|
Log-Analyse und Auswertung: Echtheit der Windowskopie wurde noch nicht bestätig. Bei jedem Neustart: AVIRA Desktop ist nicht aktiviert?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.04.2014, 13:42 | #1 |
| Echtheit der Windowskopie wurde noch nicht bestätig. Bei jedem Neustart: AVIRA Desktop ist nicht aktiviert? Ihr habt mir sehr dabei geholfen, diese Webs Searches Suchmaschine in meinem Browser zu entfernen kam bei jedem Neustart in jedem Browser von mir - ich war echt verzweifelt Nun mein neues Anliegen: Ich hoffe sehr man kann mir dabei ebenso helfen? Bei jedem Neustart, erscheint im Wartungscenter - 1 wichtige Medlung. AVIRA Desktop ist nicht aktiviert. Bitte hier klicken um AVIRA Desktop zu aktivieren. Klicken Sie bitte hier, um Anti Spyware und Viren Programme die auf diesem Computer installiert sind zu öffnen, oder so ähnlich...! Wie bekomme ich dies weg, sprich, so das AVIRA Desktop immer aktiviert ist und ich es nicht bei jedem Neustart aktivieren muss? Die Echtheit dieser Windows 7 Version Build 7601 wurde noch nicht bestätigt? Diese Anzeige kommt öfters, rechts unten auf meinem Dektop. Allerdings gehe ich dann auf Computer rechtsklick "Eigenschaften" und nach ein paar wenigen Sekunden ist mein Windows aktiviert. Wenn ich dies allerdings nicht mache, dann kommt nach ein paar Stunden: Möglicherweise sind Sie Opfer einer Softwarefälschung geworden! Habe meinen Laptop mit OTL by Oldtimer gescannt. Was ich hier bei euch im Forum bei selben Thema gesehen habe: Hier die Datei:OTL Logfile: Code:
ATTFilter OTL logfile created on: 4/5/2014 9:00:41 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16521) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.61 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 59.13% Memory free 7.21 Gb Paging File | 5.40 Gb Available in Paging File | 74.88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 273.09 Gb Total Space | 233.18 Gb Free Space | 85.39% Space Free | Partition Type: NTFS Computer Name: xxxxx | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Administrator\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe () PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus) PRC - C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll () MOD - C:\Users\ADMINI~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\af02d03484578dbc357d1df8d1b6fd01\PresentationFramework-SystemData.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\7e73e63cf4b8efdf41900b9576489e61\System.Data.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll () ========== Services (SafeList) ========== SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV - (RealPlayer Cloud Service) -- C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.) SRV - (Avira.OE.ServiceHost) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (RealPlayerUpdateSvc) -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe () SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations) SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe () SRV - (NeroMediaHomeService.4) -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software) DRV:64bit: - (ANDNetModem) -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys (LG Electronics Inc.) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ewusbmbb) -- C:\Windows\SysNative\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ATKWMIACPIIO_) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=3.7&ts=1374634172867&tguid=46364-3869-1374634172867-AF5EE1D3DAC05E13876E7DD261871157&q={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4265152870-3533527588-3141693544-1021\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-4265152870-3533527588-3141693544-1021\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-4265152870-3533527588-3141693544-1021\..\URLSearchHook: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No CLSID value found IE - HKU\S-1-5-21-4265152870-3533527588-3141693544-1021\..\URLSearchHook: {93a3111f-4f74-4ed8-895e-d9708497629e} - No CLSID value found IE - HKU\S-1-5-21-4265152870-3533527588-3141693544-1021\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4265152870-3533527588-3141693544-1021\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASUT_deDE472 IE - HKU\S-1-5-21-4265152870-3533527588-3141693544-1021\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4265152870-3533527588-3141693544-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKU\S-1-5-21-4265152870-3533527588-3141693544-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE - HKU\S-1-5-21-4265152870-3533527588-3141693544-500\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4265152870-3533527588-3141693544-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASUT_deDE472 IE - HKU\S-1-5-21-4265152870-3533527588-3141693544-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4265152870-3533527588-3141693544-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3m FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.6.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.6: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.6: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.6: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.6.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{8E8D8D12-A43B-4289-994D-DF2C7C0EF736}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/04/03 17:55:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/04/03 17:55:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/04/03 17:54:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2014/04/03 19:11:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions [2014/04/04 16:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\maupgsf2.default-1396603073950\extensions [2014/04/04 16:52:25 | 000,060,307 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\maupgsf2.default-1396603073950\extensions\translator@zoli.bod.xpi [2014/04/04 11:19:01 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\maupgsf2.default-1396603073950\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014/04/03 19:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2014/04/03 19:11:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2014/04/03 17:54:17 | 000,148,040 | ---- | M] (RealPlayer Cloud) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEnco ding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google :cursorPosition}{google:currentPageUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: https://www.google.de/ CHR - plugin: Widevine Content Decryption Module (Disabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll CHR - plugin: DivX VOD Helper Plug-in (Disabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Disabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll CHR - plugin: Java Deployment Toolkit 7.0.510.13 (Disabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll CHR - plugin: Java(TM) Platform SE 7 U51 (Disabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Gaaiho Doc (Disabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RealPlayer Video Downloader (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll CHR - plugin: RealPlayer Video Downloader for HTML5 (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll CHR - plugin: RealPlayer Video Downloader for PepperFlash (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll CHR - Extension: Angry Birds = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_1\ CHR - Extension: Google Docs = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Adblock Plus = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\ CHR - Extension: Google-Suche = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google+ = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0\ CHR - Extension: Jewel Quest Deluxe Spiel = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa\1.0.28.0_0\ CHR - Extension: Black & white Thema = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmohofkmppcgglcmlccpbokkkefigipi\3_0\ CHR - Extension: AdBlock = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.25_0\ CHR - Extension: Google Wallet = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: Downhill Jam = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjegjjfdamcmjikplaghiloojkpmdfm\2.3.1_0\ CHR - Extension: Deutsch Englisch Übersetzer = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcknciadhimdlbjjfndidcgnhokfbgnd\1.0.1_0\ CHR - Extension: Google Mail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found. O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-4265152870-3533527588-3141693544-1021\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-4265152870-3533527588-3141693544-1021\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found. O3 - HKU\S-1-5-21-4265152870-3533527588-3141693544-1021\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O3 - HKU\S-1-5-21-4265152870-3533527588-3141693544-1021\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found. O3 - HKU\S-1-5-21-4265152870-3533527588-3141693544-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-4265152870-3533527588-3141693544-500\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-21-4265152870-3533527588-3141693544-1021..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-4265152870-3533527588-3141693544-1021..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\S-1-5-21-4265152870-3533527588-3141693544-1021..\Run: [PC Speed Maximizer] C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe File not found O4 - HKU\S-1-5-21-4265152870-3533527588-3141693544-1021..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-4265152870-3533527588-3141693544-1021..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-4265152870-3533527588-3141693544-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4265152870-3533527588-3141693544-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKU\S-1-5-21-4265152870-3533527588-3141693544-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4265152870-3533527588-3141693544-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F0FA63D-38E4-4D4F-959E-735181C4BA4C}: DhcpNameServer = 192.168.0.1 192.168.0.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F950002-5629-4F67-BFCF-3033207A1805}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74C377C0-22BB-4DEA-87C6-49AE3E51E156}: DhcpNameServer = 192.168.0.1 192.168.0.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{791BE36F-A75C-45D9-9D2F-58CA6C7D5519}: NameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DF2222B-99A3-4087-8BC7-900F1C92FA0B}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6B89C19-699B-4A2D-88B7-EEBB0AAF1E08}: NameServer = 193.189.244.206 193.189.244.225 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\tmbp - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\tmbp - No CLSID value found O20 - AppInit_DLLs: (c:\progra~3\browse~2\261339~1.144\{c16c1~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5f1f7a8f-2f13-11e1-b04b-d0df9a89891a}\Shell - "" = AutoRun O33 - MountPoints2\{5f1f7a8f-2f13-11e1-b04b-d0df9a89891a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{7f07c70f-1f57-11e2-968f-d0df9a89891a}\Shell - "" = AutoRun O33 - MountPoints2\{7f07c70f-1f57-11e2-968f-d0df9a89891a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *SBBD.exe /d \Device\HarddiskVolume2\Program Files (x86)\Ad-Aware Antivirus\Definitions) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014/04/05 08:16:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014/04/03 21:29:15 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2014/04/03 21:28:55 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2014/04/03 21:28:55 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2014/04/03 21:28:55 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2014/04/03 21:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2014/04/03 20:07:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2014/04/03 19:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2014/04/03 17:55:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\RealNetworks [2014/04/03 17:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks [2014/04/03 17:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks [2014/04/03 17:54:37 | 000,201,800 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2014/04/03 17:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2014/04/03 17:54:07 | 000,278,600 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2014/04/03 17:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real [2014/04/03 17:53:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Real [2014/04/03 17:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2014/04/03 17:37:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\DDMSettings [2014/04/03 17:34:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DivX [2014/04/03 17:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX [2014/04/03 17:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2014/04/03 17:34:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2014/04/03 17:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2014/04/03 17:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2014/04/03 17:31:54 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2014/04/03 17:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2014/04/03 17:31:37 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2014/04/03 17:31:37 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2014/04/03 17:31:37 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2014/04/02 19:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle [2014/04/02 19:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2014/04/02 19:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2014/04/02 19:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2014/04/02 18:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2014/03/31 13:19:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\ViberDownloads [2014/03/31 05:17:58 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Google Drive [2014/03/31 05:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2014/03/30 14:13:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ViberPC [2014/03/30 14:12:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Viber [2014/03/26 06:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2014/03/26 06:20:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2014/03/25 21:19:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\LG Electronics [2014/03/25 20:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite [2014/03/25 20:56:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\LG Electronics [2014/03/25 20:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics [2014/03/25 06:50:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Fotos [2014/03/25 06:23:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Musik [2014/03/23 21:20:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2014/03/23 11:54:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Raptr [2014/03/23 11:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raptr [2014/03/23 10:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3 [2014/03/22 13:01:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Windows Live Writer [2014/03/22 13:01:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Windows Live Writer [2014/03/22 11:35:05 | 000,056,448 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\usbfilter.sys [2014/03/22 11:34:44 | 000,082,560 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amd_sata.sys [2014/03/22 11:34:44 | 000,042,624 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amd_xata.sys [2014/03/22 11:28:38 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll [2014/03/22 10:52:21 | 002,103,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll [2014/03/22 10:52:17 | 002,809,048 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2014/03/22 10:52:17 | 001,662,024 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2014/03/22 10:52:15 | 002,586,328 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2014/03/22 10:52:15 | 001,005,784 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2014/03/22 10:52:14 | 000,617,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtDataProc64.dll [2014/03/22 10:52:13 | 001,284,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2014/03/22 10:52:12 | 032,861,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat [2014/03/22 10:52:12 | 000,148,184 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll [2014/03/22 10:52:09 | 000,662,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2014/03/22 10:52:05 | 014,048,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll [2014/03/22 10:52:04 | 002,032,896 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll [2014/03/22 10:52:04 | 001,916,672 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll [2014/03/22 10:52:03 | 000,922,880 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2014/03/22 10:52:03 | 000,663,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2014/03/22 10:51:58 | 002,743,328 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2014/03/22 10:51:55 | 000,208,072 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2014/03/22 10:51:55 | 000,113,576 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll [2014/03/22 10:51:48 | 002,080,472 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2014/03/22 10:30:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Akamai [2014/03/20 20:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2014/03/20 19:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virage Logic, Corp [2014/03/20 08:14:40 | 000,000,000 | ---D | C] -- C:\668f41361c020bd72dbd7654c5c8b3 [2014/03/20 08:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation [2014/03/20 08:03:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Atheros [2014/03/20 08:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Qualcomm Atheros [2014/03/20 08:02:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros [2014/03/20 08:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bluetooth Suite [2014/03/20 07:51:37 | 009,888,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsUStoricon.dll [2014/03/20 07:51:37 | 000,250,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys [2014/03/20 07:30:36 | 000,099,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll [2014/03/19 21:35:41 | 000,000,000 | ---D | C] -- C:\wd [2014/03/18 09:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\P4G [2014/03/18 09:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\P4G [2014/03/17 22:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2014/03/17 22:19:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2014/03/17 22:18:49 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2014/03/17 22:18:48 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2014/03/17 22:18:48 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2014/03/17 22:18:48 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2014/03/17 22:18:48 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2014/03/17 22:18:48 | 000,180,048 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFProc64.dll [2014/03/17 22:18:48 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2014/03/17 22:18:48 | 000,086,352 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFComm64.dll [2014/03/17 22:18:48 | 000,083,792 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFSAPO64.dll [2014/03/17 22:18:48 | 000,082,768 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFHAPO64.dll [2014/03/17 22:18:48 | 000,082,768 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFDAPO64.dll [2014/03/17 22:18:48 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2014/03/17 22:18:48 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2014/03/17 22:18:48 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2014/03/17 22:18:47 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2014/03/17 22:18:47 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2014/03/17 22:18:47 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll [2014/03/17 22:18:46 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2014/03/17 22:18:46 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2014/03/17 22:18:46 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2014/03/17 22:18:46 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2014/03/17 22:18:46 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2014/03/17 22:18:46 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2014/03/17 22:18:44 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2014/03/17 22:18:44 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2014/03/17 22:18:44 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2014/03/17 22:18:41 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2014/03/17 22:18:41 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2014/03/17 22:18:40 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2014/03/17 22:18:40 