version 55 (x32 Version: 55)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3225)
D3DX10 (x32 Version: 15.4.2368.0902)
Dell Backup and Recovery Manager (Version: 1.3)
Dell Edoc Viewer (Version: 1.0.0)
Dell Touchpad (Version: 7.1209.101.204)
Dell Webcam Central (x32 Version: 2.01.17)
Dell WLAN and Bluetooth Client Installation (x32 Version: 9.0)
Die Schlacht um Mittelerde™ II (x32)
DigitalPersona Fingerprint Software 5.20 (Version: 5.20.230)
DirectX 9 Runtime (x32 Version: 1.00.0000)
Dropbox (HKCU Version: 2.0.22)
DVD slideshow GUI 0.9.5.4 (x32 Version: DVD slideshow GUI 0.9.5.4)
DVDStyler v2.3.5 (x32)
DVS Guitar v1.04 (x32)
Dynamite Jack version 1.0.23 (x32 Version: 1.0.23)
EdenEternal-DE (x32)
eLicenser Control (x32)
energyXT2.5 (x32)
EZdrummer (x32 Version: 1.0.4)
EZdrummer Lite Installer (x32 Version: 1.3.1)
EZXCocktail (x32 Version: 1.0)
Finale NotePad 2012 (x32 Version: 2012..r1.1)
Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1)
Free YouTube to MP3 Converter version 3.12.2.430 (x32 Version: 3.12.2.430)
Garry's Mod (x32)
GeoGebra 4 (HKCU)
GIMP 2.6.11 (x32 Version: 2.6.11)
Glary Utilities 2.51.0.1666 (x32 Version: 2.51.0.1666)
Google Chrome (HKCU Version: 28.0.1500.72)
Google Earth (x32 Version: 7.0.3.8542)
Google Update Helper (x32 Version: 1.3.21.153)
Grand Theft Auto IV (x32)
Grand Theft Auto: Episodes from Liberty City (x32)
GUI for dvdauthor 1.07 (x32 Version: 1.07)
Haali Media Splitter (x32)
Half-Life 2 (x32)
Half-Life 2: Lost Coast (x32)
Helix YUV Codecs (remove only) (x32)
Hex-Editor MX (x32 Version: 6.0)
HTC Driver Installer (x32 Version: 3.0.0.007)
HTC Driver Installer (x32 Version: 4.0.0.007)
HTC Sync Manager (x32 Version: 1.1.27.0)
iCloud (Version: 2.1.2.8)
IDT Audio (x32 Version: 1.0.6324.0)
ImgBurn (x32 Version: 2.5.5.0)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3074)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1118)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.0.1008)
IPTInstaller (x32 Version: 4.0.4)
iTunes (Version: 11.0.4.4)
Java Auto Updater (x32 Version: 2.0.7.2)
Java(TM) 6 Update 22 (x32 Version: 6.0.220)
Java(TM) 6 Update 27 (64-bit) (Version: 6.0.270)
Java(TM) 6 Update 39 (x32 Version: 6.0.390)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Just Cause 2 (x32)
Keyboard Driver (x32 Version: 5.1)
KORG KONTROL Editor (x32 Version: 1.30.0003)
KORG M1 Le (x32 Version: 1.0.4)
Land Air Sea Warfare (x32 Version: 2.1)
LEGO Star Wars II (x32 Version: 1.00.0000)
LibreOffice 4.0 Help Pack (German) (x32 Version: 4.0.1.2)
LibreOffice 4.0.4.2 (x32 Version: 4.0.4.2)
LocoRoco 2 - Wave (x32)
Lounge Lizard Session v3.1.4 (x32)
Magnesian by pineAppleFish
Media Player Classic - Home Cinema v1.5.2.3456 (x32 Version: 1.5.2.3456)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE (x32 Version: 3.1.186.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.1.99.0)
