Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7 - Home 64bit - Computer total verseucht (https://www.trojaner-board.de/156797-windows-7-home-64bit-computer-total-verseucht.html)

Escor 23.07.2014 16:02
Windows 7 - Home 64bit - Computer total verseucht
 
Hallo,
ein bekannter sagte das seine Grafikkarte kaputt sei und ob ich mir das mal angucken kann.
Bei erster Durchsicht vielen mir ca. 20 Toolbars und undefinierbare Programme auf.

vielleicht schaut ihr mal in die frst64.exe Auswertung.



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2014 01
Ran by SYSTEM on MININT-076TOT2 on 23-07-2014 16:41:58
Running from J:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.




==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2010-10-22] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [NSLauncher] => C:\Program Files (x86)\Nokia\Nokia Software Launcher\NSLauncher.exe [3096576 2007-11-06] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-20] (Apple Inc.)
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Spyware Terminator <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Spyware Terminator <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\Default\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\Default\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\Default User\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\Reinhard\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247728 2012-01-22] (TomTom)
HKU\Reinhard\...\Run: [PcSync] => C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe [1449984 2006-06-27] (Time Information Services Ltd.)
HKU\Reinhard\...\Run: [Beamrise] => C:\Users\Reinhard\AppData\Local\Beamrise\Application\beamrise.exe [1526080 2013-12-03] (The Beamrise Authors)
HKU\Reinhard\...\Run: [] => [X]
HKU\Reinhard\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\Reinhard\...\Run: [AbvaSquz] => regsvr32.exe "C:\ProgramData\AbvaSquz.dat"
HKU\Reinhard\...\Run: [UmahMiri] => regsvr32.exe "C:\ProgramData\UmahMiri.dat"
HKU\Reinhard\...\Run: [OrexFuyu] => regsvr32.exe "C:\ProgramData\OrexFuyu.dat"
HKU\Reinhard\...\Run: [AbziRequ] => regsvr32.exe "C:\ProgramData\AbziRequ\AbziRequ.dat"
HKU\Reinhard\...\Run: [OjimIxos] => regsvr32.exe "C:\ProgramData\OjimIxos\OjimIxos.dat"
HKU\Reinhard\...\Run: [UcipCojy] => regsvr32.exe "C:\ProgramData\UcipCojy\UcipCojy.dat"
HKU\Reinhard\...\Run: [EtfaqDexle] => regsvr32.exe "C:\ProgramData\EtfaqDexle\EtfaqDexle.dat"
HKU\Reinhard\...\Run: [UjzirAhobf] => regsvr32.exe "C:\ProgramData\UjzirAhobf\UjzirAhobf.dat"
HKU\Reinhard\...\Run: [AxugAyaff] => regsvr32.exe "C:\ProgramData\AxugAyaff\AxugAyaff.dat"
HKU\Reinhard\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\Reinhard\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aranna.exe ()
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aranna.exe ()
Startup: C:\Users\Reinhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\ProgramData\08B831C8C5C95390B72EFDBE2D83C48A\9fl8eek.cpp ()
ShellIconOverlayIdentifiers-x32: EnhancedStorageShell -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} =>  No File
ShellIconOverlayIdentifiers-x32: SharingPrivate -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} =>  No File