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2014/03/17 22:18:40 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2014/03/17 22:18:40 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2014/03/17 22:18:40 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2014/03/17 22:18:40 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2014/03/17 22:18:40 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2014/03/17 22:18:40 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2014/03/17 22:18:40 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2014/03/17 22:18:39 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2014/03/15 19:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2014/03/15 19:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2014/03/15 19:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center [2014/03/15 19:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2014/03/15 19:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\AMD [2014/03/15 19:06:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\library_dir [2014/03/14 21:46:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Nero [2014/03/14 21:46:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Nero [2014/03/14 21:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2014/03/14 21:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2014/03/14 21:42:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2014/03/14 21:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2014/03/14 08:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\n-tv plus [2014/03/14 08:34:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\n-tv [2014/03/13 23:28:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\maxdome - Online Videothek [2014/03/13 07:33:56 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll [2014/03/13 07:33:56 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll [2014/03/13 07:33:50 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014/03/13 07:33:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014/03/13 07:33:48 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014/03/13 07:33:44 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014/03/13 07:33:44 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014/03/13 07:33:44 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014/03/13 07:33:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014/03/13 07:33:43 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014/03/13 07:33:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014/03/13 07:33:42 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014/03/13 07:33:40 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014/03/13 07:33:39 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014/03/13 07:33:38 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014/03/13 07:33:37 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014/03/13 07:33:36 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2014/03/13 07:33:36 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014/03/13 07:33:36 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014/03/13 07:33:35 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014/03/13 07:33:33 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014/03/13 07:33:32 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014/03/13 07:33:32 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014/03/13 07:33:31 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014/03/13 07:33:30 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014/03/13 07:33:29 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2014/03/13 07:32:58 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll [2014/03/13 07:32:58 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll [2014/03/13 07:32:45 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2014/03/11 14:57:34 | 000,084,720 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2014/03/10 08:57:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Zeon [2014/03/09 14:26:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Avira [2014/03/09 14:23:52 | 000,131,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2014/03/09 14:23:52 | 000,108,440 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2014/03/09 14:23:52 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2014/03/09 14:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2014/03/09 14:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2014/03/09 14:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2014/03/09 14:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2014/03/09 08:59:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia [1 C:\Users\Administrator\AppData\Local\*.tmp files -> C:\Users\Administrator\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/04/05 09:10:14 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/04/05 09:10:14 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/04/05 09:07:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/04/05 08:31:51 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/04/05 08:25:11 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/04/05 08:24:43 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2014/04/05 08:24:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/04/04 19:57:03 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat [2014/04/04 17:33:23 | 001,657,864 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014/04/04 17:33:23 | 000,713,370 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014/04/04 17:33:23 | 000,668,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014/04/04 17:33:23 | 000,154,416 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014/04/04 17:33:23 | 000,126,978 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014/04/04 16:11:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4265152870-3533527588-3141693544-1001UA.job [2014/04/04 14:01:52 | 000,444,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014/04/03 22:11:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4265152870-3533527588-3141693544-1001Core.job [2014/04/03 21:28:29 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2014/04/03 21:28:27 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2014/04/03 21:28:27 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2014/04/03 21:28:27 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2014/04/03 20:14:08 | 000,001,731 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2014/04/03 20:12:49 | 000,002,245 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2014/04/03 17:54:37 | 000,201,800 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2014/04/03 17:54:07 | 000,278,600 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2014/04/03 17:31:26 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2014/04/03 17:31:25 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2014/04/03 17:31:25 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2014/04/03 17:31:25 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2014/04/03 15:46:56 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2014/03/31 13:23:18 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk [2014/03/31 05:17:59 | 000,001,725 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Drive.lnk [2014/03/31 05:11:55 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk [2014/03/31 05:11:55 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk [2014/03/31 05:11:55 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk [2014/03/27 15:48:38 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini [2014/03/25 21:17:45 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\LG PC Suite.lnk [2014/03/24 06:12:15 | 000,007,600 | ---- | M] () -- C:\Users\Administrator\AppData\Local\resmon.resmoncfg [2014/03/23 21:27:16 | 001,632,144 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014/03/23 10:38:04 | 022,249,837 | ---- | M] () -- C:\Program Files (x86)\LifeFrame3_Win7_32_Win7_64_z300021.zip [2014/03/23 10:35:30 | 020,754,387 | ---- | M] () -- C:\Program Files (x86)\LifeFrame3_WIN7_32_WIN7_64_300020.zip [2014/03/23 10:17:42 | 005,295,280 | ---- | M] () -- C:\Program Files (x86)\Asmedia_USB3_Win7_VER11430.zip [2014/03/22 11:28:38 | 000,016,896 | ---- | M] (ASUS) -- C:\Windows\AsTaskSched.dll [2014/03/22 11:24:10 | 860,369,178 | ---- | M] () -- C:\Program Files (x86)\AMD_Chipset_Win7_VER808770.zip [2014/03/22 11:05:26 | 003,163,856 | ---- | M] () -- C:\Program Files (x86)\M5A97-EVO2-ASUS-M51BC-0405.zip [2014/03/22 11:04:19 | 003,163,735 | ---- | M] () -- C:\Program Files (x86)\M5A97-EVO2-ASUS-M51BC-0502.zip [2014/03/22 10:51:34 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini [2014/03/22 10:50:06 | 239,497,815 | ---- | M] () -- C:\Program Files (x86)\Realtek_Audio_Win7_8-1_VER6017035.zip [2014/03/20 19:55:41 | 000,079,859 | ---- | M] () -- C:\Windows\AsCD_Item_19.jpg [2014/03/20 19:54:49 | 000,085,414 | ---- | M] () -- C:\Windows\AsCD_Item_2.jpg [2014/03/20 19:16:10 | 000,000,105 | ---- | M] () -- C:\Windows\SysNative\FastBoot.ini [2014/03/20 08:03:55 | 000,246,804 | ---- | M] () -- C:\Windows\SysNative\drivers\AtherosBt.bin [2014/03/20 08:03:55 | 000,001,242 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x01.dfu [2014/03/20 08:03:55 | 000,001,204 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x02.dfu [2014/03/20 08:03:55 | 000,001,204 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40.dfu [2014/03/20 08:03:55 | 000,001,198 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_26.dfu [2014/03/19 21:57:34 | 000,103,893 | ---- | M] () -- C:\Windows\AsCD_Item_20.jpg [2014/03/19 21:53:23 | 000,087,831 | ---- | M] () -- C:\Windows\AsCD_Item_15.jpg [2014/03/18 23:31:51 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\SmartLogon-Manager.lnk [2014/03/18 10:16:40 | 000,109,261 | ---- | M] () -- C:\Windows\AsCD_Item_26.jpg [2014/03/18 10:14:09 | 000,000,716 | ---- | M] () -- C:\Users\Public\Desktop\eManual.Lnk [2014/03/18 10:08:17 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Splendid Utility.Lnk [2014/03/16 21:29:16 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2014/03/14 21:43:03 | 000,002,361 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHome 4.lnk [2014/03/12 11:07:33 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014/03/12 11:07:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014/03/11 14:56:42 | 000,084,720 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2014/03/09 14:10:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2014/03/09 10:30:37 | 000,000,000 | ---- | M] () -- C:\vcredist.bmp [2014/03/06 23:14:24 | 000,000,080 | ---- | M] () -- C:\Windows\SysNative\Defrag.ini [1 C:\Users\Administrator\AppData\Local\*.tmp files -> C:\Users\Administrator\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/04/04 19:57:03 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat [2014/04/04 14:01:26 | 000,444,400 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014/04/03 19:11:27 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2014/03/31 13:23:18 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk [2014/03/31 05:17:59 | 000,001,725 | ---- | C] () -- C:\Users\Administrator\Desktop\Google Drive.lnk [2014/03/31 05:11:55 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\Google Slides.lnk [2014/03/31 05:11:55 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Google Sheets.lnk [2014/03/31 05:11:55 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\Google Docs.lnk [2014/03/25 21:17:45 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\LG PC Suite.lnk [2014/03/24 06:02:32 | 000,007,600 | ---- | C] () -- C:\Users\Administrator\AppData\Local\resmon.resmoncfg [2014/03/23 10:37:44 | 022,249,837 | ---- | C] () -- C:\Program Files (x86)\LifeFrame3_Win7_32_Win7_64_z300021.zip [2014/03/23 10:35:12 | 020,754,387 | ---- | C] () -- C:\Program Files (x86)\LifeFrame3_WIN7_32_WIN7_64_300020.zip [2014/03/23 10:17:36 | 005,295,280 | ---- | C] () -- C:\Program Files (x86)\Asmedia_USB3_Win7_VER11430.zip [2014/03/22 11:12:04 | 860,369,178 | ---- | C] () -- C:\Program Files (x86)\AMD_Chipset_Win7_VER808770.zip [2014/03/22 11:05:22 | 003,163,856 | ---- | C] () -- C:\Program Files (x86)\M5A97-EVO2-ASUS-M51BC-0405.zip [2014/03/22 11:04:15 | 003,163,735 | ---- | C] () -- C:\Program Files (x86)\M5A97-EVO2-ASUS-M51BC-0502.zip [2014/03/22 10:52:13 | 000,643,329 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2014/03/22 10:51:34 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2014/03/22 10:46:47 | 239,497,815 | ---- | C] () -- C:\Program Files (x86)\Realtek_Audio_Win7_8-1_VER6017035.zip [2014/03/20 20:19:05 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/03/20 20:19:03 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/03/20 19:54:49 | 000,085,414 | ---- | C] () -- C:\Windows\AsCD_Item_2.jpg [2014/03/18 23:31:51 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\SmartLogon-Manager.lnk [2014/03/18 22:58:44 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2014/03/18 10:16:40 | 000,109,261 | ---- | C] () -- C:\Windows\AsCD_Item_26.jpg [2014/03/18 10:14:09 | 000,000,716 | ---- | C] () -- C:\Users\Public\Desktop\eManual.Lnk [2014/03/18 10:13:27 | 000,103,893 | ---- | C] () -- C:\Windows\AsCD_Item_20.jpg [2014/03/18 10:12:27 | 000,079,859 | ---- | C] () -- C:\Windows\AsCD_Item_19.jpg [2014/03/18 10:08:17 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Splendid Utility.Lnk [2014/03/18 10:07:49 | 000,087,831 | ---- | C] () -- C:\Windows\AsCD_Item_15.jpg [2014/03/16 21:29:16 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2014/03/14 21:43:03 | 000,002,361 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHome 4.lnk [2014/03/09 10:30:37 | 000,000,000 | ---- | C] () -- C:\vcredist.bmp [2013/12/06 17:44:26 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2013/07/19 19:40:39 | 000,217,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013/06/14 19:56:26 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2013/03/29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013/03/29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013/02/08 16:50:26 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe [2013/02/08 16:50:24 | 000,000,408 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\sp_data.sys [2013/02/05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2013/02/05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2013/02/05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2013/02/05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012/12/15 10:15:07 | 001,632,144 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/09/28 03:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/09/28 03:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/07/13 15:07:57 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2012/07/13 15:07:57 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2012/07/12 06:42:51 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012/06/29 10:52:10 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2012/05/30 20:02:33 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012/01/02 16:36:15 | 000,000,081 | -HS- | C] () -- C:\ProgramData\.zreglib ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/07/12 05:50:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ASUS WebStorage [2014/03/25 21:19:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LG Electronics [2014/03/15 19:06:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\library_dir [2013/08/24 14:39:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice [2013/08/07 09:42:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org [2014/03/23 12:19:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Raptr [2014/04/03 15:48:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ViberPC [2014/03/22 13:01:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Windows Live Writer [2014/03/14 16:00:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Zeon ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 355 bytes -> C:\ProgramData\Temp:9A870F8B @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:981884E7 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:07BF512B @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:3AE22B1A @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp20FFA63 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:81F83028 < End of report > Ich weiß nun nicht, ob euch dies reicht, um mir zu helfen? Aber diese Meldung ist echt nervig. Ich habe ein ASUS Notebook K53U Series. Da war Windows 7 Home Premium schon drauf. Es ist ca 2 Jahre alt. Ich kame auf euch, weil ihr mir echt mit einem anderen Thema (nur durch hier lesen, sehr geholfen habt LG Tatti Jana Alt Gestern, 10:06 #2 Darklord666 die Echtheit dieser Windows 7 Version Build 7601 wurde noch nicht bestätigt? Möglicherweise sind Sie Opfer einer Softwarefälschung! - Standard AW: die Echtheit dieser Windows 7 Version Build 7601 wurde noch nicht bestätigt? Möglicherweise sind Sie Opfer einer Softwarefälschung! Bzgl. des Hinweise auf eine Raubkopie sehe ich 2 Möglichkeiten: 1. Es ist eine Raubkopie. 2. Das Windows wurde noch nie richtig aktiviert und ein anderer hat dessen Raubkopie mit deinem Aktvierungsschlüssel aktiviert. Das ist das eine. Ich bin im Auslesen von Logs nicht so versiert wie z.B. die Helfer aus dem Kompetenzteam hier aber die Einträge unter Zero-Access-Check deuten auf einen üblen Virenbefall hin. Du solltest dein Anliegen evtl. nochmal in dem Thread "Log-Analyse und Auswertung" posten. __________________ Ungelesen Gestern, 16:19 #3 Alois S die Echtheit dieser Windows 7 Version Build 7601 wurde noch nicht bestätigt? Möglicherweise sind Sie Opfer einer Softwarefälschung! - Standard AW: die Echtheit dieser Windows 7 Version Build 7601 wurde noch nicht bestätigt? Möglicherweise sind Sie Opfer einer Softwarefälschung! Hallo, auch ich weise auf Möglichkeit Nummer 3 hin, dass so etwas nämlich grundsätzlich auch bei einem zerschossenen Betriebssystem vorkommt - Poste daher bitte dein Problem hier: http://www.trojaner-board.de/newthre...=newthread&f=8 (wie ich gesehen habe, hast du mittlerweile eine Zusatzfrage Frage gestellt, wodurch wir aber kaum vorankommen dürften.....) Liebe Grüße, Alois Hallo -> ich will euch nicht nerven oder so und hoffe sehr, ich habe es hier nun an richtiger Stelle gepostet?! Dazu möchte ich sagen, mein Windows ist ganz sicher keine Raubkopie. Mein ASUS K53U Series Laptop habe ich von meiner Mama vor 2 Jahren zu Weihnachten geschenkt bekommen. Sie hat den Laptop so fertig mit Windows7 Home Premium, im REAL Markt gekauft. Dann kam ja von Windows diese Meldung, dass ich evtl einer Softwarefälschung zum Opfer gefallen bin. Da ich es eben mal nicht wieder neu aktiviert habe (musste ich bis vor ein paar Wochen ja auch nicht). Ich sollte irgend einem Link von Microsoft folgen und etwas runter laden (hxxp://www.microsoft.com/genuine/validate/ValidationResult.aspx?displaylang=de&Error=52&OSV=6.1.7601.2.00010300.1.0.003.09.1031&GenuineInfo=00000000&ls=0&PageName=validate). Diesen Link habe ich nun in meiner Lesezeichensymbolleiste in firefox und Chrome abgespeichert. Wenn ich auf dieses Lesezeichen klicke, geschieht eine "Gültigkeitsprüfung für Windows wird durchgeführt" "Bitte verlassen Sie diese Seite nicht, der Vorgang kann einige Minuten dauern" Wenn diese Prüfung beendet ist, kommt von Windows, da ich die original Software auf meinem PC habe, bekomme ich ein Kostenloses Abo von Security Essential! Mir macht nun noch viel mehr Sorgen, diese Aussage: "Ich bin im Auslesen von Logs nicht so versiert wie z.B. die Helfer aus dem Kompetenzteam hier aber die Einträge unter Zero-Access-Check deuten auf einen üblen Virenbefall hin. Du solltest dein Anliegen evtl. nochmal in dem Thread "Log-Analyse und Auswertung" posten." Ich hoffe sehr, ich habe keinen üblen Virenbefall?! Das mit meinem Laptop was nicht stimmt, bemerke ich schon lange. Ich habe ihn so gut es geht sauber und leer gemacht. Aber nun kommt eben ständig das mit Windows und das mit AVIRA Desktop. Diese Meldungen habe gemeinsam begonnen, nach dem ich mal wieder irgend ein Reinigungsprogramm durchlaufen lassen habe. Vielen lieben Dank für eure rasche Antwort! Tatti Jana |
06.04.2014, 14:29 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | Echtheit der Windowskopie wurde noch nicht bestätig. Bei jedem Neustart: AVIRA Desktop ist nicht aktiviert?Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweise: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Das dauert dann zwar ein paar Stunden länger, garantiert aber, dass Du kompetente Hilfe und geprüfte Antworten bekommst. Siehe hier... Ich bedanke mich für Deine Geduld! Schritt 1 (Scan mit FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
08.04.2014, 14:02 | #3 |
| Echtheit der Windowskopie wurde noch nicht bestätig. Bei jedem Neustart: AVIRA Desktop ist nicht aktiviert? Entschuldigung Jürgen. Habe ich evtl irgendwas falsch gemacht oder hattest du einfach noch keine Zeit?