Microsoft Midtown Madness 2 Trial (x32)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Muziic Player & Encoder (HKCU)
My Dell (Version: 3.3.6280.92)
MyPhoneExplorer (x32 Version: 1.8.4)
Oblivion (x32 Version: 1.2.0416)
OpenAL (x32)
Organ One v. 2.10 (x32)
Paint.NET v3.5.10 (Version: 3.60.0)
PDF Settings CS6 (x32 Version: 11.0)
Photo SlideShow Maker (x32)
PhotoScape (x32)
PhotoShowExpress (x32 Version: 2.0.063)
Portal 2 (x32)
Portal 2 Publishing Tool (x32)
PowerXpressHybrid (x32 Version: 1.00.0000)
PunkBuster Services (x32 Version: 0.989)
PX Profile Update (x32 Version: 1.00.1.)
Quickset64 (Version: 10.09.20)
Razer Game Booster (x32 Version: 3.5.6.0)
RBVirtualFolder64Inst (Version: 1.00.0000)
Realtek Ethernet Controller Driver (x32 Version: 7.31.1025.2010)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30126)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0)
RockMelt (HKCU Version: 0.16.91.483)
Roller Coaster Mania (x32 Version: 1.00.0000)
rosoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Roxio Activation Module (x32 Version: 1.0)
Roxio BackOnTrack (x32 Version: 1.3.3)
Roxio Burn (x32 Version: 1.8)
Roxio Creator Starter (x32 Version: 1.0.439)
Roxio Creator Starter (x32 Version: 12.1.77.0)
Roxio Creator Starter (x32 Version: 5.0.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Samplitude 11 Silver (x32 Version: 11.0.0.0)
Savings Explorer (x32 Version: 1.26.152.152)
Sawoid (x32 Version: 1.0)
Secret Maryo Chronicles (x32 Version: 1.9)
Serious Sam 2 (x32)
Shred 1.06 (x32)
Skype Click to Call (x32 Version: 5.6.8442)
Skype™ 6.6 (x32 Version: 6.6.106)
Sleeping Dogs™ (x32)
Solar 2 (x32 Version: 1.1.0.0)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)
Sony Ericsson Update Engine (x32 Version: 2.12.7.29)
Sony PC Companion 2.10.115 (x32 Version: 2.10.115)
Spicy Guitar 1.2.0.1 (x32 Version: 1.2.0.1)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
Steam (x32 Version: 1.0.0.0)
Steinberg Cubase Essential 5 (x32 Version: 5.1.2)
Steinberg Cubase LE 5 (x32 Version: 5.1.2)
Steinberg HALionOne (x32 Version: 1.1.0.457)
Steinberg HALionOne Essential Set (x32 Version: 1.0.1.457)
Steinberg HALionOne GM Drum Set (x32 Version: 1.0.1.457)
Steinberg HALionOne GM Set (x32 Version: 1.0.1.457)
Steinberg HALionOne Studio Drum Set (x32 Version: 1.0.1.457)
Steinberg HALionOne Studio Set (x32 Version: 1.0.1.457)
Strum Acoustic Session v1.0.2 (x32)
Super Meat Boy (x32)
Team Fortress 2 (x32)
TeamSpeak 3 Client (x32 Version: 3.0.6)
The Witcher: Enhanced Edition (x32)
Trend Micro Client/Server Security Agent (x32 Version: 3.5.1163)
Ultra Analog Session v1.1.4 (x32)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Validity Sensors DDK (Version: 4.3.108.0)
Virtual DJ - Atomix Productions (x32)
VirtualDJ Home FREE (x32 Version: 7.4)
VirtualDJ PRO Full (x32 Version: 7.3)
VLC media player 2.0.3 (x32 Version: 2.0.3)
Warcraft III Demo (HKCU)
Warframe (x32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)
WWAYM - NWEQ V1.21 (x32)