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-02] (Crawler.com)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-19] (TuneUp Software)
S2 Winmgmt; C:\ProgramData\08B831C8C5C95390B72EFDBE2D83C48A\kee8lf9.dot [333556 2014-05-24] (Microsoft Corporation)
S2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-07-30] (Taiwan Shui Mu Chih Ching Technology Limited.)
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-07-21] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [128728 2014-07-21] (Malwarebytes Corporation)
S2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-12-27] (Windows (R) Win 7 DDK provider)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
S3 iaStor; \SystemRoot\system32\DRIVERS\iaStor.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-23 16:40 - 2014-07-23 16:41 - 00000000 ____D () C:\FRST
2014-07-23 06:31 - 2014-07-23 06:32 - 00000822 _____ () C:\ProgramData\RUNDLL32.EXE-2768-F.txt
2014-07-23 06:31 - 2014-07-23 06:31 - 00000000 ____D () C:\Windows\LastGood
2014-07-23 06:17 - 2014-07-23 06:20 - 00001081 _____ () C:\ProgramData\RUNDLL32.EXE-2300-F.txt
2014-07-22 09:48 - 2014-07-22 10:03 - 00007167 _____ () C:\ProgramData\RUNDLL32.EXE-3008-F.txt
2014-07-22 08:08 - 2014-07-22 08:27 - 00009283 _____ () C:\ProgramData\RUNDLL32.EXE-2680-F.txt
2014-07-22 07:39 - 2014-07-22 07:40 - 00000829 _____ () C:\ProgramData\RUNDLL32.EXE-3044-F.txt
2014-07-22 07:30 - 2014-07-22 07:33 - 00001849 _____ () C:\ProgramData\RUNDLL32.EXE-2748-F.txt
2014-07-22 07:23 - 2010-08-29 22:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-22 07:22 - 2014-07-22 07:33 - 00000000 ____D () C:\AdwCleaner
2014-07-22 07:22 - 2014-07-22 07:22 - 01354223 _____ () C:\Users\Reinhard\Downloads\adwcleaner_3.216.exe
2014-07-22 07:22 - 2014-07-22 07:22 - 01354223 _____ () C:\Users\Reinhard\Downloads\adwcleaner_3.216 (1).exe
2014-07-22 07:19 - 2014-07-22 07:23 - 00001912 _____ () C:\ProgramData\RUNDLL32.EXE-212-F.txt
2014-07-22 06:09 - 2014-07-22 07:05 - 00027063 _____ () C:\ProgramData\RUNDLL32.EXE-3004-F.txt
2014-07-21 07:57 - 2014-07-21 07:57 - 02028976 _____ () C:\Users\Reinhard\Downloads\winrar-x64-510d.exe
2014-07-21 07:57 - 2014-07-21 07:57 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-21 07:52 - 2014-07-21 07:52 - 00000000 ____D () C:\ProgramData\PDF Architect
2014-07-21 07:32 - 2014-07-21 07:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-21 07:32 - 2014-07-21 07:32 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Reinhard\Downloads\mbar-1.07.0.1012.exe
2014-07-21 07:32 - 2014-07-21 07:32 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-07-21 07:32 - 2014-07-21 07:32 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-07-21 07:32 - 2014-07-21 07:32 - 00000000 ____D () C:\Users\Reinhard\Desktop\mbar
2014-07-21 07:28 - 2014-07-21 07:59 - 00015076 _____ () C:\ProgramData\RUNDLL32.EXE-3732-F.txt
2014-07-21 07:21 - 2014-07-21 07:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Reinhard\Downloads\HiJackThis204.exe
2014-07-21 07:17 - 2014-07-21 07:20 - 333878864 _____ (NVIDIA Corporation) C:\Users\Reinhard\Downloads\337.88-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-07-21 07:13 - 2014-07-21 08:05 - 00009735 _____ () C:\ProgramData\RUNDLL32.EXE-2744-F.txt
2014-07-21 06:27 - 2014-07-21 06:51 - 00011476 _____ () C:\ProgramData\RUNDLL32.EXE-1184-F.txt
2014-07-20 09:08 - 2014-07-20 10:12 - 00031122 _____ () C:\ProgramData\RUNDLL32.EXE-2720-F.txt
2014-07-20 08:20 - 2014-07-20 08:20 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Reinhard\Downloads\gggggggggggggggggggggggggggggggggggg.exe
2014-07-20 08:19 - 2014-07-20 08:19 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Reinhard\Downloads\setup.exe
2014-07-20 08:18 - 2014-07-20 08:22 - 00001007 _____ () C:\Users\Public\Desktop\DriverTuner.lnk
2014-07-20 08:18 - 2014-07-20 08:22 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-07-20 08:13 - 2014-07-20 08:23 - 00004942 _____ () C:\ProgramData\RUNDLL32.EXE-2228-F.txt
2014-07-20 07:09 - 2014-07-20 07:09 - 00502750 _____ () C:\Users\Reinhard\Downloads\eBay-Kaufabwicklung – Kauf abgeschlossen_dll.mht
2014-07-20 00:53 - 2014-07-20 00:58 - 00002693 _____ () C:\ProgramData\RUNDLL32.EXE-1056-F.txt
2014-07-19 12:53 - 2013-04-30 20:58 - 06491936 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2014-07-19 12:53 - 2013-04-30 20:58 - 03514656 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2014-07-19 12:53 - 2013-04-30 20:58 - 02555680 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2014-07-19 12:53 - 2013-04-30 20:58 - 00884512 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2014-07-19 12:53 - 2013-04-30 20:58 - 00237856 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2014-07-19 12:53 - 2013-04-30 20:58 - 00063776 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2014-07-19 12:53 - 2013-04-30 07:15 - 03165506 _____ () C:\Windows\System32\nvcoproc.bin
2014-07-19 12:52 - 2014-07-19 12:52 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-07-19 12:52 - 2014-07-19 12:52 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-19 12:52 - 2013-04-30 21:36 - 00061216 _____ (Khronos Group) C:\Windows\System32\OpenCL.dll
2014-07-19 12:52 - 2013-04-30 21:36 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-07-19 12:51 - 2013-04-30 21:36 - 21093664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-07-19 12:51 - 2013-04-30 21:36 - 13394392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-07-19 12:51 - 2013-04-30 21:36 - 02942240 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2014-07-19 12:51 - 2013-04-30 21:36 - 00925648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-07-19 12:51 - 2013-04-30 21:36 - 00443168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-07-19 12:51 - 2013-04-30 21:36 - 00421152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-07-19 12:51 - 2013-04-30 21:36 - 00370976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-07-19 12:51 - 2013-04-30 21:36 - 00218592 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2014-07-19 12:51 - 2013-04-30 21:36 - 00181488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-07-19 12:50 - 2014-07-21 07:27 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-19 12:50 - 2013-04-30 21:36 - 27772192 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 25256224 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 15900912 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 15140808 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 12423120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 11211552 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2014-07-19 12:50 - 2013-04-30 21:36 - 09348000 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 07797808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 07641832 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 02934672 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 02754336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 02596832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 02363680 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 01832224 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6432011.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6432011.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 01059560 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 00550176 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 00518944 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 00431904 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 00266960 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 00214448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 00020536 _____ () C:\Windows\System32\nvinfo.pb
2014-07-19 12:38 - 2014-07-19 13:00 - 00010942 _____ () C:\ProgramData\RUNDLL32.EXE-2660-F.txt
2014-07-19 12:23 - 2014-07-19 12:37 - 00007076 _____ () C:\ProgramData\RUNDLL32.EXE-2616-F.txt
2014-07-19 12:17 - 2014-07-19 12:21 - 00001839 _____ () C:\ProgramData\RUNDLL32.EXE-2612-F.txt
2014-07-19 11:01 - 2014-07-19 11:01 - 00000000 ____D () C:\ProgramData\UjzirAhobf
2014-07-19 11:01 - 2014-07-19 11:01 - 00000000 ____D () C:\ProgramData\EtfaqDexle
2014-07-19 11:01 - 2014-07-19 11:01 - 00000000 ____D () C:\ProgramData\AxugAyaff
2014-07-19 10:21 - 2014-07-19 10:24 - 00000778 _____ () C:\ProgramData\RUNDLL32.EXE-2784-F.txt
2014-07-19 09:54 - 2014-07-19 09:54 - 00000000 ____D () C:\NVIDIA
2014-07-19 09:36 - 2014-07-19 09:36 - 00000000 ____D () C:\ProgramData\UcipCojy
2014-07-19 09:36 - 2014-07-19 09:36 - 00000000 ____D () C:\ProgramData\OjimIxos
2014-07-19 09:36 - 2014-07-19 09:36 - 00000000 ____D () C:\ProgramData\AbziRequ
2014-07-19 09:35 - 2014-07-19 10:05 - 00015164 _____ () C:\ProgramData\RUNDLL32.EXE-2716-F.txt
2014-07-16 08:52 - 2014-07-16 08:52 - 00555672 _____ () C:\Windows\Minidump\071614-29577-01.dmp
2014-07-16 08:51 - 2014-07-16 08:51 - 00555672 _____ () C:\Windows\Minidump\071614-29593-01.dmp
2014-07-16 08:50 - 2014-07-16 08:50 - 00555672 _____ () C:\Windows\Minidump\071614-29094-01.dmp
2014-07-15 06:23 - 2014-07-15 06:33 - 00004971 _____ () C:\ProgramData\RUNDLL32.EXE-816-F.txt
2014-07-14 09:29 - 2014-07-14 09:49 - 00009753 _____ () C:\ProgramData\RUNDLL32.EXE-2824-F.txt
2014-07-14 08:24 - 2014-07-14 08:24 - 00555672 _____ () C:\Windows\Minidump\071414-92945-01.dmp
2014-07-14 08:22 - 2014-07-14 08:22 - 00262144 ____N () C:\Windows\Minidump\071414-28501-01.dmp
2014-07-14 06:41 - 2014-07-14 06:42 - 00555672 _____ () C:\Windows\Minidump\071414-102601-01.dmp
2014-07-13 10:06 - 2014-07-13 10:06 - 00262144 ____H () C:\Windows\DUMPa1a5.DMP
2014-07-13 10:00 - 2014-07-13 10:00 - 00262144 ____H () C:\Windows\DUMPcb0f.DMP
2014-07-13 07:43 - 2014-07-21 07:54 - 00000000 ____D () C:\Users\Reinhard\AppData\Roaming\Nico Mak Computing
2014-07-13 06:14 - 2014-07-13 06:41 - 00013810 _____ () C:\ProgramData\RUNDLL32.EXE-2232-F.txt
2014-07-12 23:27 - 2014-07-12 23:50 - 00012242 _____ () C:\ProgramData\RUNDLL32.EXE-2800-F.txt
2014-07-12 22:33 - 2014-07-12 22:41 - 00004435 _____ () C:\ProgramData\RUNDLL32.EXE-2372-F.txt
2014-07-12 06:39 - 2014-07-12 06:39 - 03678208 _____ () C:\Users\Reinhard\Downloads\Heidi (M).pps
2014-07-12 06:07 - 2014-07-12 12:12 - 00184467 _____ () C:\ProgramData\RUNDLL32.EXE-2188-F.txt
2014-07-11 21:19 - 2014-07-12 02:49 - 00168362 _____ () C:\ProgramData\RUNDLL32.EXE-2656-F.txt
2014-07-11 12:00 - 2014-07-11 12:06 - 00003563 _____ () C:\ProgramData\RUNDLL32.EXE-2996-F.txt
2014-07-11 09:13 - 2014-07-19 11:44 - 00035843 _____ () C:\ProgramData\RUNDLL32.EXE-2532-F.txt
2014-07-11 06:20 - 2014-07-11 06:31 - 00005220 _____ () C:\ProgramData\RUNDLL32.EXE-1536-F.txt
2014-07-10 09:14 - 2014-07-10 09:44 - 00011232 _____ () C:\ProgramData\RUNDLL32.EXE-1040-F.txt
2014-07-10 06:41 - 2014-07-10 06:53 - 00006294 _____ () C:\ProgramData\RUNDLL32.EXE-164-F.txt
2014-07-09 06:26 - 2014-07-09 06:33 - 00003239 _____ () C:\ProgramData\RUNDLL32.EXE-2060-F.txt
2014-07-08 09:21 - 2014-07-08 09:44 - 00010995 _____ () C:\ProgramData\RUNDLL32.EXE-364-F.txt
2014-07-08 06:27 - 2014-07-08 06:48 - 00010425 _____ () C:\ProgramData\RUNDLL32.EXE-2980-F.txt
2014-07-07 09:40 - 2014-07-07 09:44 - 00001981 _____ () C:\ProgramData\RUNDLL32.EXE-1208-F.txt
2014-07-07 06:34 - 2014-07-07 06:49 - 00007532 _____ () C:\ProgramData\RUNDLL32.EXE-956-F.txt
2014-07-06 05:53 - 2014-07-06 08:08 - 00066839 _____ () C:\ProgramData\RUNDLL32.EXE-2032-F.txt
2014-07-06 00:04 - 2014-07-06 02:57 - 00087506 _____ () C:\ProgramData\RUNDLL32.EXE-2340-F.txt
2014-07-05 12:48 - 2014-07-05 12:55 - 00004044 _____ () C:\ProgramData\RUNDLL32.EXE-3012-F.txt
2014-07-05 09:41 - 2014-07-05 10:05 - 00011956 _____ () C:\ProgramData\RUNDLL32.EXE-2120-F.txt
2014-07-04 06:25 - 2014-07-04 06:36 - 00005916 _____ () C:\ProgramData\RUNDLL32.EXE-2220-F.txt
2014-07-03 08:59 - 2014-07-03 09:35 - 00017715 _____ () C:\ProgramData\RUNDLL32.EXE-2452-F.txt
2014-07-03 06:48 - 2014-07-03 07:02 - 00006860 _____ () C:\ProgramData\RUNDLL32.EXE-2180-F.txt
2014-07-02 09:19 - 2014-07-02 12:31 - 00017073 _____ () C:\ProgramData\RUNDLL32.EXE-2932-F.txt
2014-07-02 06:23 - 2014-07-13 09:59 - 00010262 _____ () C:\ProgramData\RUNDLL32.EXE-2836-F.txt
2014-07-01 12:19 - 2014-07-01 12:31 - 00006617 _____ () C:\ProgramData\RUNDLL32.EXE-2944-F.txt
2014-06-30 12:51 - 2014-06-30 12:57 - 00003121 _____ () C:\ProgramData\RUNDLL32.EXE-1180-F.txt
2014-06-30 08:44 - 2014-06-30 09:36 - 00026163 _____ () C:\ProgramData\RUNDLL32.EXE-2956-F.txt
2014-06-29 10:11 - 2014-06-29 10:20 - 00004977 _____ () C:\ProgramData\RUNDLL32.EXE-2600-F.txt
2014-06-29 02:06 - 2014-06-29 02:16 - 00004942 _____ () C:\ProgramData\RUNDLL32.EXE-2244-F.txt
2014-06-28 23:10 - 2014-06-28 23:59 - 00024980 _____ () C:\ProgramData\RUNDLL32.EXE-1352-F.txt
2014-06-28 06:16 - 2014-06-28 08:03 - 00054263 _____ () C:\ProgramData\RUNDLL32.EXE-2904-F.txt
2014-06-27 23:45 - 2014-06-27 23:45 - 00000000 ____D () C:\ProgramData\69C67EF23B9CD73186992916CB237AD7
2014-06-27 23:26 - 2014-07-15 09:35 - 00153001 _____ () C:\ProgramData\RUNDLL32.EXE-3048-F.txt
2014-06-27 21:01 - 2014-06-27 21:04 - 00001395 _____ () C:\ProgramData\RUNDLL32.EXE-1200-F.txt
2014-06-27 09:36 - 2014-06-27 10:04 - 00014038 _____ () C:\ProgramData\RUNDLL32.EXE-3060-F.txt
2014-06-26 10:22 - 2014-06-26 11:25 - 00032176 _____ () C:\ProgramData\RUNDLL32.EXE-2560-F.txt
2014-06-26 06:24 - 2014-06-26 06:36 - 00006492 _____ () C:\ProgramData\RUNDLL32.EXE-2500-F.txt
2014-06-25 09:54 - 2014-06-25 11:11 - 00038357 _____ () C:\ProgramData\RUNDLL32.EXE-1276-F.txt
2014-06-25 06:25 - 2014-06-25 06:36 - 00005634 _____ () C:\ProgramData\RUNDLL32.EXE-1524-F.txt
2014-06-24 08:51 - 2014-07-20 00:38 - 00008125 _____ () C:\ProgramData\RUNDLL32.EXE-1368-F.txt
2014-06-24 05:23 - 2014-06-24 05:44 - 00010651 _____ () C:\ProgramData\RUNDLL32.EXE-688-F.txt
2014-06-23 09:43 - 2014-06-23 10:09 - 00013212 _____ () C:\ProgramData\RUNDLL32.EXE-1308-F.txt
2014-06-23 06:57 - 2014-06-23 07:06 - 00004150 _____ () C:\ProgramData\RUNDLL32.EXE-2868-F.txt