__________________Weil ich finde hier auch nirgends meine Logfiles die ich dir als Antwort gepostet habe! |
08.04.2014, 14:19 | #4 |
/// TB-Ausbilder /// Anleitungs-Guru | Echtheit der Windowskopie wurde noch nicht bestätig. Bei jedem Neustart: AVIRA Desktop ist nicht aktiviert? Hi, alles OK. Damit wir Deinen PC genauer durchchecken können brauchen wir noch Logs. Vielleicht ist was beim Posten schief gegangen. Kein Problem. Hast Du Schritt 1 ausgeführt? Die Echtheit dieser Windows-Kopie wurde noch nicht bestätigt - was tun? - Anleitungen Bitte mach nochmal einen Scan. Achte darauf dass auch ein Haken bei Addition.txt ist.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
09.04.2014, 04:41 | #5 |
| Echtheit der Windowskopie wurde noch nicht bestätig. Bei jedem Neustart: AVIRA Desktop ist nicht aktiviert? Meine Logfile ist wohl zu lang. Jetzt muss ich erst mal schauen, ob ich das mit dem Anhang hin bekomme. |
09.04.2014, 05:31 | #6 |
| Echtheit der Windowskopie wurde noch nicht bestätig. Bei jedem Neustart: AVIRA Desktop ist nicht aktiviert? Also Addition hat schon mal geklappt. Was ich bei First falsch gemacht habe, weiss ich noch nicht. Es tut mir leid. Werde es mit First später nochmals versuchen. Ich muss mich fertig machen zur Arbeit. Vielen lieben Dank für zwischendurch schon mal. Liebe Grüße Tatti Jana |
09.04.2014, 05:39 | #7 |
| Echtheit der Windowskopie wurde noch nicht bestätig. Bei jedem Neustart: AVIRA Desktop ist nicht aktiviert? Ah hallo Jürgen. So es hat geklappt. Es hat mir doch jetzt keine Ruhe gelassen, dass ich es nicht hinbekomme, diese Datei zu verpacken und hoch zu laden. Liebe Grüße Tatti Jana |
09.04.2014, 19:25 | #8 |
/// TB-Ausbilder /// Anleitungs-Guru | Echtheit der Windowskopie wurde noch nicht bestätig. Bei jedem Neustart: AVIRA Desktop ist nicht aktiviert? Hi, mach Dir nicht so viele Gedanken. Ist schon OK mit den Logs. Wir machen so weiter: Schritt 1 FRST - Fix Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira\AntiVir Desktop\ApnStub.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira\AntiVir Desktop\ApnToolbarInstaller.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira\AntiVir Desktop\ApnIC.dll <====== ATTENTION SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=3.7&ts=1374634172867&tguid=46364-3869-1374634172867-AF5EE1D3DAC05E13876E7DD261871157&q={searchTerms} AlternateDataStreams: C:\ProgramData\Temp:07BF512B AlternateDataStreams: C:\ProgramData\Temp:3AE22B1A AlternateDataStreams: C:\ProgramData\Temp:81F83028 AlternateDataStreams: C:\ProgramData\Temp:981884E7 AlternateDataStreams: C:\ProgramData\Temp:9A870F8B AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
Schritt 2 Starte bitte Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade dir bitte Farbar Service Scanner
Poste bitte den Inhalt hier. Bitte poste mir hier die Inhalte der Logs von FRST, MBAM, ESET und FSS.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
11.04.2014, 05:17 | #9 |
| Echtheit der Windowskopie wurde noch nicht bestätig. Bei jedem Neustart: AVIRA Desktop ist nicht aktiviert? Hallo und guten Morgen Jürgen, so hier erstmal die Fixlog.txt Datei: Ich hoffe ich habe dies überhaupt richtig gemacht? Hatte es gestern irgendwie nicht richtig verstanden und heute nochmals versucht. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Administrator at 2014-04-11 05:15:56 Run:1 Running from C:\Users\Administrator\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** Code: --------- HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira\AntiVir Desktop\ApnStub.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira\AntiVir Desktop\ApnToolbarInstaller.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira\AntiVir Desktop\ApnIC.dll <====== ATTENTION SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=3.7&ts=1374634172867&tguid=46364-3869-1374634172867-AF5EE1D3DAC05E13876E7DD261871157&q={searchTerms} AlternateDataStreams: C:\ProgramData\Temp:07BF512B AlternateDataStreams: C:\ProgramData\Temp:3AE22B1A AlternateDataStreams: C:\ProgramData\Temp:81F83028 AlternateDataStreams: C:\ProgramData\Temp:981884E7 AlternateDataStreams: C:\ProgramData\Temp:9A870F8B AlternateDataStreams: C:\ProgramData\Temp20FFA63 --------- ***************** HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. C:\ProgramData\Temp => ":07BF512B" ADS removed successfully. C:\ProgramData\Temp => ":3AE22B1A" ADS removed successfully. C:\ProgramData\Temp => ":81F83028" ADS removed successfully. C:\ProgramData\Temp => ":981884E7" ADS removed successfully. C:\ProgramData\Temp => ":9A870F8B" ADS removed successfully. C:\ProgramData\Temp => "20FFA63" ADS removed successfully. ==== End of Fixlog ==== Hier Anti-Maleware-Bytes: nichts gefunden allerdings. Ich führe diesen Quick-scan täglich automatisch durch. Habe ich so eingestellt: Hier Maleware-Bytes: Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.04.11.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16659 Administrator :: XXXXX [Administrator] Schutz: Aktiviert 11.04.2014 05:43:12 mbam-log-2014-04-11 (05-43-12).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP Deaktivierte Suchlaufeinstellungen: PUM | P2P Durchsuchte Objekte: 273269 Laufzeit: 20 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Schritt 3 und 4 folgt später Liebe Grüße TattiJana |
11.04.2014, 06:10 | #10 |
/// TB-Ausbilder /// Anleitungs-Guru | Echtheit der Windowskopie wurde noch nicht bestätig. Bei jedem Neustart: AVIRA Desktop ist nicht aktiviert?Alles OK! ESET kann sowieso länger dauern...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
11.04.2014, 17:10 | #11 |
| Echtheit der Windowskopie wurde noch nicht bestätig. Bei jedem Neustart: AVIRA Desktop ist nicht aktiviert? Oh ja Jürgen ESET läuft nun schon seit 3 Stunden und ist erst bei 49% Hier nun die ESET log. ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=a9fff34d44938044880beda3fc411ecd # engine=17847 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-04-11 03:05:39 # local_time=2014-04-11 05:05:39 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 85 23805441 148858589 0 0 # scanned=160263 # found=0 # cleaned=0 # scan_time=11698 Farbar Service Scanner Version: 25-02-2014 Ran by Administrator (administrator) on 11-04-2014 at 17:43:41 Running from "C:\Users\Administrator\Downloads" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is set to Demand. The default start type is Auto. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** So Jürgen Schritt 3 und 4 wären nun auch erledigt. Ich habe noch ein Problem. Als ich vorhin in der Systemsteuerung, bei Programme deinstallieren war, habe ich bemerkt, das es dort kaum noch Programme anzeigt? Wie kann das sein? Kannst du mir da evtl weiter helfen, was das sein könnte? Ich habe dann mit dem CCleaner deinstalliert. Da zeigt es mir fast alle Programme an! Dann noch eine letzte Frage. Java. Ich habe heute geschaut, ob meine Plugins noch alle aktuell sind. Java Deployment Toolkit soll ich aktualisieren und noch das andere Java. Aber genau mit diesem letzten Update von Java, habe ich mir glaub, diese Webs Searchs Suchmaschine auf den Laptop geholt? Was soll ich nun tun? Weil da steht "angreifbar" dabei? Obwohl ich diese Java Plugins nie aktiviert habe, kann da dann überhaupt was passieren? Ich weiss noch nicht mal, wie diese beiden Plugins in meine Browser gekommen sind - und habe sie deshalb standartmäßig "nie aktiviert". Weil entfernen kann man Plugins ja nicht, oder? Falls ich dies an anderer Stelle fragen/posten soll, gebe mir bitte Bescheid. Ich danke dir jetzt schon mal für alles, was du bisher für mich getan hast. Vielen lieben Dank und ein schönes Wochenende Liebe Grüße Tatti Jana |
12.04.2014, 09:08 | #12 |
/// TB-Ausbilder /// Anleitungs-Guru | Echtheit der Windowskopie wurde noch nicht bestätig. Bei jedem Neustart: AVIRA Desktop ist nicht aktiviert? Hi Tatti Jana, Um Java & Co. kümmern wir uns später, OK? Schritt 1 Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
Schritt 2
Poste bitte den Inhalt hier. Schritt 3 Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan. Bitte poste mir mit Deiner nächsten Antwort die Inhalte der Logs von FSS.txt, FRST.txt und Addition.txt. Wie verhält sich der Computer jetzt? Sind die Probleme noch vorhanden?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
12.04.2014, 15:11 | #13 |
| Echtheit der Windowskopie wurde noch nicht bestätig. Bei jedem Neustart: AVIRA Desktop ist nicht aktiviert? Hallo Jürgen. Hier die FSS.txt : Farbar Service Scanner Version: 25-02-2014 Ran by Administrator (administrator) on 12-04-2014 at 15:53:33 Running from "C:\Users\Administrator\Downloads" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** Hier die FIRST.txt FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 30 days old and could be outdated) Ran by Administrator (administrator) on XXXXX-PC on 12-04-2014 15:58:21 Running from C:\Users\Administrator\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Nero AG) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ASUS) C:\Program Files\P4G\BatteryLife.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Users\Administrator\AppData\Local\Viber\Viber.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Farbar) C:\Users\Administrator\Downloads\FRST64(1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus) HKU\S-1-5-19\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-4265152870-3533527588-3141693544-1021\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-4265152870-3533527588-3141693544-1021\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-11-22] (AMD) HKU\S-1-5-21-4265152870-3533527588-3141693544-1021\...\Run: [PC Speed Maximizer] - C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe HKU\S-1-5-21-4265152870-3533527588-3141693544-1021\...\Run: [Akamai NetSession Interface] - C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\S-1-5-21-4265152870-3533527588-3141693544-1021\...\MountPoints2: {5f1f7a8f-2f13-11e1-b04b-d0df9a89891a} - G:\AutoRun.exe HKU\S-1-5-21-4265152870-3533527588-3141693544-1021\...\MountPoints2: {7f07c70f-1f57-11e2-968f-d0df9a89891a} - F:\AutoRun.exe HKU\S-1-5-21-4265152870-3533527588-3141693544-500\...\Run: [Viber] - C:\Users\Administrator\AppData\Local\Viber\Viber.exe [936456 2014-03-05] () HKU\S-1-5-21-4265152870-3533527588-3141693544-500\...\MountPoints2: {5f1f7a8f-2f13-11e1-b04b-d0df9a89891a} - G:\AutoRun.exe HKU\S-1-5-21-4265152870-3533527588-3141693544-500\...\MountPoints2: {7f07c70f-1f57-11e2-968f-d0df9a89891a} - F:\AutoRun.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2 Tcpip\..\Interfaces\{791BE36F-A75C-45D9-9D2F-58CA6C7D5519}: [NameServer]193.189.244.206 193.189.244.225 Tcpip\..\Interfaces\{7DF2222B-99A3-4087-8BC7-900F1C92FA0B}: [NameServer]193.189.244.225 193.189.244.206 Tcpip\..\Interfaces\{D6B89C19-699B-4A2D-88B7-EEBB0AAF1E08}: [NameServer]193.189.244.206 193.189.244.225 FireFox: ======== FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\maupgsf2.default-1396603073950 FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=17.0.6.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.6.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Google Translator for Firefox - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\maupgsf2.default-1396603073950\Extensions\translator@zoli.bod.xpi [2014-04-04] FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\maupgsf2.default-1396603073950\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-04] FF HKLM-x32\...\Firefox\Extensions: [{8E8D8D12-A43B-4289-994D-DF2C7C0EF736}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-03] FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: https://www.google.de/ CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Gaaiho Doc) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (RealPlayer Video Downloader (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Video Downloader for HTML5 (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Video Downloader for PepperFlash (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll No File CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Angry Birds) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-03-20] CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-20] CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20] CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-20] CHR Extension: (Adblock Plus) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-04] CHR Extension: (Google-Suche) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-20] CHR Extension: (Google+) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2014-03-20] CHR Extension: (Jewel Quest Deluxe Spiel) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa [2014-03-20] CHR Extension: (Black & white Thema) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmohofkmppcgglcmlccpbokkkefigipi [2014-04-04] CHR Extension: (AdBlock) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-20] CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20] CHR Extension: (Downhill Jam) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjegjjfdamcmjikplaghiloojkpmdfm [2014-03-20] CHR Extension: (Deutsch Englisch Ãœbersetzer) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcknciadhimdlbjjfndidcgnhokfbgnd [2014-03-20] CHR Extension: (Google Mail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-20] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-02-12] CHR HKLM-x32\...\Chrome\Extension: [jllpjckabhalgdienlngoikeehalibei] - C:\Users\Tanja\AppData\Local\CRE\jllpjckabhalgdienlngoikeehalibei.crx [2014-02-12] CHR HKLM-x32\...