==================== Restore Points  =========================

25-07-2013 01:00:21 Windows Update
25-07-2013 18:36:47 Removed Trend Micro Client/Server Security Agent.

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {010915C6-1242-45BF-803B-E9CDB9544A5C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-407728501-2777482580-3349739275-1000Core => C:\Users\MMMathisss\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-29] (Google Inc.)
Task: {04B8B7A8-073D-4033-855E-064438C7DB9D} - System32\Tasks\RockMeltUpdateTaskUserS-1-5-21-407728501-2777482580-3349739275-1000UA => C:\Users\MMMathisss\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-11] (Google Inc.)
Task: {13FDC143-8978-49F3-84D4-ABD757B4EAC1} - System32\Tasks\SystemToolsDailyTest => C:\Windows\System32\uaclauncher.exe No File
Task: {1513134D-AB39-4ACE-BFB9-0B329FC4B0DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29] (Google Inc.)
Task: {187D187C-7520-496E-B7A7-FD84CDBA05EF} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe No File
Task: {199FC525-8158-4F2F-809C-457FD68190F0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation)
Task: {20DBEF25-4716-4CF4-A455-140CC63FE972} - System32\Tasks\{9D515993-6F0A-4D78-8DDF-6CB955FAC3F1} => C:\Program Files (x86)\Electronic Arts\Aufstieg des Hexenkönigs\lotrbfme2ep1.exe [2006-10-26] ()
Task: {30E01678-0B83-4E0B-BCB6-EAA23F80C111} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29] (Google Inc.)
Task: {440E0570-B772-4BF4-A0E3-275E7061E4F9} - System32\Tasks\AdobeAAMUpdater-1.0-MMMathisss-PC-MMMathisss => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {513FD5EF-8F9D-4B07-BC86-7ABFE65B811F} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {55D80720-844D-4254-9C2A-851237919060} - System32\Tasks\{81DA5891-8F32-4022-8A95-8FC3F9C09D3D} => c:\program files (x86)\mozilla firefox\firefox.exe [2013-07-06] (Mozilla Corporation)
Task: {63A82199-A2A0-424F-AC4B-B4D7DB922DF1} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe No File
Task: {63FFC5E1-F77E-4AC3-B9E7-2342008F6F33} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {782D0C3B-56E5-46AA-B681-2BF3C922DF61} - System32\Tasks\{E6148CAB-E070-4701-94D1-2BD71574771D} => C:\Program Files (x86)\Electronic Arts\Aufstieg des Hexenkönigs\lotrbfme2ep1.exe [2006-10-26] ()
Task: {82E0EA96-42B3-4CC4-AD73-3650EF35DD42} - System32\Tasks\RockMeltUpdateTaskUserS-1-5-21-407728501-2777482580-3349739275-1000Core => C:\Users\MMMathisss\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-11] (Google Inc.)
Task: {9D522D60-1ADF-46F8-9F24-B9208756991F} - System32\Tasks\Updater21058.exe => C:\Users\MMMathisss\AppData\Local\Updater21058\Updater21058.exe No File
Task: {ABD2359B-713E-444D-B2DB-69CA1905C9A3} - System32\Tasks\{FB5C60E1-DD20-4B15-B18A-94070FD1F99B} => C:\Program Files (x86)\Electronic Arts\Aufstieg des Hexenkönigs\lotrbfme2ep1.exe [2006-10-26] ()
Task: {AF8203DF-FE8F-41BA-93E6-E45E569B9E4A} - System32\Tasks\{B0FB4FEE-FDB8-4D26-A61D-1DE99FC0D516} => C:\Program Files (x86)\Electronic Arts\Aufstieg des Hexenkönigs\lotrbfme2ep1.exe [2006-10-26] ()
Task: {B12F323D-77B8-4186-9CC7-F49424363009} - System32\Tasks\{2E58AFFA-F71B-4A46-A0AF-F931C6B721CC} => C:\Program Files (x86)\Electronic Arts\Aufstieg des Hexenkönigs\lotrbfme2ep1.exe [2006-10-26] ()
Task: {B5A4AED8-FB37-4CA5-809D-1BF340B79DE8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-05-07] (PC-Doctor, Inc.)
Task: {C166614B-C215-40BA-96FF-707984002C00} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {C7ACBE61-7058-465C-A31F-8560C5535447} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-07-18] (PC-Doctor, Inc.)
Task: {C877F507-CA14-4E8D-8FBA-0432F1CCB7EE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-407728501-2777482580-3349739275-1000UA => C:\Users\MMMathisss\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-29] (Google Inc.)
Task: {D2BAC1B8-16F2-4D7B-BE36-741018F946CB} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2012-12-07] (Glarysoft Ltd)
Task: {DA707417-07DB-4B38-A536-99EC475FC8B4} - System32\Tasks\{CB6070E2-457F-417C-9790-741BBEA1E7EC} => C:\Program Files (x86)\Electronic Arts\Aufstieg des Hexenkönigs\lotrbfme2ep1.exe [2006-10-26] ()
Task: {F167FAAD-7DA1-4332-9E87-1E5407224A66} - System32\Tasks\{6977BD1F-F6BA-4EFE-B438-A3D2A0AE4F72} => c:\program files (x86)\mozilla firefox\firefox.exe [2013-07-06] (Mozilla Corporation)
Task: {F1B5541B-3264-4142-B113-43083268612E} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe [2012-11-13] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-407728501-2777482580-3349739275-1000Core.job => C:\Users\MMMathisss\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-407728501-2777482580-3349739275-1000UA.job => C:\Users\MMMathisss\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-407728501-2777482580-3349739275-1000Core.job => C:\Users\MMMathisss\AppData\Local\RockMelt\Update\RockMeltUpdate.exe
Task: C:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-407728501-2777482580-3349739275-1000UA.job => C:\Users\MMMathisss\AppData\Local\RockMelt\Update\RockMeltUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1702 Bluetooth v3.0+HS
Description: Dell Wireless 1702 Bluetooth v3.0+HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2013 01:43:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2013 01:34:40 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (07/29/2013 01:34:40 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (07/29/2013 01:34:40 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (07/29/2013 01:33:57 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (07/29/2013 01:33:49 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (07/29/2013 01:33:49 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (07/29/2013 01:33:49 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (07/29/2013 01:31:29 PM) (Source: Google Update) (User: MMMathisss-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://us-w1.rockmelt.com/update/1.0/update
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0