==================== One Month Modified Files and Folders =======

2014-07-23 16:41 - 2014-07-23 16:40 - 00000000 ____D () C:\FRST
2014-07-23 06:32 - 2014-07-23 06:31 - 00000822 _____ () C:\ProgramData\RUNDLL32.EXE-2768-F.txt
2014-07-23 06:32 - 2013-12-17 07:34 - 00043198 _____ () C:\Windows\setupact.log
2014-07-23 06:31 - 2014-07-23 06:31 - 00000000 ____D () C:\Windows\LastGood
2014-07-23 06:30 - 2013-07-30 23:37 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2014-07-23 06:20 - 2014-07-23 06:17 - 00001081 _____ () C:\ProgramData\RUNDLL32.EXE-2300-F.txt
2014-07-22 10:03 - 2014-07-22 09:48 - 00007167 _____ () C:\ProgramData\RUNDLL32.EXE-3008-F.txt
2014-07-22 09:54 - 2009-07-13 20:45 - 00010096 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 09:54 - 2009-07-13 20:45 - 00010096 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 08:27 - 2014-07-22 08:08 - 00009283 _____ () C:\ProgramData\RUNDLL32.EXE-2680-F.txt
2014-07-22 07:40 - 2014-07-22 07:39 - 00000829 _____ () C:\ProgramData\RUNDLL32.EXE-3044-F.txt
2014-07-22 07:33 - 2014-07-22 07:30 - 00001849 _____ () C:\ProgramData\RUNDLL32.EXE-2748-F.txt
2014-07-22 07:33 - 2014-07-22 07:22 - 00000000 ____D () C:\AdwCleaner
2014-07-22 07:30 - 2014-06-02 08:33 - 00000000 ____D () C:\Users\Reinhard\AppData\Local\CrashDumps
2014-07-22 07:23 - 2014-07-22 07:19 - 00001912 _____ () C:\ProgramData\RUNDLL32.EXE-212-F.txt
2014-07-22 07:22 - 2014-07-22 07:22 - 01354223 _____ () C:\Users\Reinhard\Downloads\adwcleaner_3.216.exe
2014-07-22 07:22 - 2014-07-22 07:22 - 01354223 _____ () C:\Users\Reinhard\Downloads\adwcleaner_3.216 (1).exe
2014-07-22 07:05 - 2014-07-22 06:09 - 00027063 _____ () C:\ProgramData\RUNDLL32.EXE-3004-F.txt
2014-07-21 10:44 - 2014-06-14 06:43 - 00114586 _____ () C:\ProgramData\RUNDLL32.EXE-2828-F.txt
2014-07-21 09:59 - 2014-06-01 01:59 - 00071259 _____ () C:\ProgramData\RUNDLL32.EXE-2792-F.txt
2014-07-21 08:05 - 2014-07-21 07:13 - 00009735 _____ () C:\ProgramData\RUNDLL32.EXE-2744-F.txt
2014-07-21 08:00 - 2013-12-18 10:22 - 01537946 _____ () C:\Windows\PFRO.log
2014-07-21 07:59 - 2014-07-21 07:28 - 00015076 _____ () C:\ProgramData\RUNDLL32.EXE-3732-F.txt
2014-07-21 07:57 - 2014-07-21 07:57 - 02028976 _____ () C:\Users\Reinhard\Downloads\winrar-x64-510d.exe
2014-07-21 07:57 - 2014-07-21 07:57 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-21 07:54 - 2014-07-13 07:43 - 00000000 ____D () C:\Users\Reinhard\AppData\Roaming\Nico Mak Computing
2014-07-21 07:52 - 2014-07-21 07:52 - 00000000 ____D () C:\ProgramData\PDF Architect
2014-07-21 07:33 - 2014-07-21 07:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-21 07:32 - 2014-07-21 07:32 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Reinhard\Downloads\mbar-1.07.0.1012.exe
2014-07-21 07:32 - 2014-07-21 07:32 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-07-21 07:32 - 2014-07-21 07:32 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-07-21 07:32 - 2014-07-21 07:32 - 00000000 ____D () C:\Users\Reinhard\Desktop\mbar
2014-07-21 07:27 - 2014-07-19 12:50 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-21 07:24 - 2013-12-18 10:26 - 00191039 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 07:21 - 2014-07-21 07:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Reinhard\Downloads\HiJackThis204.exe
2014-07-21 07:20 - 2014-07-21 07:17 - 333878864 _____ (NVIDIA Corporation) C:\Users\Reinhard\Downloads\337.88-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-07-21 06:51 - 2014-07-21 06:27 - 00011476 _____ () C:\ProgramData\RUNDLL32.EXE-1184-F.txt
2014-07-20 10:12 - 2014-07-20 09:08 - 00031122 _____ () C:\ProgramData\RUNDLL32.EXE-2720-F.txt
2014-07-20 08:23 - 2014-07-20 08:13 - 00004942 _____ () C:\ProgramData\RUNDLL32.EXE-2228-F.txt
2014-07-20 08:22 - 2014-07-20 08:18 - 00001007 _____ () C:\Users\Public\Desktop\DriverTuner.lnk
2014-07-20 08:22 - 2014-07-20 08:18 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-07-20 08:20 - 2014-07-20 08:20 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Reinhard\Downloads\gggggggggggggggggggggggggggggggggggg.exe
2014-07-20 08:19 - 2014-07-20 08:19 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Reinhard\Downloads\setup.exe
2014-07-20 07:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-07-20 07:09 - 2014-07-20 07:09 - 00502750 _____ () C:\Users\Reinhard\Downloads\eBay-Kaufabwicklung – Kauf abgeschlossen_dll.mht
2014-07-20 03:08 - 2014-06-17 06:33 - 00070233 _____ () C:\ProgramData\RUNDLL32.EXE-2756-F.txt
2014-07-20 00:58 - 2014-07-20 00:53 - 00002693 _____ () C:\ProgramData\RUNDLL32.EXE-1056-F.txt
2014-07-20 00:38 - 2014-06-24 08:51 - 00008125 _____ () C:\ProgramData\RUNDLL32.EXE-1368-F.txt
2014-07-19 13:00 - 2014-07-19 12:38 - 00010942 _____ () C:\ProgramData\RUNDLL32.EXE-2660-F.txt
2014-07-19 12:53 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Help
2014-07-19 12:52 - 2014-07-19 12:52 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-07-19 12:52 - 2014-07-19 12:52 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-19 12:37 - 2014-07-19 12:23 - 00007076 _____ () C:\ProgramData\RUNDLL32.EXE-2616-F.txt
2014-07-19 12:33 - 2010-12-03 10:14 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-07-19 12:21 - 2014-07-19 12:17 - 00001839 _____ () C:\ProgramData\RUNDLL32.EXE-2612-F.txt
2014-07-19 12:15 - 2014-06-16 09:39 - 00034806 _____ () C:\ProgramData\RUNDLL32.EXE-2812-F.txt
2014-07-19 11:44 - 2014-07-11 09:13 - 00035843 _____ () C:\ProgramData\RUNDLL32.EXE-2532-F.txt
2014-07-19 11:01 - 2014-07-19 11:01 - 00000000 ____D () C:\ProgramData\UjzirAhobf
2014-07-19 11:01 - 2014-07-19 11:01 - 00000000 ____D () C:\ProgramData\EtfaqDexle
2014-07-19 11:01 - 2014-07-19 11:01 - 00000000 ____D () C:\ProgramData\AxugAyaff
2014-07-19 10:24 - 2014-07-19 10:21 - 00000778 _____ () C:\ProgramData\RUNDLL32.EXE-2784-F.txt
2014-07-19 10:05 - 2014-07-19 09:35 - 00015164 _____ () C:\ProgramData\RUNDLL32.EXE-2716-F.txt
2014-07-19 09:54 - 2014-07-19 09:54 - 00000000 ____D () C:\NVIDIA
2014-07-19 09:36 - 2014-07-19 09:36 - 00000000 ____D () C:\ProgramData\UcipCojy
2014-07-19 09:36 - 2014-07-19 09:36 - 00000000 ____D () C:\ProgramData\OjimIxos
2014-07-19 09:36 - 2014-07-19 09:36 - 00000000 ____D () C:\ProgramData\AbziRequ
2014-07-19 09:34 - 2011-07-20 23:01 - 00000000 ____D () C:\Windows\Minidump
2014-07-19 06:58 - 2014-01-02 05:44 - 00262144 ____N () C:\Windows\Minidump\071914-41340-01.dmp
2014-07-19 06:57 - 2014-01-02 05:44 - 00262144 ____N () C:\Windows\Minidump\071914-41511-01.dmp
2014-07-16 08:52 - 2014-07-16 08:52 - 00555672 _____ () C:\Windows\Minidump\071614-29577-01.dmp
2014-07-16 08:51 - 2014-07-16 08:51 - 00555672 _____ () C:\Windows\Minidump\071614-29593-01.dmp
2014-07-16 08:50 - 2014-07-16 08:50 - 00555672 _____ () C:\Windows\Minidump\071614-29094-01.dmp
2014-07-15 12:05 - 2014-05-31 22:25 - 00034660 _____ () C:\ProgramData\RUNDLL32.EXE-2856-F.txt