\Chrome\Extension: [nlafpokblfobdnjhhggocaanijghemnd] - C:\Users\Tanja\AppData\Local\CRE\nlafpokblfobdnjhhggocaanijghemnd.crx [2014-02-12] CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\adawaretb\chrome-newtab-search.crx [2014-02-12] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) R3 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) R3 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2010-03-08] (Nero AG) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-02-12] () R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141336 2014-04-03] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-02-14] () R3 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-09-30] (Atheros) ==================== Drivers (Whitelisted) ==================== S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.) R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-05-25] (ASUS) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-09] (GFI Software) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) U2 TMAgent; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-12 15:58 - 2014-04-12 15:59 - 00023939 _____ () C:\Users\Administrator\Downloads\FRST.txt 2014-04-12 15:53 - 2014-04-12 15:53 - 00002499 _____ () C:\Users\Administrator\Downloads\FSS.txt 2014-04-12 14:50 - 2014-04-12 15:25 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE 2014-04-12 14:45 - 2014-04-12 14:45 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TANJA-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat 2014-04-12 14:43 - 2014-04-12 14:43 - 00000000 ____D () C:\RegBackup 2014-04-12 12:17 - 2014-04-12 12:17 - 00002121 _____ () C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2014-04-12 12:16 - 2014-04-12 12:16 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com 2014-04-12 12:14 - 2014-04-12 12:15 - 05198480 _____ () C:\Users\Administrator\Downloads\tweaking.com_windows_repair_aio_setup.exe 2014-04-12 07:46 - 2014-04-12 15:27 - 00444400 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-11 17:42 - 2014-04-11 17:42 - 00409600 _____ (Farbar) C:\Users\Administrator\Downloads\FSS.exe 2014-04-11 13:46 - 2014-04-11 13:47 - 02347384 _____ (ESET) C:\Users\Administrator\Downloads\esetsmartinstaller_enu.exe 2014-04-11 13:45 - 2014-04-11 13:45 - 00001034 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-04-11 07:16 - 2014-04-11 07:16 - 30796712 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jre-7u51-windows-x64(2).exe 2014-04-11 07:12 - 2014-04-11 07:13 - 30796712 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jre-7u51-windows-x64(1).exe 2014-04-11 07:11 - 2014-04-11 07:12 - 30796712 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jre-7u51-windows-x64.exe 2014-04-11 05:11 - 2014-04-11 05:11 - 00000942 _____ () C:\Users\Administrator\Documents\Fixlist.txt 2014-04-10 19:20 - 2014-04-10 19:20 - 00027003 _____ () C:\Users\Administrator\Documents\Himmel und Erde - die Tulpenzwiebel.odt 2014-04-10 17:35 - 2014-04-10 17:35 - 00017692 _____ () C:\Users\Administrator\Documents\Der Sprung in der Sch(1).odt 2014-04-10 17:16 - 2014-04-10 17:16 - 00014581 _____ () C:\Users\Administrator\Documents\Muschel.odt 2014-04-10 13:33 - 2014-04-10 13:33 - 00000000 ____D () C:\ProgramData\McAfee 2014-04-09 17:00 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-09 17:00 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-09 17:00 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-09 17:00 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-09 16:59 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 16:59 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 16:59 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 16:59 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 16:59 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 16:59 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 16:59 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 16:59 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 16:59 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 16:59 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 16:59 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 16:59 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 16:59 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 16:59 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 16:59 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 16:59 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 16:59 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-09 05:50 - 2014-04-09 06:04 - 26858115 _____ () C:\FRST.7z 2014-04-09 05:44 - 2014-04-09 05:44 - 01110476 _____ () C:\Users\Administrator\Downloads\7z920.exe 2014-04-08 15:06 - 2014-04-08 15:06 - 00000000 ____D () C:\Users\Administrator\Documents\Fax 2014-04-08 14:41 - 2014-04-08 14:42 - 02157056 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64(1).exe 2014-04-06 18:02 - 2014-04-09 05:33 - 00046179 _____ () C:\Users\Administrator\Documents\Addition.txt 2014-04-06 17:59 - 2014-04-12 15:58 - 00000000 ____D () C:\FRST 2014-04-06 17:59 - 2014-04-09 05:33 - 00078940 _____ () C:\Users\Administrator\Documents\FRST.txt 2014-04-06 13:43 - 2014-04-10 13:32 - 00000000 ____D () C:\Users\Administrator\Downloads\Kontoauszüge 2014-04-06 09:28 - 2014-04-06 09:28 - 00015473 _____ () C:\Users\Administrator\Documents\Ausgesorgt.odt 2014-04-06 08:47 - 2014-04-06 08:47 - 00001923 _____ () C:\Users\Administrator\Documents\Mein Film.wlmp 2014-04-05 14:40 - 2014-04-05 14:40 - 00000000 _____ () C:\cookies.sqlite 2014-04-05 14:27 - 2014-04-05 14:27 - 01066536 _____ (BillP Studios) C:\Users\Administrator\Downloads\wpsetup.exe 2014-04-05 09:27 - 2014-04-05 09:27 - 00057256 _____ () C:\Users\Administrator\Downloads\Extras.Txt 2014-04-05 09:24 - 2014-04-05 10:04 - 00153204 _____ () C:\Users\Administrator\Downloads\OTL.Txt 2014-04-05 08:58 - 2014-04-05 08:58 - 00602112 _____ (OldTimer Tools) C:\Users\Administrator\Downloads\OTL.exe 2014-04-05 08:16 - 2014-04-05 08:22 - 00000000 ____D () C:\AdwCleaner 2014-04-05 08:15 - 2014-04-05 08:15 - 01426178 _____ () C:\Users\Administrator\Downloads\adwcleaner.exe 2014-04-05 00:00 - 2014-04-05 00:00 - 00004606 _____ () C:\Windows\AsRecoveryHD.log 2014-04-05 00:00 - 2014-04-04 23:58 - 00032731 _____ () C:\Windows\AsFac.log 2014-04-03 21:29 - 2014-04-03 21:28 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-03 21:28 - 2014-04-03 21:28 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-03 21:28 - 2014-04-03 21:28 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-03 21:28 - 2014-04-03 21:28 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-04-03 21:28 - 2014-04-03 21:28 - 00000000 ____D () C:\Program Files\Java 2014-04-03 20:07 - 2014-04-03 20:07 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-03 20:04 - 2014-04-03 20:04 - 00003154 _____ () C:\Windows\System32\Tasks\{9ADA933E-019C-43DC-8CBE-B47C92082B21} 2014-04-03 19:45 - 2014-04-03 19:45 - 01176896 _____ (AnyProtect.com) C:\Users\Administrator\AppData\Local\nso30D7.tmp 2014-04-03 19:11 - 2014-04-03 19:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-03 17:55 - 2014-04-12 15:28 - 00003356 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4265152870-3533527588-3141693544-500 2014-04-03 17:55 - 2014-04-12 15:28 - 00003238 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4265152870-3533527588-3141693544-500 2014-04-03 17:55 - 2014-04-03 17:55 - 00003098 _____ () C:\Windows\System32\Tasks\RealCreateProcessScheduledTask7784293S-1-5-21-4265152870-3533527588-3141693544-500 2014-04-03 17:55 - 2014-04-03 17:55 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\RealNetworks 2014-04-03 17:55 - 2014-04-03 17:55 - 00000000 ____D () C:\ProgramData\RealNetworks 2014-04-03 17:55 - 2014-04-03 17:55 - 00000000 ____D () C:\Program Files (x86)\RealNetworks 2014-04-03 17:54 - 2014-04-03 17:54 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll 2014-04-03 17:54 - 2014-04-03 17:54 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll 2014-04-03 17:53 - 2014-04-03 17:55 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Real 2014-04-03 17:53 - 2014-04-03 17:55 - 00000000 ____D () C:\Program Files (x86)\Real 2014-04-03 17:53 - 2014-04-03 17:53 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll 2014-04-03 17:53 - 2014-04-03 17:53 - 00353864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2014-04-03 17:52 - 2014-04-03 17:56 - 00000000 ____D () C:\ProgramData\Real 2014-04-03 17:37 - 2014-04-03 17:37 - 00000000 ____D () C:\Users\Administrator\AppData\Local\DDMSettings 2014-04-03 17:34 - 2014-04-03 17:34 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DivX 2014-04-03 17:34 - 2014-04-03 17:34 - 00000000 ____D () C:\Program Files\DivX 2014-04-03 17:33 - 2014-04-03 17:34 - 00000000 ____D () C:\Program Files (x86)\DivX 2014-04-03 17:32 - 2014-04-03 17:35 - 00000000 ____D () C:\ProgramData\DivX 2014-04-03 17:31 - 2014-04-03 17:31 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-03 17:31 - 2014-04-03 17:31 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-03 17:31 - 2014-04-03 17:31 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-03 17:31 - 2014-04-03 17:31 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-02 19:18 - 2014-04-03 17:32 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-02 19:18 - 2014-04-02 19:18 - 00000000 ____D () C:\ProgramData\Sun 2014-04-02 19:17 - 2014-04-02 19:17 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-02 18:41 - 2014-04-03 15:44 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack 2014-03-31 05:17 - 2014-04-03 17:06 - 00000000 ___RD () C:\Users\Administrator\Google Drive 2014-03-31 05:17 - 2014-03-31 05:17 - 00001725 _____ () C:\Users\Administrator\Desktop\Google Drive.lnk 2014-03-31 05:11 - 2014-03-31 05:11 - 00002004 _____ () C:\Users\Public\Desktop\Google Slides.lnk 2014-03-31 05:11 - 2014-03-31 05:11 - 00002002 _____ () C:\Users\Public\Desktop\Google Sheets.lnk 2014-03-31 05:11 - 2014-03-31 05:11 - 00001992 _____ () C:\Users\Public\Desktop\Google Docs.lnk 2014-03-30 14:13 - 2014-04-12 15:28 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ViberPC 2014-03-30 14:12 - 2014-04-12 15:28 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Viber 2014-03-26 06:21 - 2014-03-26 06:21 - 00000000 ____D () C:\ProgramData\Mozilla 2014-03-26 06:20 - 2014-04-03 19:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-25 21:19 - 2014-03-25 21:19 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\LG Electronics 2014-03-25 21:17 - 2014-04-08 19:20 - 00001068 _____ () C:\Users\Public\Desktop\LG PC Suite.Lnk 2014-03-25 20:56 - 2014-03-25 20:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LG Electronics 2014-03-25 20:52 - 2014-03-25 20:55 - 00000000 ____D () C:\Program Files (x86)\LG Electronics 2014-03-25 06:50 - 2014-03-25 06:55 - 00000000 ____D () C:\Users\Administrator\Desktop\Fotos 2014-03-25 06:23 - 2014-03-25 06:44 - 00000000 ____D () C:\Users\Administrator\Desktop\Musik 2014-03-24 06:15 - 2014-03-24 06:18 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige 2014-03-24 06:02 - 2014-03-24 06:12 - 00007600 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg 2014-03-23 11:54 - 2014-03-23 12:19 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Raptr 2014-03-23 11:54 - 2014-03-23 11:55 - 00000000 ____D () C:\Program Files (x86)\Raptr 2014-03-23 11:40 - 2014-03-23 11:40 - 00003416 _____ () C:\Windows\System32\Tasks\{14221683-C2E2-4074-BBB3-6090204CF881} 2014-03-23 10:37 - 2014-03-23 10:38 - 22249837 _____ () C:\Program Files (x86)\LifeFrame3_Win7_32_Win7_64_z300021.zip 2014-03-23 10:35 - 2014-03-23 10:35 - 20754387 _____ () C:\Program Files (x86)\LifeFrame3_WIN7_32_WIN7_64_300020.zip 2014-03-23 10:20 - 2014-03-23 10:20 - 00007782 _____ () C:\Windows\DPINST.LOG 2014-03-23 10:20 - 2014-03-23 10:20 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3 2014-03-23 10:17 - 2014-03-23 10:17 - 05295280 _____ () C:\Program Files (x86)\Asmedia_USB3_Win7_VER11430.zip 2014-03-23 09:27 - 2014-03-23 09:27 - 00003316 _____ () C:\Windows\System32\Tasks\{4701A682-3AC1-485E-B6DA-AB15E09EFBC9} 2014-03-22 13:01 - 2014-03-22 13:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Windows Live Writer 2014-03-22 13:01 - 2014-03-22 13:01 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Windows Live Writer 2014-03-22 11:35 - 2011-12-14 02:44 - 00056448 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys 2014-03-22 11:34 - 2012-02-29 18:38 - 00082560 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_sata.sys 2014-03-22 11:34 - 2012-02-29 18:38 - 00042624 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_xata.sys 2014-03-22 11:30 - 2011-02-25 08:25 - 00296320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys 2014-03-22 11:28 - 2014-03-22 11:28 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll 2014-03-22 11:12 - 2014-03-22 11:24 - 860369178 _____ () C:\Program Files (x86)\AMD_Chipset_Win7_VER808770.zip 2014-03-22 11:05 - 2014-03-22 11:05 - 03163856 _____ () C:\Program Files (x86)\M5A97-EVO2-ASUS-M51BC-0405.zip 2014-03-22 11:04 - 2014-03-22 11:04 - 03163735 _____ () C:\Program Files (x86)\M5A97-EVO2-ASUS-M51BC-0502.zip 2014-03-22 10:52 - 2013-09-06 19:56 - 03637720 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys 2014-03-22 10:52 - 2013-09-06 18:31 - 32861696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat 2014-03-22 10:52 - 2013-09-05 18:19 - 00643329 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT 2014-03-22 10:52 - 2013-09-05 16:52 - 02586328 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll 2014-03-22 10:52 - 2013-09-03 21:16 - 00148184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll 2014-03-22 10:52 - 2013-08-20 21:17 - 02809048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll 2014-03-22 10:52 - 2013-08-14 17:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll 2014-03-22 10:52 - 2013-08-14 17:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll 2014-03-22 10:52 - 2013-08-02 21:16 - 01005784 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll 2014-03-22 10:52 - 2013-07-26 15:05 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll 2014-03-22 10:52 - 2013-07-24 11:07 - 02032896 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll 2014-03-22 10:52 - 2013-07-23 16:40 