Error: (07/29/2013 01:31:20 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.


System errors:
=============
Error: (07/29/2013 01:45:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/29/2013 01:45:08 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (07/29/2013 01:44:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Biometriedienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/29/2013 01:44:00 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Biometriedienst erreicht.

Error: (07/29/2013 01:40:27 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (07/28/2013 00:42:13 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (07/28/2013 11:57:45 AM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/26/2013 09:17:04 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (07/26/2013 05:23:30 PM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/25/2013 10:37:30 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (07/29/2013 01:43:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2013 01:34:40 PM) (Source: ATIeRecord)(User: )
Description: 

Error: (07/29/2013 01:34:40 PM) (Source: ATIeRecord)(User: )
Description: 

Error: (07/29/2013 01:34:40 PM) (Source: ATIeRecord)(User: )
Description: 

Error: (07/29/2013 01:33:57 PM) (Source: ATIeRecord)(User: )
Description: 

Error: (07/29/2013 01:33:49 PM) (Source: ATIeRecord)(User: )
Description: 

Error: (07/29/2013 01:33:49 PM) (Source: ATIeRecord)(User: )
Description: 

Error: (07/29/2013 01:33:49 PM) (Source: ATIeRecord)(User: )
Description: 

Error: (07/29/2013 01:31:29 PM) (Source: Google Update)(User: MMMathisss-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://us-w1.rockmelt.com/update/1.0/update
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0

Error: (07/29/2013 01:31:20 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.


==================== Memory info =========================== 

Percentage of memory in use: 56%
Total physical RAM: 4003.18 MB
Available physical RAM: 1725.75 MB
Total Pagefile: 8004.54 MB
Available Pagefile: 5297.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:118.86 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A919435D)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================

MMMathisss · 30.07.2013, 14:15

Leider bin ich, nachdem ja jetzt Ferien sind, nicht regelmäßig zuhause. Verzeih mir bitte, falls ich nicht immer gleich antworte

Gruß,
Mathis

Aneri · 01.08.2013, 18:54

MAcht nix, ich hab auch grad Stress. Ich werde dir morgen einen Fix posten

Aneri · 02.08.2013, 23:05

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb185?a=6Oz0QEMZIk&i=26
SearchScopes: HKCU - {036100C0-A8DF-419B-A2DF-C52E7D92EA29} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=23761D64-DAE2-40DF-9553-C6DE6CB84430&apn_sauid=FB934B90-7720-437A-BA4F-4929D54022EC
AppInit_DLLs-x32: c:\progra~2\browse~2\sprote~1.dll [1050112 2013-01-24] ()

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus. Es wird nur eine FRST.txt erzeugt. Poste mir diese.

Mach das System noch Probleme? Taucht MyStart by Incredibar noch auf (prüfe alle Browser)

Aneri · 06.08.2013, 18:43

Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

Aneri · 08.08.2013, 12:45

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

01.08.2013, 18:54	#6
Aneri /// Malwareteam	MyStart by Incredibar bei Mozilla Firefox entfernen MAcht nix, ich hab auch grad Stress. Ich werde dir morgen einen Fix posten __________________ --> MyStart by Incredibar bei Mozilla Firefox entfernen

MyStart by Incredibar bei Mozilla Firefox entfernen

Log-Analyse und Auswertung: MyStart by Incredibar bei Mozilla Firefox entfernen