2014-07-15 09:35 - 2014-06-27 23:26 - 00153001 _____ () C:\ProgramData\RUNDLL32.EXE-3048-F.txt
2014-07-15 06:33 - 2014-07-15 06:23 - 00004971 _____ () C:\ProgramData\RUNDLL32.EXE-816-F.txt
2014-07-14 09:49 - 2014-07-14 09:29 - 00009753 _____ () C:\ProgramData\RUNDLL32.EXE-2824-F.txt
2014-07-14 08:24 - 2014-07-14 08:24 - 00555672 _____ () C:\Windows\Minidump\071414-92945-01.dmp
2014-07-14 08:22 - 2014-07-14 08:22 - 00262144 ____N () C:\Windows\Minidump\071414-28501-01.dmp
2014-07-14 06:47 - 2014-05-30 06:12 - 00055431 _____ () C:\ProgramData\RUNDLL32.EXE-2636-F.txt
2014-07-14 06:42 - 2014-07-14 06:41 - 00555672 _____ () C:\Windows\Minidump\071414-102601-01.dmp
2014-07-13 10:06 - 2014-07-13 10:06 - 00262144 ____H () C:\Windows\DUMPa1a5.DMP
2014-07-13 10:00 - 2014-07-13 10:00 - 00262144 ____H () C:\Windows\DUMPcb0f.DMP
2014-07-13 09:59 - 2014-07-02 06:23 - 00010262 _____ () C:\ProgramData\RUNDLL32.EXE-2836-F.txt
2014-07-13 07:58 - 2014-06-07 21:18 - 00026225 _____ () C:\ProgramData\RUNDLL32.EXE-2924-F.txt
2014-07-13 07:43 - 2014-06-15 09:30 - 00091740 _____ () C:\ProgramData\RUNDLL32.EXE-2884-F.txt
2014-07-13 06:41 - 2014-07-13 06:14 - 00013810 _____ () C:\ProgramData\RUNDLL32.EXE-2232-F.txt
2014-07-13 02:27 - 2014-06-09 06:04 - 00157523 _____ () C:\ProgramData\RUNDLL32.EXE-2876-F.txt
2014-07-12 23:50 - 2014-07-12 23:27 - 00012242 _____ () C:\ProgramData\RUNDLL32.EXE-2800-F.txt
2014-07-12 23:48 - 2011-02-06 02:27 - 00000000 ____D () C:\Users\Reinhard\Döling KG
2014-07-12 22:41 - 2014-07-12 22:33 - 00004435 _____ () C:\ProgramData\RUNDLL32.EXE-2372-F.txt
2014-07-12 12:12 - 2014-07-12 06:07 - 00184467 _____ () C:\ProgramData\RUNDLL32.EXE-2188-F.txt
2014-07-12 06:39 - 2014-07-12 06:39 - 03678208 _____ () C:\Users\Reinhard\Downloads\Heidi (M).pps
2014-07-12 02:49 - 2014-07-11 21:19 - 00168362 _____ () C:\ProgramData\RUNDLL32.EXE-2656-F.txt
2014-07-11 12:06 - 2014-07-11 12:00 - 00003563 _____ () C:\ProgramData\RUNDLL32.EXE-2996-F.txt
2014-07-11 06:31 - 2014-07-11 06:20 - 00005220 _____ () C:\ProgramData\RUNDLL32.EXE-1536-F.txt
2014-07-10 09:44 - 2014-07-10 09:14 - 00011232 _____ () C:\ProgramData\RUNDLL32.EXE-1040-F.txt
2014-07-10 06:53 - 2014-07-10 06:41 - 00006294 _____ () C:\ProgramData\RUNDLL32.EXE-164-F.txt
2014-07-09 09:40 - 2014-06-09 09:39 - 00018854 _____ () C:\ProgramData\RUNDLL32.EXE-2852-F.txt
2014-07-09 06:33 - 2014-07-09 06:26 - 00003239 _____ () C:\ProgramData\RUNDLL32.EXE-2060-F.txt
2014-07-08 09:44 - 2014-07-08 09:21 - 00010995 _____ () C:\ProgramData\RUNDLL32.EXE-364-F.txt
2014-07-08 06:48 - 2014-07-08 06:27 - 00010425 _____ () C:\ProgramData\RUNDLL32.EXE-2980-F.txt
2014-07-07 09:44 - 2014-07-07 09:40 - 00001981 _____ () C:\ProgramData\RUNDLL32.EXE-1208-F.txt
2014-07-07 06:49 - 2014-07-07 06:34 - 00007532 _____ () C:\ProgramData\RUNDLL32.EXE-956-F.txt
2014-07-06 11:38 - 2014-06-11 08:35 - 00019891 _____ () C:\ProgramData\RUNDLL32.EXE-2948-F.txt
2014-07-06 08:08 - 2014-07-06 05:53 - 00066839 _____ () C:\ProgramData\RUNDLL32.EXE-2032-F.txt
2014-07-06 06:12 - 2011-02-06 02:56 - 00000000 ____D () C:\Users\Reinhard\Versicherungen
2014-07-06 02:57 - 2014-07-06 00:04 - 00087506 _____ () C:\ProgramData\RUNDLL32.EXE-2340-F.txt
2014-07-05 12:55 - 2014-07-05 12:48 - 00004044 _____ () C:\ProgramData\RUNDLL32.EXE-3012-F.txt
2014-07-05 10:05 - 2014-07-05 09:41 - 00011956 _____ () C:\ProgramData\RUNDLL32.EXE-2120-F.txt
2014-07-05 03:06 - 2014-06-08 12:00 - 00160347 _____ () C:\ProgramData\RUNDLL32.EXE-2144-F.txt
2014-07-04 14:31 - 2014-06-01 10:28 - 00038050 _____ () C:\ProgramData\RUNDLL32.EXE-2912-F.txt
2014-07-04 06:36 - 2014-07-04 06:25 - 00005916 _____ () C:\ProgramData\RUNDLL32.EXE-2220-F.txt
2014-07-03 12:08 - 2014-05-27 08:54 - 00086258 _____ () C:\ProgramData\RUNDLL32.EXE-2908-F.txt
2014-07-03 09:35 - 2014-07-03 08:59 - 00017715 _____ () C:\ProgramData\RUNDLL32.EXE-2452-F.txt
2014-07-03 09:28 - 2011-11-06 01:59 - 00022016 _____ () C:\Users\Reinhard\Kinderzahlungen.xls
2014-07-03 09:28 - 2011-02-04 07:14 - 00000000 ____D () C:\users\Reinhard
2014-07-03 07:02 - 2014-07-03 06:48 - 00006860 _____ () C:\ProgramData\RUNDLL32.EXE-2180-F.txt
2014-07-02 12:31 - 2014-07-02 09:19 - 00017073 _____ () C:\ProgramData\RUNDLL32.EXE-2932-F.txt
2014-07-01 12:31 - 2014-07-01 12:19 - 00006617 _____ () C:\ProgramData\RUNDLL32.EXE-2944-F.txt
2014-07-01 06:36 - 2014-06-03 06:44 - 00027718 _____ () C:\ProgramData\RUNDLL32.EXE-1268-F.txt
2014-06-30 12:57 - 2014-06-30 12:51 - 00003121 _____ () C:\ProgramData\RUNDLL32.EXE-1180-F.txt
2014-06-30 09:36 - 2014-06-30 08:44 - 00026163 _____ () C:\ProgramData\RUNDLL32.EXE-2956-F.txt
2014-06-30 08:17 - 2014-06-07 00:45 - 00291898 _____ () C:\ProgramData\RUNDLL32.EXE-2872-F.txt
2014-06-29 10:20 - 2014-06-29 10:11 - 00004977 _____ () C:\ProgramData\RUNDLL32.EXE-2600-F.txt
2014-06-29 08:40 - 2014-05-25 05:55 - 00198853 _____ () C:\ProgramData\RUNDLL32.EXE-2972-F.txt
2014-06-29 04:59 - 2014-06-02 11:54 - 00076249 _____ () C:\ProgramData\RUNDLL32.EXE-2952-F.txt
2014-06-29 02:16 - 2014-06-29 02:06 - 00004942 _____ () C:\ProgramData\RUNDLL32.EXE-2244-F.txt
2014-06-28 23:59 - 2014-06-28 23:10 - 00024980 _____ () C:\ProgramData\RUNDLL32.EXE-1352-F.txt
2014-06-28 13:19 - 2014-06-10 08:30 - 00036970 _____ () C:\ProgramData\RUNDLL32.EXE-2860-F.txt
2014-06-28 09:48 - 2014-05-30 12:10 - 00019452 _____ () C:\ProgramData\RUNDLL32.EXE-2864-F.txt
2014-06-28 08:03 - 2014-06-28 06:16 - 00054263 _____ () C:\ProgramData\RUNDLL32.EXE-2904-F.txt
2014-06-27 23:45 - 2014-06-27 23:45 - 00000000 ____D () C:\ProgramData\69C67EF23B9CD73186992916CB237AD7
2014-06-27 21:04 - 2014-06-27 21:01 - 00001395 _____ () C:\ProgramData\RUNDLL32.EXE-1200-F.txt
2014-06-27 10:04 - 2014-06-27 09:36 - 00014038 _____ () C:\ProgramData\RUNDLL32.EXE-3060-F.txt
2014-06-26 11:25 - 2014-06-26 10:22 - 00032176 _____ () C:\ProgramData\RUNDLL32.EXE-2560-F.txt
2014-06-26 06:36 - 2014-06-26 06:24 - 00006492 _____ () C:\ProgramData\RUNDLL32.EXE-2500-F.txt
2014-06-25 11:11 - 2014-06-25 09:54 - 00038357 _____ () C:\ProgramData\RUNDLL32.EXE-1276-F.txt
2014-06-25 10:35 - 2011-12-29 10:28 - 00041984 _____ () C:\Users\Reinhard\Documents\Besondere Ereignisse.xls
2014-06-25 06:36 - 2014-06-25 06:25 - 00005634 _____ () C:\ProgramData\RUNDLL32.EXE-1524-F.txt
2014-06-24 05:44 - 2014-06-24 05:23 - 00010651 _____ () C:\ProgramData\RUNDLL32.EXE-688-F.txt
2014-06-23 10:09 - 2014-06-23 09:43 - 00013212 _____ () C:\ProgramData\RUNDLL32.EXE-1308-F.txt
2014-06-23 07:06 - 2014-06-23 06:57 - 00004150 _____ () C:\ProgramData\RUNDLL32.EXE-2868-F.txt
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Files to move or delete:
====================
C:\ProgramData\AbvaSquz.dat
C:\ProgramData\OrexFuyu.dat
C:\ProgramData\ozouei.dat
C:\ProgramData\UmahMiri.dat
C:\ProgramData\vjrbeqv.dat
C:\ProgramData\vqnwam.dat
C:\Users\Reinhard\avg_avct_stb_all_2012_1796_cm10.exe
C:\Users\Reinhard\InstallMyTomTomSA.exe
C:\Users\Reinhard\Office2003SP3-KB923618-FullFile-DEU.exe