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll 2014-03-22 10:52 - 2013-07-23 16:39 - 14048512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll 2014-03-22 10:52 - 2013-07-23 16:39 - 01916672 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll 2014-03-22 10:52 - 2013-07-23 16:39 - 00922880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll 2014-03-22 10:52 - 2013-04-24 18:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl 2014-03-22 10:52 - 2013-02-20 19:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll 2014-03-22 10:51 - 2014-03-22 10:51 - 00001769 _____ () C:\Windows\Language_trs.ini 2014-03-22 10:51 - 2013-09-03 12:16 - 02080472 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll 2014-03-22 10:51 - 2013-08-07 18:41 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll 2014-03-22 10:51 - 2013-08-05 19:11 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll 2014-03-22 10:51 - 2013-06-05 22:42 - 00208072 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll 2014-03-22 10:46 - 2014-03-22 10:50 - 239497815 _____ () C:\Program Files (x86)\Realtek_Audio_Win7_8-1_VER6017035.zip 2014-03-22 10:30 - 2014-03-22 10:31 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Akamai 2014-03-20 20:19 - 2014-04-12 15:32 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-20 20:19 - 2014-04-12 15:32 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-20 20:19 - 2014-03-26 16:26 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-20 20:19 - 2014-03-26 16:26 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-20 19:47 - 2014-03-20 19:54 - 00002568 _____ () C:\RHDSetup.log 2014-03-20 19:19 - 2014-03-20 19:19 - 00003206 _____ () C:\Windows\System32\Tasks\{9EFF9AB6-8916-4DBB-9DFA-7BB7DD73E611} 2014-03-20 08:40 - 2014-04-12 15:26 - 00014516 _____ () C:\Windows\PFRO.log 2014-03-20 08:14 - 2014-03-20 08:14 - 00000000 ____D () C:\668f41361c020bd72dbd7654c5c8b3 2014-03-20 08:07 - 2014-03-20 08:09 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation 2014-03-20 08:03 - 2014-03-20 08:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Atheros 2014-03-20 08:03 - 2014-03-20 08:03 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros 2014-03-20 08:01 - 2014-03-20 08:03 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite 2014-03-20 07:51 - 2011-01-18 18:16 - 09888360 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUStoricon.dll 2014-03-20 07:51 - 2011-01-18 18:16 - 00250984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys 2014-03-20 07:30 - 2011-10-18 19:10 - 00099432 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll 2014-03-19 21:46 - 2014-03-20 19:57 - 01197728 _____ () C:\Windows\AsDebug.log 2014-03-19 21:46 - 2014-03-20 19:57 - 00376214 _____ () C:\Windows\AsCDProc.log 2014-03-19 21:41 - 2014-04-12 15:26 - 00007540 _____ () C:\Windows\setupact.log 2014-03-19 21:41 - 2014-03-19 21:41 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-19 21:35 - 2014-03-19 21:35 - 00000000 ____D () C:\wd 2014-03-18 23:31 - 2014-03-18 23:31 - 00001116 _____ () C:\Users\Public\Desktop\SmartLogon-Manager.lnk 2014-03-18 22:58 - 2014-03-27 15:48 - 00000024 _____ () C:\Windows\ATKPF.ini 2014-03-18 10:18 - 2014-03-18 10:18 - 00003414 _____ () C:\Windows\System32\Tasks\{B94EDEFC-0980-47F8-BB9E-209A85CE6FE1} 2014-03-18 10:17 - 2014-03-18 10:17 - 00003416 _____ () C:\Windows\System32\Tasks\{34C9CBA3-C888-4920-8B67-B2ADC1C0EEC8} 2014-03-18 10:17 - 2014-03-18 10:17 - 00003414 _____ () C:\Windows\System32\Tasks\{5572B819-32CF-487F-9AD6-EA2B2D241B73} 2014-03-18 10:16 - 2014-03-18 10:16 - 00003416 _____ () C:\Windows\System32\Tasks\{15B0A22F-3C7F-4B66-A5AB-B24D49E41DEF} 2014-03-18 10:14 - 2014-03-18 10:14 - 00000716 _____ () C:\Users\Public\Desktop\eManual.Lnk 2014-03-18 10:09 - 2014-03-18 10:09 - 00003410 _____ () C:\Windows\System32\Tasks\{F3F1AFAE-7D89-4B20-827C-EB152F3F190A} 2014-03-18 10:09 - 2014-03-18 10:09 - 00003410 _____ () C:\Windows\System32\Tasks\{EBEA6DCF-5F87-47D7-9B95-4685CEC69B89} 2014-03-18 10:09 - 2014-03-18 10:09 - 00003410 _____ () C:\Windows\System32\Tasks\{D1890307-2C65-4D4D-8E85-C012B5930B50} 2014-03-18 10:09 - 2014-03-18 10:09 - 00003410 _____ () C:\Windows\System32\Tasks\{8DFA3A56-C92E-4D3F-80E0-0C7EFBE7521B} 2014-03-18 10:09 - 2014-03-18 10:09 - 00003410 _____ () C:\Windows\System32\Tasks\{697DA3BA-E11B-4C05-AFFB-78191D5B01BE} 2014-03-18 10:08 - 2014-03-18 10:08 - 00003068 _____ () C:\Windows\System32\Tasks\ACMON 2014-03-18 10:08 - 2014-03-18 10:08 - 00001070 _____ () C:\Users\Public\Desktop\Splendid Utility.Lnk 2014-03-18 09:57 - 2014-04-03 15:45 - 00000000 ____D () C:\ProgramData\P4G 2014-03-18 09:57 - 2014-03-18 10:02 - 00000000 ____D () C:\Program Files\P4G 2014-03-18 09:57 - 2014-03-18 09:57 - 00003046 _____ () C:\Windows\System32\Tasks\ASUS P4G 2014-03-18 09:56 - 2014-03-18 09:56 - 00002978 _____ () C:\Windows\System32\Tasks\ATKOSD2 2014-03-18 09:42 - 2014-03-20 19:54 - 00000207 _____ () C:\setup.log 2014-03-17 22:19 - 2014-03-22 10:53 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM 2014-03-17 22:19 - 2014-03-17 22:19 - 00000000 ____D () C:\Program Files\Realtek 2014-03-17 22:18 - 2014-03-22 10:51 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-03-17 22:18 - 2012-03-08 12:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll 2014-03-17 22:18 - 2012-02-21 20:45 - 02605400 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll 2014-03-17 22:18 - 2012-02-14 01:05 - 08363864 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll 2014-03-17 22:18 - 2011-12-20 16:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll 2014-03-17 22:18 - 2011-12-18 18:58 - 02131288 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll 2014-03-17 22:18 - 2011-11-22 17:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll 2014-03-17 22:18 - 2011-09-02 15:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll 2014-03-17 22:18 - 2011-09-02 15:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll 2014-03-17 22:18 - 2011-09-02 15:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll 2014-03-17 22:18 - 2011-05-31 10:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll 2014-03-17 22:18 - 2011-05-31 10:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll 2014-03-17 22:18 - 2011-05-31 10:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll 2014-03-17 22:18 - 2011-05-31 10:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll 2014-03-17 22:18 - 2011-05-31 10:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll 2014-03-17 22:18 - 2011-05-31 10:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll 2014-03-17 22:18 - 2011-05-31 10:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll 2014-03-17 22:18 - 2011-05-31 10:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll 2014-03-17 22:18 - 2011-05-31 10:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll 2014-03-17 22:18 - 2011-05-31 10:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll 2014-03-17 22:18 - 2010-11-08 08:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll 2014-03-17 22:18 - 2010-11-08 08:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll 2014-03-17 22:18 - 2010-11-08 08:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll 2014-03-17 22:18 - 2010-11-08 08:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll 2014-03-17 22:18 - 2010-11-08 08:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll 2014-03-17 22:18 - 2010-11-08 08:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll 2014-03-17 22:18 - 2010-11-03 19:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll 2014-03-17 22:18 - 2010-09-27 10:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll 2014-03-17 22:18 - 2010-07-22 17:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll 2014-03-17 22:18 - 2010-07-11 22:28 - 00180048 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFProc64.dll 2014-03-17 22:18 - 2010-07-11 22:28 - 00086352 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFComm64.dll 2014-03-17 22:18 - 2010-07-11 22:28 - 00083792 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFSAPO64.dll 2014-03-17 22:18 - 2010-07-11 22:28 - 00082768 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFHAPO64.dll 2014-03-17 22:18 - 2010-07-11 22:28 - 00082768 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFDAPO64.dll 2014-03-17 22:18 - 2009-11-24 10:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll 2014-03-17 22:18 - 2009-11-24 10:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll 2014-03-17 22:18 - 2009-11-24 10:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll 2014-03-17 22:18 - 2009-11-24 10:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll 2014-03-17 19:58 - 2014-03-17 19:58 - 00003208 _____ () C:\Windows\System32\Tasks\{202BE540-56F3-4B3E-88C1-9A211C1EF10A} 2014-03-16 21:29 - 2014-03-16 21:29 - 00000871 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk 2014-03-15 19:31 - 2014-03-15 19:31 - 00000000 ____D () C:\ProgramData\ATI 2014-03-15 19:29 - 2014-03-15 19:29 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2014-03-15 19:26 - 2014-04-04 13:22 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-03-15 19:24 - 2014-03-15 19:24 - 00000000 ____D () C:\Program Files\AMD 2014-03-15 19:06 - 2014-03-15 19:06 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\library_dir 2014-03-14 21:46 - 2014-04-03 15:46 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4 2014-03-14 21:46 - 2014-03-14 21:48 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero 2014-03-14 21:46 - 2014-03-14 21:46 - 00000020 ___SH () C:\Users\NeroMediaHomeUser.4\ntuser.ini 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\Vorlagen 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\Startmenü 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\Netzwerkumgebung 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\Lokale Einstellungen 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\Eigene Dateien 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\Druckumgebung 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\Documents\Eigene Musik 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\Documents\Eigene Bilder 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\AppData\Local\Verlauf 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\AppData\Local\Anwendungsdaten 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\Anwendungsdaten 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Nero 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Nero 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Nero 2014-03-14 21:46 - 2012-11-18 10:44 - 00002086 _____ () C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk 2014-03-14 21:46 - 2012-05-15 08:00 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\Microsoft Help 2014-03-14 21:46 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-03-14 21:46 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-03-14 21:43 - 2014-03-14 21:43 - 00002361 _____ () C:\Users\Public\Desktop\Nero MediaHome 4.lnk 2014-03-14 21:42 - 2014-03-14 21:46 - 00000000 ____D () C:\ProgramData\Nero 2014-03-14 21:42 - 2014-03-14 21:44 - 00000000 ____D () C:\Program Files (x86)\Nero 2014-03-14 08:34 - 2014-03-14 08:34 - 00000000 ____D () C:\Program Files (x86)\n-tv 2014-03-13 23:28 - 2014-03-13 23:28 - 00000000 ____D () C:\Program Files (x86)\maxdome - Online Videothek 2014-03-13 07:33 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-13 07:33 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 07:33 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-13 07:33 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-13 07:33 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 07:33 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-13 07:33 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-13 07:33 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-13 07:33 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-13 07:33 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-13 07:33 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-13 07:33 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-13 07:33 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-13 07:33 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 07:33 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-13 07:33 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-13 07:33 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 07:33 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 07:33 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-13 07:33 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 07:33 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-13 07:33 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-13 07:33 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-13 07:33 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-13 07:33 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 07:33 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-13 07:33 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 07:33 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 07:33 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 07:33 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-13 07:33 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 07:33 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 07:33 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 07:33 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 07:33 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-13 07:33 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-13 07:33 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 07:33 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 07:33 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-13 07:33 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-13 07:32 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-13 07:32 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 