Some content of TEMP:
====================
C:\Users\Reinhard\AppData\Local\Temp\dRbT.dll
C:\Users\Reinhard\AppData\Local\Temp\iSXk.dll
C:\Users\Reinhard\AppData\Local\Temp\kktxil.exe
C:\Users\Reinhard\AppData\Local\Temp\NEventMessages.dll
C:\Users\Reinhard\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Reinhard\AppData\Local\Temp\P5U0.dll
C:\Users\Reinhard\AppData\Local\Temp\Quarantine.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

==================== Restore Points  =========================

Restore point made on: 2014-04-15 08:32:17
Restore point made on: 2014-04-18 08:06:51
Restore point made on: 2014-05-01 01:39:55
Restore point made on: 2014-05-11 00:08:40
Restore point made on: 2014-05-31 06:45:58
Restore point made on: 2014-05-31 06:47:43
Restore point made on: 2014-06-28 02:32:19
Restore point made on: 2014-07-13 07:52:57
Restore point made on: 2014-07-13 07:55:28
Restore point made on: 2014-07-19 12:51:59
Restore point made on: 2014-07-20 00:38:24
Restore point made on: 2014-07-21 07:52:03

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 4095.29 MB
Available physical RAM: 3427.05 MB
Total Pagefile: 4093.44 MB
Available Pagefile: 3414.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:1366.17 GB) (Free:1203.76 GB) NTFS
Drive e: (Recover) (Fixed) (Total:30 GB) (Free:10.4 GB) NTFS
Drive j: (USB DISK) (Removable) (Total:3.73 GB) (Free:3.7 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-732114714624) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 4 (Size: 4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2013-10-12 06:03

==================== End Of Log ============================
--- --- ---



Nachtrag:

mir ist bewusst das mehrere anti-maleware Tools installiert sind aber ich komm über die deinstallation nicht weiter.
auch der abgesicherte Modus ist nicht ausführbar.
Sprich der Rechner fährt direkt wieder runter.

mfg

M-K-D-B 23.07.2014 16:04
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!




Anweisungen folgen in Kürze. :)

M-K-D-B 23.07.2014 16:13
Servus,


wir beginnen so:



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Spyware Terminator <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Spyware Terminator <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKU\Reinhard\...\Run: [AbvaSquz] => regsvr32.exe "C:\ProgramData\AbvaSquz.dat"
HKU\Reinhard\...\Run: [UmahMiri] => regsvr32.exe "C:\ProgramData\UmahMiri.dat"
HKU\Reinhard\...\Run: [OrexFuyu] => regsvr32.exe "C:\ProgramData\OrexFuyu.dat"
HKU\Reinhard\...\Run: [AbziRequ] => regsvr32.exe "C:\ProgramData\AbziRequ\AbziRequ.dat"
HKU\Reinhard\...\Run: [OjimIxos] => regsvr32.exe "C:\ProgramData\OjimIxos\OjimIxos.dat"
HKU\Reinhard\...\Run: [UcipCojy] => regsvr32.exe "C:\ProgramData\UcipCojy\UcipCojy.dat"
HKU\Reinhard\...\Run: [EtfaqDexle] => regsvr32.exe "C:\ProgramData\EtfaqDexle\EtfaqDexle.dat"
HKU\Reinhard\...\Run: [UjzirAhobf] => regsvr32.exe "C:\ProgramData\UjzirAhobf\UjzirAhobf.dat"
HKU\Reinhard\...\Run: [AxugAyaff] => regsvr32.exe "C:\ProgramData\AxugAyaff\AxugAyaff.dat"
C:\ProgramData\AbvaSquz.dat
C:\ProgramData\UmahMiri.dat
C:\ProgramData\OrexFuyu.dat
C:\ProgramData\AbziRequ
C:\ProgramData\OjimIxos
C:\ProgramData\UcipCojy
C:\ProgramData\EtfaqDexle
C:\ProgramData\UjzirAhobf
C:\ProgramData\AxugAyaff
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aranna.exe ()
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aranna.exe ()
Startup: C:\Users\Reinhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\ProgramData\08B831C8C5C95390B72EFDBE2D83C48A\9fl8eek.cpp ()
S2 Winmgmt; C:\ProgramData\08B831C8C5C95390B72EFDBE2D83C48A\kee8lf9.dot [333556 2014-05-24] (Microsoft Corporation)
C:\ProgramData\08B831C8C5C95390B72EFDBE2D83C48A
C:\Users\Reinhard\Downloads\gggggggggggggggggggggggggggggggggggg.exe
C:\Users\Reinhard\Downloads\setup.exe
C:\ProgramData\69C67EF23B9CD73186992916CB237AD7
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\ozouei.dat
C:\ProgramData\vjrbeqv.dat
C:\ProgramData\vqnwam.dat
end
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.






Berichte mir, ob du danach den Rechner wieder normal starten kannst (wir sind dann aber noch nicht fertig). :)

Escor 23.07.2014 16:34
zunächst mal besten dank für die schnelle Hilfe.



Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-07-2014 01
Ran by SYSTEM at 2014-07-23 17:15:50 Run:1
Running from J:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
start
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Spyware Terminator <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Spyware Terminator <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKU\Reinhard\...\Run: [AbvaSquz] => regsvr32.exe "C:\ProgramData\AbvaSquz.dat"
HKU\Reinhard\...\Run: [UmahMiri] => regsvr32.exe "C:\ProgramData\UmahMiri.dat"
HKU\Reinhard\...\Run: [OrexFuyu] => regsvr32.exe "C:\ProgramData\OrexFuyu.dat"
HKU\Reinhard\...\Run: [AbziRequ] => regsvr32.exe "C:\ProgramData\AbziRequ\AbziRequ.dat"
HKU\Reinhard\...\Run: [OjimIxos] => regsvr32.exe "C:\ProgramData\OjimIxos\OjimIxos.dat"
HKU\Reinhard\...\Run: [UcipCojy] => regsvr32.exe "C:\ProgramData\UcipCojy\UcipCojy.dat"
HKU\Reinhard\...\Run: [EtfaqDexle] => regsvr32.exe "C:\ProgramData\EtfaqDexle\EtfaqDexle.dat"
HKU\Reinhard\...\Run: [UjzirAhobf] => regsvr32.exe "C:\ProgramData\UjzirAhobf\UjzirAhobf.dat"
HKU\Reinhard\...\Run: [AxugAyaff] => regsvr32.exe "C:\ProgramData\AxugAyaff\AxugAyaff.dat"
C:\ProgramData\AbvaSquz.dat
C:\ProgramData\UmahMiri.dat
C:\ProgramData\OrexFuyu.dat
C:\ProgramData\AbziRequ
C:\ProgramData\OjimIxos
C:\ProgramData\UcipCojy
C:\ProgramData\EtfaqDexle
C:\ProgramData\UjzirAhobf
C:\ProgramData\AxugAyaff
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aranna.exe ()
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aranna.exe ()
Startup: C:\Users\Reinhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\ProgramData\08B831C8C5C95390B72EFDBE2D83C48A\9fl8eek.cpp ()
S2 Winmgmt; C:\ProgramData\08B831C8C5C95390B72EFDBE2D83C48A\kee8lf9.dot [333556 2014-05-24] (Microsoft Corporation)
C:\ProgramData\08B831C8C5C95390B72EFDBE2D83C48A
C:\Users\Reinhard\Downloads\gggggggggggggggggggggggggggggggggggg.exe
C:\Users\Reinhard\Downloads\setup.exe
C:\ProgramData\69C67EF23B9CD73186992916CB237AD7
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\ozouei.dat
C:\ProgramData\vjrbeqv.dat
C:\ProgramData\vqnwam.dat
end

*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\Reinhard\Software\Microsoft\Windows\CurrentVersion\Run\\AbvaSquz => value deleted successfully.
HKU\Reinhard\Software\Microsoft\Windows\CurrentVersion\Run\\UmahMiri => value deleted successfully.
HKU\Reinhard\Software\Microsoft\Windows\CurrentVersion\Run\\OrexFuyu => value deleted successfully.
HKU\Reinhard\Software\Microsoft\Windows\CurrentVersion\Run\\AbziRequ => value deleted successfully.
HKU\Reinhard\Software\Microsoft\Windows\CurrentVersion\Run\\OjimIxos => value deleted successfully.
HKU\Reinhard\Software\Microsoft\Windows\CurrentVersion\Run\\UcipCojy => value deleted successfully.
HKU\Reinhard\Software\Microsoft\Windows\CurrentVersion\Run\\EtfaqDexle => value deleted successfully.
HKU\Reinhard\Software\Microsoft\Windows\CurrentVersion\Run\\UjzirAhobf => value deleted successfully.
HKU\Reinhard\Software\Microsoft\Windows\CurrentVersion\Run\\AxugAyaff => value deleted successfully.
C:\ProgramData\AbvaSquz.dat => Moved successfully.
C:\ProgramData\UmahMiri.dat => Moved successfully.
C:\ProgramData\OrexFuyu.dat => Moved successfully.
C:\ProgramData\AbziRequ => Moved successfully.
C:\ProgramData\OjimIxos => Moved successfully.
C:\ProgramData\UcipCojy => Moved successfully.
C:\ProgramData\EtfaqDexle => Moved successfully.
C:\ProgramData\UjzirAhobf => Moved successfully.
C:\ProgramData\AxugAyaff => Moved successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aranna.exe => Moved successfully.
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aranna.exe not found.
C:\Users\Reinhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk => Moved successfully.
C:\ProgramData\08B831C8C5C95390B72EFDBE2D83C48A\9fl8eek.cpp => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\08B831C8C5C95390B72EFDBE2D83C48A => Moved successfully.
C:\Users\Reinhard\Downloads\gggggggggggggggggggggggggggggggggggg.exe => Moved successfully.
C:\Users\Reinhard\Downloads\setup.exe => Moved successfully.
C:\ProgramData\69C67EF23B9CD73186992916CB237AD7 => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.
C:\ProgramData\ozouei.dat => Moved successfully.
C:\ProgramData\vjrbeqv.dat => Moved successfully.
C:\ProgramData\vqnwam.dat => Moved successfully.

==== End of Fixlog ====
Ps: starten geht ohne weiteres.

Deinstallstion von so tollen programmen wie:
Winzipper und v9 funktioniert leider weiterhin nicht.

M-K-D-B 23.07.2014 19:20
Servus,



ok, bitte FRST neu direkt auf den Desktop downloaden und von dort starten:


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Escor 24.07.2014 07:02
Guten Morgen,



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2014 01
Ran by Reinhard (administrator) on STERN_DES_SÜDEN on 24-07-2014 07:42:36
Running from C:\Users\Reinhard\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Time Information Services Ltd.) C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(The Beamrise Authors) C:\Users\Reinhard\AppData\Local\Beamrise\Application\beamrise.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
() C:\Program Files (x86)\Nokia\Nokia Software Launcher\NSLauncher.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Nokia Corporation) C:\Program Files (x86)\Common Files\Nokia\MPAPI\MPAPI3s.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(The Beamrise Authors) C:\Users\Reinhard\AppData\Local\Beamrise\Application\beamrise.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2010-10-22] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NSLauncher] => C:\Program Files (x86)\Nokia\Nokia Software Launcher\NSLauncher.exe [3096576 2007-11-06] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Run: [Google Update . d'<*>] => "C:\Windows\system32\config\systemprofile\AppData\Local\Google\Desktop\Install\{f83a451a-099f-921b-9 (the data entry has 98 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-145491947-2959547439-914181856-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247728 2012-01-23] (TomTom)
HKU\S-1-5-21-145491947-2959547439-914181856-1001\...\Run: [PcSync] => C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe [1449984 2006-06-27] (Time Information Services Ltd.)
HKU\S-1-5-21-145491947-2959547439-914181856-1001\...\Run: [Beamrise] => C:\Users\Reinhard\AppData\Local\Beamrise\Application\beamrise.exe [1526080 2013-12-04] (The Beamrise Authors)
HKU\S-1-5-21-145491947-2959547439-914181856-1001\...\Run: [] => [X]
HKU\S-1-5-21-145491947-2959547439-914181856-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-145491947-2959547439-914181856-1001\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-145491947-2959547439-914181856-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-145491947-2959547439-914181856-1001\...\MountPoints2: {175a941d-30f9-11e0-b7c2-6c626dba55d9} - E:\pushinst.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST31500541AS_6XW28D8KXXXX6XW28D8K&ts=1380400476
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1866A427EFF3CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST31500541AS_6XW28D8KXXXX6XW28D8K&ts=1380400476
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST31500541AS_6XW28D8KXXXX6XW28D8K&ts=1380400476
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST31500541AS_6XW28D8KXXXX6XW28D8K&ts=1380400476
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST31500541AS_6XW28D8KXXXX6XW28D8K&ts=1380400476
URLSearchHook: HKLM-x32 - softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
URLSearchHook: HKCU - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=adk&from=adk&uid=ST31500541AS_6XW28D8KXXXX6XW28D8K&ts=1374687404
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0D0B0AyDyD0Dzy0AtBzzzytN0D0Tzu0CyDzztDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=1700288119&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {186A33A2-E395-B386-939A-28CDAD4096C3} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=adk&from=adk&uid=ST31500541AS_6XW28D8KXXXX6XW28D8K&ts=0
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0D0B0AyDyD0Dzy0AtBzzzytN0D0Tzu0CyDzztDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=1700288119&ir=
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=161&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=7580163520064120&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {177D60B2-B768-4862-90FC-5A0E83C1DF04} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {51D1555B-27F4-282F-F09D-3CB651E92238} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10053&barid={B15EB60C-FAD4-11E2-B14F-6C626DBA55D9}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=161&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=7580163520064120&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0D0B0AyDyD0Dzy0AtBzzzytN0D0Tzu0CyDzztDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=1700288119&ir=
SearchScopes: HKCU - DefaultScope {177D60B2-B768-4862-90FC-5A0E83C1DF04} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298566&CUI=UN41168407621113528&UM=2
SearchScopes: HKCU - {177D60B2-B768-4862-90FC-5A0E83C1DF04} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298566&CUI=UN41168407621113528&UM=2
SearchScopes: HKCU - {186A33A2-E395-B386-939A-28CDAD4096C3} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: No Name -> {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> C:\PROGRA~2\SITERA~1\SiteRank.dll No File
BHO-x32: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: softonic-de3 Toolbar -> {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} -> C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
DPF: HKLM-x32 {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File

FireFox:
========
FF ProfilePath: C:\Users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\pv16ybfs.default
FF NewTab: hxxp://www.delta-homes.com/newtab/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=nt&from=newgdp&uid=ST31500541AS_6XW28D8KXXXX6XW28D8K&ts=1380305800
FF DefaultSearchEngine: MixiDJ V30 Customized Web Search
FF SearchEngineOrder.1: delta-homes
FF SelectedSearchEngine: MixiDJ V30 Customized Web Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3298566&CUI=UN13474290537111289&UM=2&SearchSource=13
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN13474290537111289&UM=2&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\pv16ybfs.default\user.js
FF SearchPlugin: C:\Users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\pv16ybfs.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\pv16ybfs.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\pv16ybfs.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\pv16ybfs.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\pv16ybfs.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\pv16ybfs.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\pv16ybfs.default\searchplugins\Sweetpacks Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\delta-homes.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\StartWeb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: TelevisionFanatic - C:\Users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\pv16ybfs.default\Extensions\64ffxtbr@TelevisionFanatic.com [2013-12-07]
FF Extension: SaveClicker - C:\Users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\pv16ybfs.default\Extensions\9olmqt@uny-yodb.org [2014-04-29]
FF Extension: EnjoyCoupon - C:\Users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\pv16ybfs.default\Extensions\bq8hmpv@crpv-ouu.com [2014-04-29]
FF Extension: mysearchdial.com - C:\Users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\pv16ybfs.default\Extensions\ffxtlbr@mysearchdial.com [2014-04-29]
FF Extension: Quick Start - C:\Users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\pv16ybfs.default\Extensions\quick_start@gmail.com [2014-05-08]
FF Extension: MixiDJ V30  - C:\Users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\pv16ybfs.default\Extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd} [2014-05-08]
FF Extension: IMinent Toolbar - C:\Users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\pv16ybfs.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2013-03-12]
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\pv16ybfs.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2013-08-01]
FF Extension: FreeHDSport.TV - C:\Users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\pv16ybfs.default\Extensions\freehdsport@freehdsport.tv.xpi [2013-03-12]
FF Extension: MySearchDial - C:\Users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\pv16ybfs.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-04-29]
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\pv16ybfs.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013-08-01]
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [siteranker@siteranker.com] - C:\Program Files (x86)\SiteRanker\firefox
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-01-15]
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox
FF Extension: No Name - C:\Users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\pv16ybfs.default\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi []

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Avira Toolbar) - C:\Users\Reinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl [2013-03-05]
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Reinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-07-12]
CHR Extension: (Docs) - C:\Users\Reinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-01]
CHR Extension: (Google Drive) - C:\Users\Reinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-01]
CHR Extension: (YouTube) - C:\Users\Reinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-01]
CHR Extension: (Google-Suche) - C:\Users\Reinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-01]
CHR Extension: (Delta Toolbar) - C:\Users\Reinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-07-12]
CHR Extension: (No Name) - C:\Users\Reinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen [2013-11-01]
CHR Extension: (Web Cake) - C:\Users\Reinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh [2013-11-21]
CHR Extension: (Iminent Toolbar) - C:\Users\Reinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcemhggbahmlmhgnbpbbdaklcojhbecn [2013-03-12]
CHR Extension: (Lightning Newtab) - C:\Users\Reinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-11-21]
CHR Extension: (Wajam) - C:\Users\Reinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2013-11-21]
CHR Extension: (Norton Identity Protection) - C:\Users\Reinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-12-09]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Reinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-03-05]
CHR Extension: (Google Wallet) - C:\Users\Reinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-21]
CHR Extension: (No Name) - C:\Users\Reinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj [2013-08-02]
CHR Extension: (Remove \) - C:\Users\Reinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2013-08-02]
CHR Extension: (Google Mail) - C:\Users\Reinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-01]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Reinhard\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2014-05-01]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-01-15]
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Reinhard\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.11.0.crx [2012-12-29]
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Reinhard\AppData\Local\Wajam\Chrome\wajam.crx [2012-07-26]

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-19] (TuneUp Software)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-07-31] (Taiwan Shui Mu Chih Ching Technology Limited.)
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-07-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-12-27] (Windows (R) Win 7 DDK provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
S3 iaStor; \SystemRoot\system32\DRIVERS\iaStor.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-24 07:42 - 2014-07-24 07:44 - 00025532 _____ () C:\Users\Reinhard\Desktop\FRST.txt
2014-07-24 07:42 - 2014-07-23 15:14 - 02091520 _____ (Farbar) C:\Users\Reinhard\Desktop\FRST64.exe
2014-07-24 07:39 - 2014-07-24 07:41 - 00000000 ____D () C:\Windows\LastGood
2014-07-24 02:40 - 2014-07-24 07:42 - 00000000 ____D () C:\FRST
2014-07-23 17:01 - 2014-07-23 17:01 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-23 16:43 - 2014-07-23 17:13 - 00014412 _____ () C:\ProgramData\RUNDLL32.EXE-2820-F.txt
2014-07-23 16:31 - 2014-07-23 16:32 - 00000822 _____ () C:\ProgramData\RUNDLL32.EXE-2768-F.txt
2014-07-23 16:17 - 2014-07-23 16:20 - 00001081 _____ () C:\ProgramData\RUNDLL32.EXE-2300-F.txt
2014-07-22 19:48 - 2014-07-22 20:03 - 00007167 _____ () C:\ProgramData\RUNDLL32.EXE-3008-F.txt
2014-07-22 18:08 - 2014-07-22 18:27 - 00009283 _____ () C:\ProgramData\RUNDLL32.EXE-2680-F.txt
2014-07-22 17:39 - 2014-07-22 17:40 - 00000829 _____ () C:\ProgramData\RUNDLL32.EXE-3044-F.txt
2014-07-22 17:30 - 2014-07-22 17:33 - 00001849 _____ () C:\ProgramData\RUNDLL32.EXE-2748-F.txt
2014-07-22 17:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-22 17:22 - 2014-07-22 17:33 - 00000000 ____D () C:\AdwCleaner
2014-07-22 17:22 - 2014-07-22 17:22 - 01354223 _____ () C:\Users\Reinhard\Downloads\adwcleaner_3.216.exe
2014-07-22 17:22 - 2014-07-22 17:22 - 01354223 _____ () C:\Users\Reinhard\Downloads\adwcleaner_3.216 (1).exe
2014-07-22 17:19 - 2014-07-22 17:23 - 00001912 _____ () C:\ProgramData\RUNDLL32.EXE-212-F.txt
2014-07-22 16:09 - 2014-07-22 17:05 - 00027063 _____ () C:\ProgramData\RUNDLL32.EXE-3004-F.txt
2014-07-21 17:57 - 2014-07-21 17:57 - 02028976 _____ () C:\Users\Reinhard\Downloads\winrar-x64-510d.exe
2014-07-21 17:57 - 2014-07-21 17:57 - 00000000 ____D () C:\Users\Reinhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-21 17:57 - 2014-07-21 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-21 17:57 - 2014-07-21 17:57 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-21 17:52 - 2014-07-21 17:52 - 00000000 ____D () C:\ProgramData\PDF Architect
2014-07-21 17:32 - 2014-07-21 17:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-21 17:32 - 2014-07-21 17:32 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Reinhard\Downloads\mbar-1.07.0.1012.exe
2014-07-21 17:32 - 2014-07-21 17:32 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-21 17:32 - 2014-07-21 17:32 - 00000000 ____D () C:\Users\Reinhard\Desktop\mbar
2014-07-21 17:28 - 2014-07-21 17:59 - 00015076 _____ () C:\ProgramData\RUNDLL32.EXE-3732-F.txt
2014-07-21 17:21 - 2014-07-21 17:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Reinhard\Downloads\HiJackThis204.exe
2014-07-21 17:17 - 2014-07-21 17:20 - 333878864 _____ (NVIDIA Corporation) C:\Users\Reinhard\Downloads\337.88-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-07-21 17:13 - 2014-07-21 18:05 - 00009735 _____ () C:\ProgramData\RUNDLL32.EXE-2744-F.txt
2014-07-21 16:27 - 2014-07-21 16:51 - 00011476 _____ () C:\ProgramData\RUNDLL32.EXE-1184-F.txt
2014-07-20 19:08 - 2014-07-20 20:12 - 00031122 _____ () C:\ProgramData\RUNDLL32.EXE-2720-F.txt
2014-07-20 18:18 - 2014-07-20 18:22 - 00001007 _____ () C:\Users\Public\Desktop\DriverTuner.lnk
2014-07-20 18:18 - 2014-07-20 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
2014-07-20 18:18 - 2014-07-20 18:22 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-07-20 18:13 - 2014-07-20 18:23 - 00004942 _____ () C:\ProgramData\RUNDLL32.EXE-2228-F.txt
2014-07-20 17:09 - 2014-07-20 17:09 - 00502750 _____ () C:\Users\Reinhard\Downloads\eBay-Kaufabwicklung – Kauf abgeschlossen_dll.mht
2014-07-20 10:53 - 2014-07-20 10:58 - 00002693 _____ () C:\ProgramData\RUNDLL32.EXE-1056-F.txt
2014-07-19 22:53 - 2013-05-01 06:58 - 06491936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-07-19 22:53 - 2013-05-01 06:58 - 03514656 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-07-19 22:53 - 2013-05-01 06:58 - 02555680 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-07-19 22:53 - 2013-05-01 06:58 - 00884512 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-07-19 22:53 - 2013-05-01 06:58 - 00237856 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-07-19 22:53 - 2013-05-01 06:58 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-07-19 22:53 - 2013-04-30 17:15 - 03165506 _____ () C:\Windows\system32\nvcoproc.bin
2014-07-19 22:52 - 2014-07-19 22:52 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-07-19 22:52 - 2014-07-19 22:52 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-19 22:52 - 2013-05-01 07:36 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-07-19 22:52 - 2013-05-01 07:36 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-07-19 22:51 - 2013-05-01 07:36 - 21093664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-07-19 22:51 - 2013-05-01 07:36 - 13394392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-07-19 22:51 - 2013-05-01 07:36 - 02942240 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-07-19 22:51 - 2013-05-01 07:36 - 00925648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-07-19 22:51 - 2013-05-01 07:36 - 00443168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-07-19 22:51 - 2013-05-01 07:36 - 00421152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-07-19 22:51 - 2013-05-01 07:36 - 00370976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-07-19 22:51 - 2013-05-01 07:36 - 00218592 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-07-19 22:51 - 2013-05-01 07:36 - 00181488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-07-19 22:50 - 2014-07-21 17:27 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-19 22:50 - 2013-05-01 07:36 - 27772192 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 15900912 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 15140808 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 12423120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 11211552 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-07-19 22:50 - 2013-05-01 07:36 - 09348000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 07797808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 07641832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 02934672 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 02754336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 02596832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 02363680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 01832224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432011.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432011.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 01059560 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 00550176 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 00518944 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 00431904 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 00266960 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 00214448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-07-19 22:50 - 2013-05-01 07:36 - 00020536 _____ () C:\Windows\system32\nvinfo.pb
2014-07-19 22:38 - 2014-07-19 23:00 - 00010942 _____ () C:\ProgramData\RUNDLL32.EXE-2660-F.txt
2014-07-19 22:23 - 2014-07-19 22:37 - 00007076 _____ () C:\ProgramData\RUNDLL32.EXE-2616-F.txt
2014-07-19 22:17 - 2014-07-19 22:21 - 00001839 _____ () C:\ProgramData\RUNDLL32.EXE-2612-F.txt
2014-07-19 20:21 - 2014-07-19 20:24 - 00000778 _____ () C:\ProgramData\RUNDLL32.EXE-2784-F.txt
2014-07-19 19:54 - 2014-07-19 19:54 - 00000000 ____D () C:\NVIDIA
2014-07-19 19:35 - 2014-07-19 20:05 - 00015164 _____ () C:\ProgramData\RUNDLL32.EXE-2716-F.txt
2014-07-16 18:52 - 2014-07-16 18:52 - 00555672 _____ () C:\Windows\Minidump\071614-29577-01.dmp
2014-07-16 18:51 - 2014-07-16 18:51 - 00555672 _____ () C:\Windows\Minidump\071614-29593-01.dmp
2014-07-16 18:50 - 2014-07-16 18:50 - 00555672 _____ () C:\Windows\Minidump\071614-29094-01.dmp
2014-07-15 16:23 - 2014-07-15 16:33 - 00004971 _____ () C:\ProgramData\RUNDLL32.EXE-816-F.txt
2014-07-14 19:29 - 2014-07-14 19:49 - 00009753 _____ () C:\ProgramData\RUNDLL32.EXE-2824-F.txt
2014-07-14 18:24 - 2014-07-14 18:24 - 00555672 _____ () C:\Windows\Minidump\071414-92945-01.dmp
2014-07-14 18:22 - 2014-07-14 18:22 - 00262144 ____N () C:\Windows\Minidump\071414-28501-01.dmp
2014-07-14 16:41 - 2014-07-14 16:42 - 00555672 _____ () C:\Windows\Minidump\071414-102601-01.dmp
2014-07-13 20:06 - 2014-07-13 20:06 - 00262144 ____H () C:\Windows\DUMPa1a5.DMP
2014-07-13 20:00 - 2014-07-13 20:00 - 00262144 ____H () C:\Windows\DUMPcb0f.DMP
2014-07-13 17:43 - 2014-07-21 17:54 - 00000000 ____D () C:\Users\Reinhard\AppData\Roaming\Nico Mak Computing
2014-07-13 16:14 - 2014-07-13 16:41 - 00013810 _____ () C:\ProgramData\RUNDLL32.EXE-2232-F.txt
2014-07-13 09:27 - 2014-07-13 09:50 - 00012242 _____ () C:\ProgramData\RUNDLL32.EXE-2800-F.txt
2014-07-13 08:33 - 2014-07-13 08:41 - 00004435 _____ () C:\ProgramData\RUNDLL32.EXE-2372-F.txt
2014-07-12 16:39 - 2014-07-12 16:39 - 03678208 _____ () C:\Users\Reinhard\Downloads\Heidi (M).pps
2014-07-12 16:07 - 2014-07-12 22:12 - 00184467 _____ () C:\ProgramData\RUNDLL32.EXE-2188-F.txt
2014-07-12 07:19 - 2014-07-12 12:49 - 00168362 _____ () C:\ProgramData\RUNDLL32.EXE-2656-F.txt
2014-07-11 22:00 - 2014-07-11 22:06 - 00003563 _____ () C:\ProgramData\RUNDLL32.EXE-2996-F.txt
2014-07-11 19:13 - 2014-07-19 21:44 - 00035843 _____ () C:\ProgramData\RUNDLL32.EXE-2532-F.txt
2014-07-11 16:20 - 2014-07-11 16:31 - 00005220 _____ () C:\ProgramData\RUNDLL32.EXE-1536-F.txt
2014-07-10 19:14 - 2014-07-10 19:44 - 00011232 _____ () C:\ProgramData\RUNDLL32.EXE-1040-F.txt
2014-07-10 16:41 - 2014-07-10 16:53 - 00006294 _____ () C:\ProgramData\RUNDLL32.EXE-164-F.txt
2014-07-09 16:26 - 2014-07-09 16:33 - 00003239 _____ () C:\ProgramData\RUNDLL32.EXE-2060-F.txt
2014-07-08 19:21 - 2014-07-08 19:44 - 00010995 _____ () C:\ProgramData\RUNDLL32.EXE-364-F.txt
2014-07-08 16:27 - 2014-07-08 16:48 - 00010425 _____ () C:\ProgramData\RUNDLL32.EXE-2980-F.txt
2014-07-07 19:40 - 2014-07-07 19:44 - 00001981 _____ () C:\ProgramData\RUNDLL32.EXE-1208-F.txt
2014-07-07 16:34 - 2014-07-07 16:49 - 00007532 _____ () C:\ProgramData\RUNDLL32.EXE-956-F.txt
2014-07-06 15:53 - 2014-07-06 18:08 - 00066839 _____ () C:\ProgramData\RUNDLL32.EXE-2032-F.txt
2014-07-06 10:04 - 2014-07-06 12:57 - 00087506 _____ () C:\ProgramData\RUNDLL32.EXE-2340-F.txt
2014-07-05 22:48 - 2014-07-05 22:55 - 00004044 _____ () C:\ProgramData\RUNDLL32.EXE-3012-F.txt
2014-07-05 19:41 - 2014-07-05 20:05 - 00011956 _____ () C:\ProgramData\RUNDLL32.EXE-2120-F.txt
2014-07-04 16:25 - 2014-07-04 16:36 - 00005916 _____ () C:\ProgramData\RUNDLL32.EXE-2220-F.txt
2014-07-03 18:59 - 2014-07-03 19:35 - 00017715 _____ () C:\ProgramData\RUNDLL32.EXE-2452-F.txt
2014-07-03 16:48 - 2014-07-03 17:02 - 00006860 _____ () C:\ProgramData\RUNDLL32.EXE-2180-F.txt
2014-07-02 19:19 - 2014-07-02 22:31 - 00017073 _____ () C:\ProgramData\RUNDLL32.EXE-2932-F.txt
2014-07-02 16:23 - 2014-07-13 19:59 - 00010262 _____ () C:\ProgramData\RUNDLL32.EXE-2836-F.txt
2014-07-01 22:19 - 2014-07-01 22:31 - 00006617 _____ () C:\ProgramData\RUNDLL32.EXE-2944-F.txt
2014-06-30 22:51 - 2014-06-30 22:57 - 00003121 _____ () C:\ProgramData\RUNDLL32.EXE-1180-F.txt
2014-06-30 18:44 - 2014-06-30 19:36 - 00026163 _____ () C:\ProgramData\RUNDLL32.EXE-2956-F.txt
2014-06-29 20:11 - 2014-06-29 20:20 - 00004977 _____ () C:\ProgramData\RUNDLL32.EXE-2600-F.txt
2014-06-29 12:06 - 2014-06-29 12:16 - 00004942 _____ () C:\ProgramData\RUNDLL32.EXE-2244-F.txt
2014-06-29 09:10 - 2014-06-29 09:59 - 00024980 _____ () C:\ProgramData\RUNDLL32.EXE-1352-F.txt
2014-06-28 16:16 - 2014-06-28 18:03 - 00054263 _____ () C:\ProgramData\RUNDLL32.EXE-2904-F.txt
2014-06-28 09:26 - 2014-07-15 19:35 - 00153001 _____ () C:\ProgramData\RUNDLL32.EXE-3048-F.txt
2014-06-28 07:01 - 2014-06-28 07:04 - 00001395 _____ () C:\ProgramData\RUNDLL32.EXE-1200-F.txt
2014-06-27 19:36 - 2014-06-27 20:04 - 00014038 _____ () C:\ProgramData\RUNDLL32.EXE-3060-F.txt
2014-06-26 20:22 - 2014-06-26 21:25 - 00032176 _____ () C:\ProgramData\RUNDLL32.EXE-2560-F.txt
2014-06-26 16:24 - 2014-06-26 16:36 - 00006492 _____ () C:\ProgramData\RUNDLL32.EXE-2500-F.txt
2014-06-25 19:54 - 2014-06-25 21:11 - 00038357 _____ () C:\ProgramData\RUNDLL32.EXE-1276-F.txt
2014-06-25 16:25 - 2014-06-25 16:36 - 00005634 _____ () C:\ProgramData\RUNDLL32.EXE-1524-F.txt
2014-06-24 18:51 - 2014-07-20 10:38 - 00008125 _____ () C:\ProgramData\RUNDLL32.EXE-1368-F.txt
2014-06-24 15:23 - 2014-06-24 15:44 - 00010651 _____ () C:\ProgramData\RUNDLL32.EXE-688-F.txt