07:32 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-13 07:32 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll ==================== One Month Modified Files and Folders ======= 2014-04-12 15:59 - 2014-04-12 15:58 - 00023939 _____ () C:\Users\Administrator\Downloads\FRST.txt 2014-04-12 15:58 - 2014-04-06 17:59 - 00000000 ____D () C:\FRST 2014-04-12 15:53 - 2014-04-12 15:53 - 00002499 _____ () C:\Users\Administrator\Downloads\FSS.txt 2014-04-12 15:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-04-12 15:35 - 2011-08-02 23:43 - 01526767 _____ () C:\Windows\WindowsUpdate.log 2014-04-12 15:33 - 2011-02-19 06:24 - 00699508 _____ () C:\Windows\system32\perfh007.dat 2014-04-12 15:33 - 2011-02-19 06:24 - 00150246 _____ () C:\Windows\system32\perfc007.dat 2014-04-12 15:33 - 2009-07-14 07:13 - 01657864 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-12 15:32 - 2014-03-20 20:19 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-12 15:32 - 2014-03-20 20:19 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-12 15:32 - 2012-12-15 10:20 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-04-12 15:32 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-12 15:32 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-12 15:28 - 2014-04-03 17:55 - 00003356 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4265152870-3533527588-3141693544-500 2014-04-12 15:28 - 2014-04-03 17:55 - 00003238 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4265152870-3533527588-3141693544-500 2014-04-12 15:28 - 2014-03-30 14:13 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ViberPC 2014-04-12 15:28 - 2014-03-30 14:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Viber 2014-04-12 15:27 - 2014-04-12 07:46 - 00444400 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-12 15:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-12 15:26 - 2014-03-20 08:40 - 00014516 _____ () C:\Windows\PFRO.log 2014-04-12 15:26 - 2014-03-19 21:41 - 00007540 _____ () C:\Windows\setupact.log 2014-04-12 15:25 - 2014-04-12 14:50 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE 2014-04-12 15:15 - 2009-07-14 04:34 - 00000423 _____ () C:\Windows\win.ini 2014-04-12 15:07 - 2012-05-09 12:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-12 14:45 - 2014-04-12 14:45 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TANJA-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat 2014-04-12 14:43 - 2014-04-12 14:43 - 00000000 ____D () C:\RegBackup 2014-04-12 13:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-12 13:11 - 2012-05-30 20:23 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4265152870-3533527588-3141693544-1001UA.job 2014-04-12 12:17 - 2014-04-12 12:17 - 00002121 _____ () C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2014-04-12 12:16 - 2014-04-12 12:16 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com 2014-04-12 12:15 - 2014-04-12 12:14 - 05198480 _____ () C:\Users\Administrator\Downloads\tweaking.com_windows_repair_aio_setup.exe 2014-04-11 17:42 - 2014-04-11 17:42 - 00409600 _____ (Farbar) C:\Users\Administrator\Downloads\FSS.exe 2014-04-11 13:47 - 2014-04-11 13:46 - 02347384 _____ (ESET) C:\Users\Administrator\Downloads\esetsmartinstaller_enu.exe 2014-04-11 13:45 - 2014-04-11 13:45 - 00001034 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-04-11 13:45 - 2014-03-09 14:20 - 00000000 ____D () C:\ProgramData\Avira 2014-04-11 13:45 - 2014-03-09 14:20 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-04-11 07:16 - 2014-04-11 07:16 - 30796712 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jre-7u51-windows-x64(2).exe 2014-04-11 07:13 - 2014-04-11 07:12 - 30796712 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jre-7u51-windows-x64(1).exe 2014-04-11 07:12 - 2014-04-11 07:11 - 30796712 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jre-7u51-windows-x64.exe 2014-04-11 05:11 - 2014-04-11 05:11 - 00000942 _____ () C:\Users\Administrator\Documents\Fixlist.txt 2014-04-10 19:20 - 2014-04-10 19:20 - 00027003 _____ () C:\Users\Administrator\Documents\Himmel und Erde - die Tulpenzwiebel.odt 2014-04-10 17:35 - 2014-04-10 17:35 - 00017692 _____ () C:\Users\Administrator\Documents\Der Sprung in der Sch(1).odt 2014-04-10 17:16 - 2014-04-10 17:16 - 00014581 _____ () C:\Users\Administrator\Documents\Muschel.odt 2014-04-10 13:35 - 2013-07-13 09:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe 2014-04-10 13:33 - 2014-04-10 13:33 - 00000000 ____D () C:\ProgramData\McAfee 2014-04-10 13:32 - 2014-04-06 13:43 - 00000000 ____D () C:\Users\Administrator\Downloads\Kontoauszüge 2014-04-10 13:32 - 2012-05-09 12:57 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-10 13:32 - 2012-05-09 12:57 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-10 13:32 - 2012-05-09 12:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-09 20:39 - 2013-08-14 07:43 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-09 20:36 - 2012-01-02 16:50 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-09 06:04 - 2014-04-09 05:50 - 26858115 _____ () C:\FRST.7z 2014-04-09 05:44 - 2014-04-09 05:44 - 01110476 _____ () C:\Users\Administrator\Downloads\7z920.exe 2014-04-09 05:33 - 2014-04-06 18:02 - 00046179 _____ () C:\Users\Administrator\Documents\Addition.txt 2014-04-09 05:33 - 2014-04-06 17:59 - 00078940 _____ () C:\Users\Administrator\Documents\FRST.txt 2014-04-08 19:20 - 2014-03-25 21:17 - 00001068 _____ () C:\Users\Public\Desktop\LG PC Suite.Lnk 2014-04-08 15:06 - 2014-04-08 15:06 - 00000000 ____D () C:\Users\Administrator\Documents\Fax 2014-04-08 14:42 - 2014-04-08 14:41 - 02157056 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64(1).exe 2014-04-07 18:30 - 2013-07-13 09:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps 2014-04-07 17:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ias 2014-04-06 09:28 - 2014-04-06 09:28 - 00015473 _____ () C:\Users\Administrator\Documents\Ausgesorgt.odt 2014-04-06 08:47 - 2014-04-06 08:47 - 00001923 _____ () C:\Users\Administrator\Documents\Mein Film.wlmp 2014-04-06 08:46 - 2013-07-25 04:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Windows Live 2014-04-05 14:40 - 2014-04-05 14:40 - 00000000 _____ () C:\cookies.sqlite 2014-04-05 14:27 - 2014-04-05 14:27 - 01066536 _____ (BillP Studios) C:\Users\Administrator\Downloads\wpsetup.exe 2014-04-05 10:04 - 2014-04-05 09:24 - 00153204 _____ () C:\Users\Administrator\Downloads\OTL.Txt 2014-04-05 09:27 - 2014-04-05 09:27 - 00057256 _____ () C:\Users\Administrator\Downloads\Extras.Txt 2014-04-05 08:58 - 2014-04-05 08:58 - 00602112 _____ (OldTimer Tools) C:\Users\Administrator\Downloads\OTL.exe 2014-04-05 08:22 - 2014-04-05 08:16 - 00000000 ____D () C:\AdwCleaner 2014-04-05 08:15 - 2014-04-05 08:15 - 01426178 _____ () C:\Users\Administrator\Downloads\adwcleaner.exe 2014-04-05 00:00 - 2014-04-05 00:00 - 00004606 _____ () C:\Windows\AsRecoveryHD.log 2014-04-05 00:00 - 2009-07-29 07:20 - 00000000 ____D () C:\Windows\Log 2014-04-04 23:58 - 2014-04-05 00:00 - 00032731 _____ () C:\Windows\AsFac.log 2014-04-04 13:22 - 2014-03-15 19:26 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-04-03 22:11 - 2012-05-30 20:23 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4265152870-3533527588-3141693544-1001Core.job 2014-04-03 21:28 - 2014-04-03 21:29 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-03 21:28 - 2014-04-03 21:28 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-03 21:28 - 2014-04-03 21:28 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-03 21:28 - 2014-04-03 21:28 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-04-03 21:28 - 2014-04-03 21:28 - 00000000 ____D () C:\Program Files\Java 2014-04-03 20:14 - 2011-08-03 00:18 - 00001731 _____ () C:\Windows\system32\ServiceFilter.ini 2014-04-03 20:12 - 2011-08-03 00:18 - 00002245 _____ () C:\Windows\system32\AutoRunFilter.ini 2014-04-03 20:09 - 2012-01-02 16:48 - 00000000 ____D () C:\Windows\pss 2014-04-03 20:07 - 2014-04-03 20:07 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-03 20:04 - 2014-04-03 20:04 - 00003154 _____ () C:\Windows\System32\Tasks\{9ADA933E-019C-43DC-8CBE-B47C92082B21} 2014-04-03 19:45 - 2014-04-03 19:45 - 01176896 _____ (AnyProtect.com) C:\Users\Administrator\AppData\Local\nso30D7.tmp 2014-04-03 19:11 - 2014-04-03 19:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-03 19:11 - 2014-03-26 06:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-03 19:11 - 2013-02-08 17:09 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla 2014-04-03 17:56 - 2014-04-03 17:52 - 00000000 ____D () C:\ProgramData\Real 2014-04-03 17:55 - 2014-04-03 17:55 - 00003098 _____ () C:\Windows\System32\Tasks\RealCreateProcessScheduledTask7784293S-1-5-21-4265152870-3533527588-3141693544-500 2014-04-03 17:55 - 2014-04-03 17:55 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\RealNetworks 2014-04-03 17:55 - 2014-04-03 17:55 - 00000000 ____D () C:\ProgramData\RealNetworks 2014-04-03 17:55 - 2014-04-03 17:55 - 00000000 ____D () C:\Program Files (x86)\RealNetworks 2014-04-03 17:55 - 2014-04-03 17:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Real 2014-04-03 17:55 - 2014-04-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Real 2014-04-03 17:54 - 2014-04-03 17:54 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll 2014-04-03 17:54 - 2014-04-03 17:54 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll 2014-04-03 17:53 - 2014-04-03 17:53 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll 2014-04-03 17:53 - 2014-04-03 17:53 - 00353864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2014-04-03 17:37 - 2014-04-03 17:37 - 00000000 ____D () C:\Users\Administrator\AppData\Local\DDMSettings 2014-04-03 17:35 - 2014-04-03 17:32 - 00000000 ____D () C:\ProgramData\DivX 2014-04-03 17:34 - 2014-04-03 17:34 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DivX 2014-04-03 17:34 - 2014-04-03 17:34 - 00000000 ____D () C:\Program Files\DivX 2014-04-03 17:34 - 2014-04-03 17:33 - 00000000 ____D () C:\Program Files (x86)\DivX 2014-04-03 17:32 - 2014-04-02 19:18 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-03 17:31 - 2014-04-03 17:31 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-03 17:31 - 2014-04-03 17:31 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-03 17:31 - 2014-04-03 17:31 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-03 17:31 - 2014-04-03 17:31 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-03 17:06 - 2014-03-31 05:17 - 00000000 ___RD () C:\Users\Administrator\Google Drive 2014-04-03 17:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-03 15:46 - 2014-03-14 21:46 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4 2014-04-03 15:46 - 2012-07-12 05:44 - 00000000 ____D () C:\Users\Administrator 2014-04-03 15:46 - 2011-08-03 00:23 - 00045056 _____ () C:\Windows\system32\acovcnt.exe 2014-04-03 15:45 - 2014-03-18 09:57 - 00000000 ____D () C:\ProgramData\P4G 2014-04-03 15:45 - 2013-11-12 16:51 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-03 15:45 - 2013-07-15 15:49 - 00000000 ____D () C:\Windows\SysWOW64\Adobe 2014-04-03 15:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat 2014-04-03 15:44 - 2014-04-02 18:41 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack 2014-04-03 15:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-04-03 15:43 - 2013-03-18 19:05 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes 2014-04-02 19:18 - 2014-04-02 19:18 - 00000000 ____D () C:\ProgramData\Sun 2014-04-02 19:17 - 2014-04-02 19:17 - 00000000 ____D () C:\Program Files (x86)\Java 2014-03-31 13:23 - 2014-03-09 14:20 - 00000000 ____D () C:\ProgramData\Package Cache 2014-03-31 05:17 - 2014-03-31 05:17 - 00001725 _____ () C:\Users\Administrator\Desktop\Google Drive.lnk 2014-03-31 05:11 - 2014-03-31 05:11 - 00002004 _____ () C:\Users\Public\Desktop\Google Slides.lnk 2014-03-31 05:11 - 2014-03-31 05:11 - 00002002 _____ () C:\Users\Public\Desktop\Google Sheets.lnk 2014-03-31 05:11 - 2014-03-31 05:11 - 00001992 _____ () C:\Users\Public\Desktop\Google Docs.lnk 2014-03-31 05:11 - 2011-04-13 04:33 - 00000000 ____D () C:\Program Files (x86)\Google 2014-03-31 03:16 - 2014-04-09 17:00 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-31 03:13 - 2014-04-09 17:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-31 02:13 - 2014-04-09 17:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-31 01:57 - 2014-04-09 17:00 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-27 15:48 - 2014-03-18 22:58 - 00000024 _____ () C:\Windows\ATKPF.ini 2014-03-26 16:26 - 2014-03-20 20:19 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-26 16:26 - 2014-03-20 20:19 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-26 06:21 - 2014-03-26 06:21 - 00000000 ____D () C:\ProgramData\Mozilla 2014-03-25 21:19 - 2014-03-25 21:19 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\LG Electronics 2014-03-25 20:56 - 2014-03-25 20:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LG Electronics 2014-03-25 20:55 - 2014-03-25 20:52 - 00000000 ____D () C:\Program Files (x86)\LG Electronics 2014-03-25 06:55 - 2014-03-25 06:50 - 00000000 ____D () C:\Users\Administrator\Desktop\Fotos 2014-03-25 06:44 - 2014-03-25 06:23 - 00000000 ____D () C:\Users\Administrator\Desktop\Musik 2014-03-24 06:18 - 2014-03-24 06:15 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige 2014-03-24 06:12 - 2014-03-24 06:02 - 00007600 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg 2014-03-23 21:27 - 2012-12-15 10:15 - 01632144 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-03-23 12:19 - 2014-03-23 11:54 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Raptr 2014-03-23 11:55 - 2014-03-23 11:54 - 00000000 ____D () C:\Program Files (x86)\Raptr 2014-03-23 11:40 - 2014-03-23 11:40 - 00003416 _____ () C:\Windows\System32\Tasks\{14221683-C2E2-4074-BBB3-6090204CF881} 2014-03-23 10:38 - 2014-03-23 10:37 - 22249837 _____ () C:\Program Files (x86)\LifeFrame3_Win7_32_Win7_64_z300021.zip 2014-03-23 10:37 - 2011-04-13 04:47 - 00000000 ____D () C:\Program Files (x86)\ASUS 2014-03-23 10:35 - 2014-03-23 10:35 - 20754387 _____ () C:\Program Files (x86)\LifeFrame3_WIN7_32_WIN7_64_300020.zip 2014-03-23 10:20 - 2014-03-23 10:20 - 00007782 _____ () C:\Windows\DPINST.LOG 2014-03-23 10:20 - 2014-03-23 10:20 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3 2014-03-23 10:17 - 2014-03-23 10:17 - 05295280 _____ () C:\Program Files (x86)\Asmedia_USB3_Win7_VER11430.zip 2014-03-23 09:27 - 2014-03-23 09:27 - 00003316 _____ () C:\Windows\System32\Tasks\{4701A682-3AC1-485E-B6DA-AB15E09EFBC9} 2014-03-23 09:26 - 2011-04-13 04:47 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-03-22 13:01 - 2014-03-22 13:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Windows Live Writer 2014-03-22 13:01 - 2014-03-22 13:01 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Windows Live Writer 2014-03-22 11:28 - 2014-03-22 11:28 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll 2014-03-22 11:24 - 2014-03-22 11:12 - 860369178 _____ () C:\Program Files (x86)\AMD_Chipset_Win7_VER808770.zip 2014-03-22 11:05 - 2014-03-22 11:05 - 03163856 _____ () C:\Program Files (x86)\M5A97-EVO2-ASUS-M51BC-0405.zip 2014-03-22 11:04 - 2014-03-22 11:04 - 03163735 _____ () C:\Program Files (x86)\M5A97-EVO2-ASUS-M51BC-0502.zip 2014-03-22 10:53 - 2014-03-17 22:19 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM 2014-03-22 10:51 - 2014-03-22 10:51 - 00001769 _____ () C:\Windows\Language_trs.ini 2014-03-22 10:51 - 2014-03-17 22:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-03-22 10:50 - 2014-03-22 10:46 - 239497815 _____ () C:\Program Files (x86)\Realtek_Audio_Win7_8-1_VER6017035.zip 2014-03-22 10:31 - 2014-03-22 10:30 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Akamai 2014-03-20 20:20 - 2012-07-12 06:01 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-03-20 19:57 - 2014-03-19 21:46 - 01197728 _____ () C:\Windows\AsDebug.log 2014-03-20 19:57 - 2014-03-19 21:46 - 00376214 _____ () C:\Windows\AsCDProc.log 2014-03-20 19:54 - 2014-03-20 19:47 - 00002568 _____ () C:\RHDSetup.log 2014-03-20 19:54 - 2014-03-18 09:42 - 00000207 _____ () C:\setup.log 2014-03-20 19:39 - 2011-12-26 12:17 - 00000000 ___RD () C:\Musik 2014-03-20 19:19 - 2014-03-20 19:19 - 00003206 _____ () C:\Windows\System32\Tasks\{9EFF9AB6-8916-4DBB-9DFA-7BB7DD73E611} 2014-03-20 19:16 - 2011-08-03 00:18 - 00000105 _____ () C:\Windows\system32\FastBoot.ini 2014-03-20 18:24 - 2011-08-02 23:54 - 00000000 ____D () C:\Program Files (x86)\Realtek 2014-03-20 08:56 - 2011-12-25 16:08 - 00000000 ___HD () C:\ASUS.DAT 2014-03-20 08:56 - 2011-08-03 00:04 - 00000000 ____D () C:\ProgramData\Atheros 2014-03-20 08:14 - 2014-03-20 08:14 - 00000000 ____D () C:\668f41361c020bd72dbd7654c5c8b3 2014-03-20 08:09 - 2014-03-20 08:07 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation 2014-03-20 08:03 - 2014-03-20 08:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Atheros 2014-03-20 08:03 - 2014-03-20 08:03 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros 2014-03-20 08:03 - 2014-03-20 08:01 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite 2014-03-20 08:03 - 2011-09-30 17:22 - 00246804 _____ () C:\Windows\system32\Drivers\AtherosBt.bin 2014-03-20 08:03 - 2011-09-30 17:22 - 00001242 _____ () C:\Windows\system32\Drivers\ramps_0x01020200_40_0x01.dfu 2014-03-20 08:03 - 2011-09-30 17:22 - 00001204 _____ () C:\Windows\system32\Drivers\ramps_0x01020200_40_0x02.dfu 2014-03-20 08:03 - 2011-09-30 17:22 - 00001204 _____ () C:\Windows\system32\Drivers\ramps_0x01020200_40.dfu 2014-03-20 08:03 - 2011-09-30 17:22 - 00001198 _____ () C:\Windows\system32\Drivers\ramps_0x01020200_26.dfu 2014-03-20 07:51 - 2011-08-03 00:02 - 00000000 ____D () C:\Windows\SysWOW64\sda 2014-03-19 21:41 - 2014-03-19 21:41 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-19 21:35 - 2014-03-19 21:35 - 00000000 ____D () C:\wd 2014-03-19 21:32 - 2009-07-29 08:03 - 00000000 ____D () C:\Windows\Panther 2014-03-19 15:17 - 2012-12-11 14:50 - 00000499 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-03-18 23:31 - 2014-03-18 23:31 - 00001116 _____ () C:\Users\Public\Desktop\SmartLogon-Manager.lnk 2014-03-18 10:18 - 2014-03-18 10:18 - 00003414 _____ () C:\Windows\System32\Tasks\{B94EDEFC-0980-47F8-BB9E-209A85CE6FE1} 2014-03-18 10:17 - 2014-03-18 10:17 - 00003416 _____ () C:\Windows\System32\Tasks\{34C9CBA3-C888-4920-8B67-B2ADC1C0EEC8} 2014-03-18 10:17 - 2014-03-18 10:17 - 00003414 _____ () C:\Windows\System32\Tasks\{5572B819-32CF-487F-9AD6-EA2B2D241B73} 2014-03-18 10:16 - 2014-03-18 10:16 - 00003416 _____ () C:\Windows\System32\Tasks\{15B0A22F-3C7F-4B66-A5AB-B24D49E41DEF} 2014-03-18 10:14 - 2014-03-18 10:14 - 00000716 _____ () C:\Users\Public\Desktop\eManual.Lnk 2014-03-18 10:13 - 2012-05-13 16:39 - 00000000 ____D () C:\ProgramData\ASUS 2014-03-18 10:13 - 2011-08-03 00:18 - 00002988 _____ () C:\Windows\System32\Tasks\ASUS SmartLogon Console Sensor 2014-03-18 10:09 - 2014-03-18 10:09 - 00003410 _____ () C:\Windows\System32\Tasks\{F3F1AFAE-7D89-4B20-827C-EB152F3F190A} 2014-03-18 10:09 - 2014-03-18 10:09 - 00003410 _____ () C:\Windows\System32\Tasks\{EBEA6DCF-5F87-47D7-9B95-4685CEC69B89} 2014-03-18 10:09 - 2014-03-18 10:09 - 00003410 _____ () C:\Windows\System32\Tasks\{D1890307-2C65-4D4D-8E85-C012B5930B50} 2014-03-18 10:09 - 2014-03-18 10:09 - 00003410 _____ () C:\Windows\System32\Tasks\{8DFA3A56-C92E-4D3F-80E0-0C7EFBE7521B} 2014-03-18 10:09 - 2014-03-18 10:09 - 00003410 _____ () C:\Windows\System32\Tasks\{697DA3BA-E11B-4C05-AFFB-78191D5B01BE} 2014-03-18 10:08 - 2014-03-18 10:08 - 00003068 _____ () C:\Windows\System32\Tasks\ACMON 2014-03-18 10:08 - 2014-03-18 10:08 - 00001070 _____ () C:\Users\Public\Desktop\Splendid Utility.Lnk 2014-03-18 10:02 - 2014-03-18 09:57 - 00000000 ____D () C:\Program Files\P4G 2014-03-18 09:57 - 2014-03-18 09:57 - 00003046 _____ () C:\Windows\System32\Tasks\ASUS P4G 2014-03-18 09:56 - 2014-03-18 09:56 - 00002978 _____ () C:\Windows\System32\Tasks\ATKOSD2 2014-03-17 22:19 - 2014-03-17 22:19 - 00000000 ____D () C:\Program Files\Realtek 2014-03-17 19:58 - 2014-03-17 19:58 - 00003208 _____ () C:\Windows\System32\Tasks\{202BE540-56F3-4B3E-88C1-9A211C1EF10A} 2014-03-16 21:29 - 2014-03-16 21:29 - 00000871 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk 2014-03-16 21:20 - 2012-03-11 03:57 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-03-15 19:31 - 2014-03-15 19:31 - 00000000 ____D () C:\ProgramData\ATI 2014-03-15 19:30 - 2011-08-03 00:09 - 00000000 ____D () C:\ProgramData\AMD 2014-03-15 19:29 - 2014-03-15 19:29 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2014-03-15 19:24 - 2014-03-15 19:24 - 00000000 ____D () C:\Program Files\AMD 2014-03-15 19:06 - 2014-03-15 19:06 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\library_dir 2014-03-15 19:04 - 2011-08-03 00:09 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies 2014-03-14 21:48 - 2014-03-14 21:46 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero 2014-03-14 21:46 - 2014-03-14 21:46 - 00000020 ___SH () C:\Users\NeroMediaHomeUser.4\ntuser.ini 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\Vorlagen 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\Startmenü 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\Netzwerkumgebung 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\Lokale Einstellungen 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\Eigene Dateien 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\Druckumgebung 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\Documents\Eigene Musik 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\Documents\Eigene Bilder 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\AppData\Local\Verlauf 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\AppData\Local\Anwendungsdaten 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 _SHDL () C:\Users\NeroMediaHomeUser.4\Anwendungsdaten 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Nero 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Nero 2014-03-14 21:46 - 2014-03-14 21:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Nero 2014-03-14 21:46 - 2014-03-14 21:42 - 00000000 ____D () C:\ProgramData\Nero 2014-03-14 21:44 - 2014-03-14 21:42 - 00000000 ____D () C:\Program Files (x86)\Nero 2014-03-14 21:43 - 2014-03-14 21:43 - 00002361 _____ () C:\Users\Public\Desktop\Nero MediaHome 4.lnk 2014-03-14 16:00 - 2014-03-10 08:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Zeon 2014-03-14 08:34 - 2014-03-14 08:34 - 00000000 ____D () C:\Program Files (x86)\n-tv 2014-03-13 23:28 - 2014-03-13 23:28 - 00000000 ____D () C:\Program Files (x86)\maxdome - Online Videothek 2014-03-13 18:13 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-03-13 18:07 - 2012-09-03 15:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-13 18:07 - 2012-09-03 15:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight Some content of TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-30 19:48 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Geändert von Tatti Jana (12.04.2014 um 15:26 Uhr) |
12.04.2014, 18:34 | #14 |
| Echtheit der Windowskopie wurde noch nicht bestätig. Bei jedem Neustart: AVIRA Desktop ist nicht aktiviert? Hier die Addition:txtFRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Administrator at 2014-04-12 16:00:48 Running from C:\Users\Administrator\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== ==================== Installed Programs ====================== 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{C7A772A4-73CF-EB06-172F-75C5F6C80AAC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.44 - ASUS) Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.04.000.98 - Atheros) ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) ETDWare PS/2-X64 8.0.5.1_WHQL (HKLM\...\Elantech) (Version: 8.0.5.1 - ELAN Microelectronic Corp.) Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.) Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) maxdome - Online Videothek (HKLM\...\maxdome - Online Videothek) (Version: 1.0 - maxdome GmbH und Co. KG) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.) Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.5.1 - Tweaking.com) Viber (HKCU\...\Viber) (Version: 3.0.0.134193 - Viber Media Inc) Windows Live Family Safety (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 04-04-2014 11:05:04 معرض الصور wird entfernt 04-04-2014 11:06:49 已移除 影像中心 04-04-2014 11:07:38 بريد Windows Live wird entfernt 04-04-2014 11:08:18 גלריית התמונות wird entfernt 04-04-2014 11:09:03 Фотографии (общедоступная версия) wird entfernt 04-04-2014 11:09:46 Фотоальбом wird entfernt 04-04-2014 11:10:26 Почта Windows Live wird entfernt 04-04-2014 11:11:13 Συλλογή φωτογραφιών wird entfernt 04-04-2014 11:11:57 Основные компоненты Windows Live wird entfernt 04-04-2014 11:12:53 已移除 Windows Live 程式集 09-04-2014 18:34:47 Windows Update 12-04-2014 12:42:48 Tweaking.com - Windows Repair 12-04-2014 13:49:20 Tweaking.com - Windows Repair ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0471B54D-94A0-4C39-B355-2BCE7B19FCC6} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS) Task: {0B85A7B8-0152-45AF-BA00-803D3B7367A3} - System32\Tasks\{7DACCE18-BC1C-4BC5-BA6A-E8CEB519ABD9} => C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [2012-10-26] () Task: {0FEC8E09-2BB6-4D37-803C-A64A2C9C4126} - System32\Tasks\{14E86D86-3C22-4850-95CB-C75378F851B0} => C:\Program Files (x86)\ASUS\ASUS Live Update\aprp.exe [2011-11-28] () Task: {1806B72A-9638-4A62-B756-125FA21D0ED4} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation) Task: {1F251B49-6620-44F3-A43C-F0BC2A22E4FA} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {2098D651-AF93-45F2-88BF-83248F252DE8} - System32\Tasks\{245EC165-4D21-44C2-86FE-171E2438898C} => C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [2012-10-26] () Task: {2777BB76-E789-404A-9CA1-B5C96F4B5C13} - System32\Tasks\{4ADF6465-817A-4851-96E5-245823583980} => C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [2012-10-26] () Task: {3CD7BA13-F992-4329-961C-9FE64CC49C36} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS) Task: {3DEB321A-7748-4E06-AD5E-F4A6E0BD693B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-10] (Adobe Systems Incorporated) Task: {404E0CB3-43E8-46C1-A821-B81700978B36} - System32\Tasks\{DDAA7BA3-E8B5-4B90-B799-4D7A0EB68C41} => C:\Program Files (x86)\ASUS\ASUS Live Update\aprp.exe [2011-11-28] () Task: {489706D1-226B-4B9E-9E23-15C6A7990B2F} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS) Task: {4E2D44C2-F00A-4D1E-BC21-B7D7238F6BD5} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-03-07] (ASUS) Task: {52103350-C0E8-4E4E-8B99-1368EF093749} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated) Task: {58E24936-1645-47CF-80A8-DDE73484FB0D} - System32\Tasks\{F44DB39D-C830-48B6-AC26-B177EB69D7C4} => F:\AutoRun.exe Task: {60F8B4F6-3FD9-4F6B-B95A-1DFF20E876C7} - System32\Tasks\{C8EE9A8D-0E94-43B0-BCB3-0CD483016810} => F:\AutoRun.exe Task: {6452F508-1A45-4C79-8BB3-A9576CA69271} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.) Task: {7B371B45-CCDD-4442-A0A8-E470927905F5} - System32\Tasks\RealCreateProcessScheduledTask7784293S-1-5-21-4265152870-3533527588-3141693544-500 => C:\Program Files (x86)\Real\RealPlayer\realplay.exe [2014-04-03] (RealNetworks, Inc.) Task: {87B4A40B-6141-4EEF-B7BD-CA9098D6D08F} - System32\Tasks\{C0685611-DF3D-43E7-AE96-B88024A2D5A6} => C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe [2009-03-27] (ASUS) Task: {89EAC61A-AA24-4B16-94A7-FF518468D34A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4265152870-3533527588-3141693544-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-14] (RealNetworks, Inc.) Task: {8B2D4871-24FC-4A76-AE0E-F8595C416DF8} - System32\Tasks\{4D431C49-8BF0-4F5F-8AAF-58FCF88C1313} => C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [2012-10-26] () Task: {9385E1E2-A22A-4AE5-B71B-B56CA99CC237} - System32\Tasks\{7A14D892-D74A-41BD-9D5B-D9B5F19FEC18} => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] () Task: {9A68DA39-8E46-4001-A423-872C0979294B} - \BrowserDefendert No Task File Task: {9F5726A3-A963-45FC-955F-8A4DE69DAB88} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd) Task: {A42D4A0A-D996-4A5B-8A2E-E1A94E08CA86} - System32\Tasks\{058CD899-5C78-4A9D-BCE0-94AD559F2F54} => C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [2012-10-26] () Task: {A7CB617F-BF3E-4FCA-87AB-067A30A86EA7} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4265152870-3533527588-3141693544-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-14] (RealNetworks, Inc.) Task: {BA20D726-CBB3-4709-90B2-2E22FE69146B} - System32\Tasks\{43508B6B-05AD-4CB1-8DF1-4B35665E99D9} => C:\Program Files (x86)\Desktop Dungeons Classic\DesktopDungeons.exe Task: {BA728DE8-E9B0-4F8E-BF9A-8FA08EB8EFEF} - System32\Tasks\{917243E1-2864-4A94-9CB6-8004C6C76437} => C:\Program Files\AVAST Software\Avast\AvastUI.exe Task: {BB460B10-3B8C-41E4-8C5A-0CD77D88A8EC} - System32\Tasks\{876B2841-74BB-47DF-B558-06F03CF9E3A1} => C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [2012-10-26] () Task: {BCE7FF14-8DF6-4988-ABAE-E5C4639182E3} - System32\Tasks\{48A5B75F-42BE-4122-AC32-5439DADAE023} => C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe [2009-03-27] (ASUS) Task: {CCF67C53-39FA-4FAE-92DE-85EB5BF88683} - System32\Tasks\{B686EC1A-0ECB-4180-BAAA-3F8E5B8483A9} => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] () Task: {CFCAF578-B3FC-4A75-8064-F4F2AE785B2E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4265152870-3533527588-3141693544-1001UA => C:\Users\Tanja\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {D1F18D42-4CC7-49A2-B720-A8872C435D18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.) Task: {D3B92C1B-3B30-44D6-9FC8-292A95893BCF} - System32\Tasks\{972F691D-4A91-4135-B44C-A8C508E40609} => C:\Program Files (x86)\Warlocks Gauntlet\WarlocksGauntlet.exe Task: {D7F4AA97-3D99-4FFE-8474-ED1D6578CB74} - System32\Tasks\{876BFF9E-6861-4151-8CA7-D29B6EE47121} => C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [2012-10-26] () Task: {D9AE6E00-E2C5-472F-A30F-0FBFA51FCF01} - System32\Tasks\{2A716EDB-F845-41C3-AA04-F7993CAC9D22} => C:\Program Files (x86)\GameTop.com\Aztec Bricks\Aztec Bricks.exe Task: {DD401624-381E-44B7-ABC7-5E6683E2F575} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: {E28486F6-182C-42D0-A0D4-243A1ACD38DF} - System32\Tasks\{E30C9768-3D34-4A2F-BAE3-044A0AB47F9C} => C:\Program Files (x86)\Real\RealPlayer\realplay.exe [2014-04-03] (RealNetworks, Inc.) Task: {F6036E4E-31E9-4FB3-9C67-5F480DC623EA} - System32\Tasks\{AB8461B5-9326-44EF-A84E-951F5A90DFB7} => C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [2012-10-26] () Task: {F72F8FF5-E0CE-471B-9A8C-EA15ABD86A67} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4265152870-3533527588-3141693544-1001Core => C:\Users\Tanja\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4265152870-3533527588-3141693544-1001Core.job => C:\Users\Tanja\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4265152870-3533527588-3141693544-1001UA.job => C:\Users\Tanja\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-12-06 17:06 - 2013-12-06 17:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-02-12 14:42 - 2014-02-12 14:42 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2014-02-14 12:06 - 2014-02-14 12:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe 2010-07-14 17:11 - 2010-07-14 17:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll 2010-04-02 20:21 - 2008-10-01 00:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll 2014-03-30 14:13 - 2014-03-05 22:05 - 00936456 _____ () C:\Users\Administrator\AppData\Local\Viber\Viber.exe 2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2014-03-09 14:23 - 2014-02-25 12:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2014-04-03 17:54 - 2014-04-03 17:54 - 00867928 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll 2014-03-30 14:13 - 2014-03-05 22:04 - 14435328 _____ () C:\Users\Administrator\AppData\Local\Viber\4.1.0.1703\libViber.dll 2014-03-30 14:13 - 2013-08-30 15:08 - 00729088 _____ () C:\Users\Administrator\AppData\Local\Viber\4.1.0.1703\libGLESv2.dll 2014-03-30 14:13 - 2014-03-05 21:44 - 00092160 _____ () C:\Users\Administrator\AppData\Local\Viber\4.1.0.1703\qfacebook.dll 2014-03-30 14:13 - 2013-08-30 15:08 - 00048128 _____ () C:\Users\Administrator\AppData\Local\Viber\4.1.0.1703\libEGL.dll 2014-03-30 14:13 - 2014-01-13 13:46 - 00833024 _____ () C:\Users\Administrator\AppData\Local\Viber\4.1.0.1703\platforms\qwindows.dll 2014-03-30 14:13 - 2013-08-30 15:12 - 00022016 _____ () C:\Users\Administrator\AppData\Local\Viber\4.1.0.1703\imageformats\qgif.dll 2014-03-30 14:13 - 2013-08-30 15:12 - 00021504 _____ () C:\Users\Administrator\AppData\Local\Viber\4.1.0.1703\imageformats\qico.dll 2014-03-30 14:13 - 2013-08-30 15:12 - 00205312 _____ () C:\Users\Administrator\AppData\Local\Viber\4.1.0.1703\imageformats\qjpeg.dll 2014-03-30 14:13 - 2013-08-30 15:17 - 00218624 _____ () C:\Users\Administrator\AppData\Local\Viber\4.1.0.1703\imageformats\qmng.dll 2014-03-30 14:13 - 2013-08-30 15:13 - 00016384 _____ () C:\Users\Administrator\AppData\Local\Viber\4.1.0.1703\imageformats\qsvg.dll 2014-03-30 14:13 - 2013-08-30 15:17 - 00015872 _____ () C:\Users\Administrator\AppData\Local\Viber\4.1.0.1703\imageformats\qtga.dll 2014-03-30 14:13 - 2013-08-30 15:17 - 00275456 _____ () C:\Users\Administrator\AppData\Local\Viber\4.1.0.1703\imageformats\qtiff.dll 2014-03-30 14:13 - 2013-08-30 15:17 - 00015360 _____ () C:\Users\Administrator\AppData\Local\Viber\4.1.0.1703\imageformats\qwbmp.dll 2014-03-30 14:13 - 2013-08-30 15:12 - 00620032 _____ () C:\Users\Administrator\AppData\Local\Viber\4.1.0.1703\sqldrivers\qsqlite.dll 2014-03-30 14:13 - 2013-08-30 15:13 - 00027136 _____ () C:\Users\Administrator\AppData\Local\Viber\4.1.0.1703\iconengines\qsvgicon.dll 2014-04-03 19:11 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: bthserv => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe" MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe MSCONFIG\startupreg: ClamWin => "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: Facebook Update => "C:\Users\Tanja\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" MSCONFIG\startupreg: ISUSPM => "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler MSCONFIG\startupreg: KiesPDLR.exe => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: Mobile Partner => C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe MSCONFIG\startupreg: Nero MediaHome 4 => "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SF3 MSCONFIG\startupreg: StartMenuX => C:\Program Files\Start Menu X\StartMenuX.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot MSCONFIG\startupreg: Viber => "C:\Users\Administrator\AppData\Local\Viber\Viber.exe" StartMinimized MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/12/2014 03:52:57 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/12/2014 03:30:05 PM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (04/12/2014 03:30:05 PM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (04/12/2014 03:28:36 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (04/12/2014 03:28:36 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (04/12/2014 03:17:33 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (04/12/2014 03:17:33 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (04/12/2014 03:07:08 PM) (Source: WinMgmt) (User: ) Description: 0x8004401eC:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICESOFTWAREPROTECTIONPLATFORM\OSPPWMI.MOF Error: (04/12/2014 03:07:07 PM) (Source: WinMgmt) (User: ) Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\AR-SA\MSFEEDS.MFL Error: (04/12/2014 03:07:07 PM) (Source: WinMgmt) (User: ) Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\RU-RU\MSFEEDSBS.MFL System errors: ============= Error: (04/12/2014 03:32:45 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (04/12/2014 03:31:03 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst IPsec-Richtlinien-Agent erreicht. Error: (04/12/2014 03:27:59 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (04/12/2014 03:27:59 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht. Error: (04/12/2014 03:27:02 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert. Error: (04/12/2014 00:34:46 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "DelayedAutostart" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (04/12/2014 00:34:40 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (04/12/2014 00:32:13 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert. Error: (04/12/2014 07:50:55 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/12/2014 07:50:50 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Microsoft Office Sessions: ========================= Error: (04/12/2014 03:52:57 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Administrator\Downloads\esetsmartinstaller_enu.exe Error: (04/12/2014 03:30:05 PM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (04/12/2014 03:30:05 PM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (04/12/2014 03:28:36 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe Error: (04/12/2014 03:28:36 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe Error: (04/12/2014 03:17:33 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe Error: (04/12/2014 03:17:33 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe Error: (04/12/2014 03:07:08 PM) (Source: WinMgmt)(User: ) Description: 0x8004401eC:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICESOFTWAREPROTECTIONPLATFORM\OSPPWMI.MOF Error: (04/12/2014 03:07:07 PM) (Source: WinMgmt)(User: ) Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\AR-SA\MSFEEDS.MFL Error: (04/12/2014 03:07:07 PM) (Source: WinMgmt)(User: ) Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\RU-RU\MSFEEDSBS.MFL CodeIntegrity Errors: =================================== Date: 2012-12-15 19:55:32.719 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-12-15 19:55:32.548 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-12-15 19:10:39.748 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-12-15 19:10:39.560 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-01-02 16:05:21.569 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ElbyCDIO.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-01-02 16:05:21.335 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ElbyCDIO.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-01-02 16:05:10.836 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ElbyCDFL.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-01-02 16:05:10.712 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ElbyCDFL.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-01-02 16:05:04.659 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ElbyCDFL.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-01-02 16:05:04.518 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ElbyCDFL.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 50% Total physical RAM: 3691.71 MB Available physical RAM: 1821.01 MB Total Pagefile: 7381.61 MB Available Pagefile: 5218.39 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:273.09 GB) (Free:233.66 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 0CD9B3F5) Partition: GPT Partition Type. ==================== End Of Log ============================ Hallo Jürgen, ich hatte zwar versucht AVIRA zu deaktiviert, aber als der PC einen Neustart machte, keine Ahnung, war es wohl wieder aktiviert. Auf jeden Fall hat AVIRA mir beim reparieren, den Zugriff auf "Windows host Dateien" oder so blockiert. Ich bin dann zwar schnell in AVIRA rein um dies abzustellen, weiss nun aber nicht, ob da etwas repariert werden konnte oder nicht und ob es überhaupt nötig war? Liebe Grüße Tatti Jana ...und nochmals vielen lieben Dank, so zwischen durch Werde nun mal einen Neustart durch führen! P.S. Nein, dass Problem besteht nicht mehr. Aber jetzt habe ich im Sicherheitscenter eine wichtige Meldung "Online ein Antivirenprogramm suchen" ""WICHTIG"" -> und wenn ich den Wartungscenter öffne, erscheint die Meldung "es wäre kein Antivirenprogramm auf meinem PC installiert. Wenn ich danach google, haben das Problem auch andere und es gibt ne Anleitung wie man AVIRA wieder in die Registry oder so aufnehmen kann. Wenn man dieser Anleitung allerdings folgt, hat man danach wieder das altbekannte Problem, bei jedem Neustart "AVIRA Desktop aktivieren"! Och man (Am besten wieder auf Werkseinstellungen und Formatieren - mein Laptop nervt mich mit so vielem. Der ist so langsam geworden. Obwohl ich nun echt aufgeräumt und leer gemacht habe?! Mein PC/Rechner ist eigentlich viel schlechter und billiger in allem, außer das er 8 RAM, statt wie mein Laptop 4 RAM hat. Aber mein PC ist um so vieles schneller und besser -> ich verstehe das nicht?) Geändert von Tatti Jana (12.04.2014 um 15:29 Uhr) |
12.04.2014, 18:54 | #15 |
/// TB-Ausbilder /// Anleitungs-Guru | Echtheit der Windowskopie wurde noch nicht bestätig. Bei jedem Neustart: AVIRA Desktop ist nicht aktiviert? Erstmal ein Lob an Dich für Deine prima Mitarbeit! Also fassen wir zusammen: Die Meldung mit der Windowskopie kommt nicht mehr? Dafür kommt die Meldung, dass Du kein Antivirusprogramm hast?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
Themen zu Echtheit der Windowskopie wurde noch nicht bestätig. Bei jedem Neustart: AVIRA Desktop ist nicht aktiviert? |
ad-aware, akamai, antivir, antivirus, avira, avira etc., bho, browser, computer, desktop, entfernen, error, firefox, flash player, focus, google, home, log-analyse und auswertung, logfile, pc speed maximizer, problem, realtek, registry, security, sehr geholfen, sekunden, spyware, suchmaschine, viren, viren befall ???, windows, windows 7 64 bit |