==================== One Month Modified Files and Folders =======

2014-07-24 07:44 - 2014-07-24 07:42 - 00025532 _____ () C:\Users\Reinhard\Desktop\FRST.txt
2014-07-24 07:42 - 2014-07-24 02:40 - 00000000 ____D () C:\FRST
2014-07-24 07:41 - 2014-07-24 07:39 - 00000000 ____D () C:\Windows\LastGood
2014-07-24 07:41 - 2013-12-17 17:34 - 00043456 _____ () C:\Windows\setupact.log
2014-07-24 07:39 - 2014-06-02 18:33 - 00000000 ____D () C:\Users\Reinhard\AppData\Local\CrashDumps
2014-07-24 07:39 - 2013-07-31 09:37 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2014-07-23 20:26 - 2009-07-14 06:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-23 20:26 - 2009-07-14 06:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-23 20:23 - 2010-05-12 10:18 - 00700416 _____ () C:\Windows\system32\perfh007.dat
2014-07-23 20:23 - 2010-05-12 10:18 - 00149230 _____ () C:\Windows\system32\perfc007.dat
2014-07-23 20:23 - 2009-07-14 07:13 - 01622108 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-23 17:25 - 2013-12-18 20:22 - 01538284 _____ () C:\Windows\PFRO.log
2014-07-23 17:24 - 2012-05-19 16:05 - 00000000 ____D () C:\ProgramData\Avira
2014-07-23 17:13 - 2014-07-23 16:43 - 00014412 _____ () C:\ProgramData\RUNDLL32.EXE-2820-F.txt
2014-07-23 17:02 - 2012-12-18 18:47 - 00000000 ____D () C:\Users\Reinhard\AppData\Roaming\Systweak
2014-07-23 17:01 - 2014-07-23 17:01 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-23 16:32 - 2014-07-23 16:31 - 00000822 _____ () C:\ProgramData\RUNDLL32.EXE-2768-F.txt
2014-07-23 16:20 - 2014-07-23 16:17 - 00001081 _____ () C:\ProgramData\RUNDLL32.EXE-2300-F.txt
2014-07-23 15:14 - 2014-07-24 07:42 - 02091520 _____ (Farbar) C:\Users\Reinhard\Desktop\FRST64.exe
2014-07-22 20:03 - 2014-07-22 19:48 - 00007167 _____ () C:\ProgramData\RUNDLL32.EXE-3008-F.txt
2014-07-22 18:27 - 2014-07-22 18:08 - 00009283 _____ () C:\ProgramData\RUNDLL32.EXE-2680-F.txt
2014-07-22 17:40 - 2014-07-22 17:39 - 00000829 _____ () C:\ProgramData\RUNDLL32.EXE-3044-F.txt
2014-07-22 17:33 - 2014-07-22 17:30 - 00001849 _____ () C:\ProgramData\RUNDLL32.EXE-2748-F.txt
2014-07-22 17:33 - 2014-07-22 17:22 - 00000000 ____D () C:\AdwCleaner
2014-07-22 17:23 - 2014-07-22 17:19 - 00001912 _____ () C:\ProgramData\RUNDLL32.EXE-212-F.txt
2014-07-22 17:22 - 2014-07-22 17:22 - 01354223 _____ () C:\Users\Reinhard\Downloads\adwcleaner_3.216.exe
2014-07-22 17:22 - 2014-07-22 17:22 - 01354223 _____ () C:\Users\Reinhard\Downloads\adwcleaner_3.216 (1).exe
2014-07-22 17:05 - 2014-07-22 16:09 - 00027063 _____ () C:\ProgramData\RUNDLL32.EXE-3004-F.txt
2014-07-21 20:44 - 2014-06-14 16:43 - 00114586 _____ () C:\ProgramData\RUNDLL32.EXE-2828-F.txt
2014-07-21 19:59 - 2014-06-01 11:59 - 00071259 _____ () C:\ProgramData\RUNDLL32.EXE-2792-F.txt
2014-07-21 18:05 - 2014-07-21 17:13 - 00009735 _____ () C:\ProgramData\RUNDLL32.EXE-2744-F.txt
2014-07-21 17:59 - 2014-07-21 17:28 - 00015076 _____ () C:\ProgramData\RUNDLL32.EXE-3732-F.txt
2014-07-21 17:57 - 2014-07-21 17:57 - 02028976 _____ () C:\Users\Reinhard\Downloads\winrar-x64-510d.exe
2014-07-21 17:57 - 2014-07-21 17:57 - 00000000 ____D () C:\Users\Reinhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-21 17:57 - 2014-07-21 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-21 17:57 - 2014-07-21 17:57 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-21 17:54 - 2014-07-13 17:43 - 00000000 ____D () C:\Users\Reinhard\AppData\Roaming\Nico Mak Computing
2014-07-21 17:52 - 2014-07-21 17:52 - 00000000 ____D () C:\ProgramData\PDF Architect
2014-07-21 17:33 - 2014-07-21 17:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-21 17:32 - 2014-07-21 17:32 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Reinhard\Downloads\mbar-1.07.0.1012.exe
2014-07-21 17:32 - 2014-07-21 17:32 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-21 17:32 - 2014-07-21 17:32 - 00000000 ____D () C:\Users\Reinhard\Desktop\mbar
2014-07-21 17:27 - 2014-07-19 22:50 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-21 17:24 - 2013-12-18 20:26 - 00191039 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 17:21 - 2014-07-21 17:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Reinhard\Downloads\HiJackThis204.exe
2014-07-21 17:20 - 2014-07-21 17:17 - 333878864 _____ (NVIDIA Corporation) C:\Users\Reinhard\Downloads\337.88-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-07-21 16:51 - 2014-07-21 16:27 - 00011476 _____ () C:\ProgramData\RUNDLL32.EXE-1184-F.txt
2014-07-20 20:12 - 2014-07-20 19:08 - 00031122 _____ () C:\ProgramData\RUNDLL32.EXE-2720-F.txt
2014-07-20 18:23 - 2014-07-20 18:13 - 00004942 _____ () C:\ProgramData\RUNDLL32.EXE-2228-F.txt
2014-07-20 18:22 - 2014-07-20 18:18 - 00001007 _____ () C:\Users\Public\Desktop\DriverTuner.lnk
2014-07-20 18:22 - 2014-07-20 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
2014-07-20 18:22 - 2014-07-20 18:18 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-07-20 17:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-20 17:09 - 2014-07-20 17:09 - 00502750 _____ () C:\Users\Reinhard\Downloads\eBay-Kaufabwicklung – Kauf abgeschlossen_dll.mht
2014-07-20 13:08 - 2014-06-17 16:33 - 00070233 _____ () C:\ProgramData\RUNDLL32.EXE-2756-F.txt
2014-07-20 10:58 - 2014-07-20 10:53 - 00002693 _____ () C:\ProgramData\RUNDLL32.EXE-1056-F.txt
2014-07-20 10:38 - 2014-06-24 18:51 - 00008125 _____ () C:\ProgramData\RUNDLL32.EXE-1368-F.txt
2014-07-19 23:00 - 2014-07-19 22:38 - 00010942 _____ () C:\ProgramData\RUNDLL32.EXE-2660-F.txt
2014-07-19 22:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-07-19 22:52 - 2014-07-19 22:52 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-07-19 22:52 - 2014-07-19 22:52 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-19 22:37 - 2014-07-19 22:23 - 00007076 _____ () C:\ProgramData\RUNDLL32.EXE-2616-F.txt
2014-07-19 22:33 - 2010-12-03 20:14 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-07-19 22:21 - 2014-07-19 22:17 - 00001839 _____ () C:\ProgramData\RUNDLL32.EXE-2612-F.txt
2014-07-19 22:15 - 2014-06-16 19:39 - 00034806 _____ () C:\ProgramData\RUNDLL32.EXE-2812-F.txt
2014-07-19 21:44 - 2014-07-11 19:13 - 00035843 _____ () C:\ProgramData\RUNDLL32.EXE-2532-F.txt
2014-07-19 20:24 - 2014-07-19 20:21 - 00000778 _____ () C:\ProgramData\RUNDLL32.EXE-2784-F.txt
2014-07-19 20:05 - 2014-07-19 19:35 - 00015164 _____ () C:\ProgramData\RUNDLL32.EXE-2716-F.txt
2014-07-19 19:54 - 2014-07-19 19:54 - 00000000 ____D () C:\NVIDIA
2014-07-19 19:34 - 2011-07-21 09:01 - 00000000 ____D () C:\Windows\Minidump
2014-07-19 16:58 - 2014-01-02 15:44 - 00262144 ____N () C:\Windows\Minidump\071914-41340-01.dmp
2014-07-19 16:57 - 2014-01-02 15:44 - 00262144 ____N () C:\Windows\Minidump\071914-41511-01.dmp
2014-07-16 18:52 - 2014-07-16 18:52 - 00555672 _____ () C:\Windows\Minidump\071614-29577-01.dmp
2014-07-16 18:51 - 2014-07-16 18:51 - 00555672 _____ () C:\Windows\Minidump\071614-29593-01.dmp
2014-07-16 18:50 - 2014-07-16 18:50 - 00555672 _____ () C:\Windows\Minidump\071614-29094-01.dmp
2014-07-15 22:05 - 2014-06-01 08:25 - 00034660 _____ () C:\ProgramData\RUNDLL32.EXE-2856-F.txt
2014-07-15 19:35 - 2014-06-28 09:26 - 00153001 _____ () C:\ProgramData\RUNDLL32.EXE-3048-F.txt
2014-07-15 16:33 - 2014-07-15 16:23 - 00004971 _____ () C:\ProgramData\RUNDLL32.EXE-816-F.txt
2014-07-14 19:49 - 2014-07-14 19:29 - 00009753 _____ () C:\ProgramData\RUNDLL32.EXE-2824-F.txt
2014-07-14 18:24 - 2014-07-14 18:24 - 00555672 _____ () C:\Windows\Minidump\071414-92945-01.dmp
2014-07-14 18:22 - 2014-07-14 18:22 - 00262144 ____N () C:\Windows\Minidump\071414-28501-01.dmp
2014-07-14 16:47 - 2014-05-30 16:12 - 00055431 _____ () C:\ProgramData\RUNDLL32.EXE-2636-F.txt
2014-07-14 16:42 - 2014-07-14 16:41 - 00555672 _____ () C:\Windows\Minidump\071414-102601-01.dmp
2014-07-13 20:06 - 2014-07-13 20:06 - 00262144 ____H () C:\Windows\DUMPa1a5.DMP
2014-07-13 20:00 - 2014-07-13 20:00 - 00262144 ____H () C:\Windows\DUMPcb0f.DMP
2014-07-13 19:59 - 2014-07-02 16:23 - 00010262 _____ () C:\ProgramData\RUNDLL32.EXE-2836-F.txt
2014-07-13 17:58 - 2014-06-08 07:18 - 00026225 _____ () C:\ProgramData\RUNDLL32.EXE-2924-F.txt
2014-07-13 17:56 - 2013-11-29 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeMeter
2014-07-13 17:43 - 2014-06-15 19:30 - 00091740 _____ () C:\ProgramData\RUNDLL32.EXE-2884-F.txt
2014-07-13 16:41 - 2014-07-13 16:14 - 00013810 _____ () C:\ProgramData\RUNDLL32.EXE-2232-F.txt
2014-07-13 12:27 - 2014-06-09 16:04 - 00157523 _____ () C:\ProgramData\RUNDLL32.EXE-2876-F.txt
2014-07-13 09:50 - 2014-07-13 09:27 - 00012242 _____ () C:\ProgramData\RUNDLL32.EXE-2800-F.txt
2014-07-13 09:48 - 2011-02-06 12:27 - 00000000 ____D () C:\Users\Reinhard\Döling KG
2014-07-13 08:41 - 2014-07-13 08:33 - 00004435 _____ () C:\ProgramData\RUNDLL32.EXE-2372-F.txt
2014-07-12 22:12 - 2014-07-12 16:07 - 00184467 _____ () C:\ProgramData\RUNDLL32.EXE-2188-F.txt
2014-07-12 16:39 - 2014-07-12 16:39 - 03678208 _____ () C:\Users\Reinhard\Downloads\Heidi (M).pps
2014-07-12 12:49 - 2014-07-12 07:19 - 00168362 _____ () C:\ProgramData\RUNDLL32.EXE-2656-F.txt
2014-07-11 22:06 - 2014-07-11 22:00 - 00003563 _____ () C:\ProgramData\RUNDLL32.EXE-2996-F.txt
2014-07-11 16:31 - 2014-07-11 16:20 - 00005220 _____ () C:\ProgramData\RUNDLL32.EXE-1536-F.txt
2014-07-10 19:44 - 2014-07-10 19:14 - 00011232 _____ () C:\ProgramData\RUNDLL32.EXE-1040-F.txt
2014-07-10 16:53 - 2014-07-10 16:41 - 00006294 _____ () C:\ProgramData\RUNDLL32.EXE-164-F.txt
2014-07-09 19:40 - 2014-06-09 19:39 - 00018854 _____ () C:\ProgramData\RUNDLL32.EXE-2852-F.txt
2014-07-09 16:33 - 2014-07-09 16:26 - 00003239 _____ () C:\ProgramData\RUNDLL32.EXE-2060-F.txt
2014-07-08 19:44 - 2014-07-08 19:21 - 00010995 _____ () C:\ProgramData\RUNDLL32.EXE-364-F.txt
2014-07-08 16:48 - 2014-07-08 16:27 - 00010425 _____ () C:\ProgramData\RUNDLL32.EXE-2980-F.txt
2014-07-07 19:44 - 2014-07-07 19:40 - 00001981 _____ () C:\ProgramData\RUNDLL32.EXE-1208-F.txt
2014-07-07 16:49 - 2014-07-07 16:34 - 00007532 _____ () C:\ProgramData\RUNDLL32.EXE-956-F.txt
2014-07-06 21:38 - 2014-06-11 18:35 - 00019891 _____ () C:\ProgramData\RUNDLL32.EXE-2948-F.txt
2014-07-06 18:08 - 2014-07-06 15:53 - 00066839 _____ () C:\ProgramData\RUNDLL32.EXE-2032-F.txt
2014-07-06 16:12 - 2011-02-06 12:56 - 00000000 ____D () C:\Users\Reinhard\Versicherungen
2014-07-06 12:57 - 2014-07-06 10:04 - 00087506 _____ () C:\ProgramData\RUNDLL32.EXE-2340-F.txt
2014-07-05 22:55 - 2014-07-05 22:48 - 00004044 _____ () C:\ProgramData\RUNDLL32.EXE-3012-F.txt
2014-07-05 20:05 - 2014-07-05 19:41 - 00011956 _____ () C:\ProgramData\RUNDLL32.EXE-2120-F.txt
2014-07-05 13:06 - 2014-06-08 22:00 - 00160347 _____ () C:\ProgramData\RUNDLL32.EXE-2144-F.txt
2014-07-05 00:31 - 2014-06-01 20:28 - 00038050 _____ () C:\ProgramData\RUNDLL32.EXE-2912-F.txt
2014-07-04 16:36 - 2014-07-04 16:25 - 00005916 _____ () C:\ProgramData\RUNDLL32.EXE-2220-F.txt
2014-07-03 22:08 - 2014-05-27 18:54 - 00086258 _____ () C:\ProgramData\RUNDLL32.EXE-2908-F.txt
2014-07-03 19:35 - 2014-07-03 18:59 - 00017715 _____ () C:\ProgramData\RUNDLL32.EXE-2452-F.txt
2014-07-03 19:28 - 2011-11-06 11:59 - 00022016 _____ () C:\Users\Reinhard\Kinderzahlungen.xls
2014-07-03 19:28 - 2011-02-04 17:14 - 00000000 ____D () C:\Users\Reinhard
2014-07-03 17:02 - 2014-07-03 16:48 - 00006860 _____ () C:\ProgramData\RUNDLL32.EXE-2180-F.txt
2014-07-02 22:31 - 2014-07-02 19:19 - 00017073 _____ () C:\ProgramData\RUNDLL32.EXE-2932-F.txt
2014-07-01 22:31 - 2014-07-01 22:19 - 00006617 _____ () C:\ProgramData\RUNDLL32.EXE-2944-F.txt
2014-07-01 16:36 - 2014-06-03 16:44 - 00027718 _____ () C:\ProgramData\RUNDLL32.EXE-1268-F.txt
2014-06-30 22:57 - 2014-06-30 22:51 - 00003121 _____ () C:\ProgramData\RUNDLL32.EXE-1180-F.txt
2014-06-30 19:36 - 2014-06-30 18:44 - 00026163 _____ () C:\ProgramData\RUNDLL32.EXE-2956-F.txt
2014-06-30 18:17 - 2014-06-07 10:45 - 00291898 _____ () C:\ProgramData\RUNDLL32.EXE-2872-F.txt
2014-06-29 20:20 - 2014-06-29 20:11 - 00004977 _____ () C:\ProgramData\RUNDLL32.EXE-2600-F.txt
2014-06-29 18:40 - 2014-05-25 15:55 - 00198853 _____ () C:\ProgramData\RUNDLL32.EXE-2972-F.txt
2014-06-29 14:59 - 2014-06-02 21:54 - 00076249 _____ () C:\ProgramData\RUNDLL32.EXE-2952-F.txt
2014-06-29 12:16 - 2014-06-29 12:06 - 00004942 _____ () C:\ProgramData\RUNDLL32.EXE-2244-F.txt
2014-06-29 09:59 - 2014-06-29 09:10 - 00024980 _____ () C:\ProgramData\RUNDLL32.EXE-1352-F.txt
2014-06-28 23:19 - 2014-06-10 18:30 - 00036970 _____ () C:\ProgramData\RUNDLL32.EXE-2860-F.txt
2014-06-28 19:48 - 2014-05-30 22:10 - 00019452 _____ () C:\ProgramData\RUNDLL32.EXE-2864-F.txt
2014-06-28 18:03 - 2014-06-28 16:16 - 00054263 _____ () C:\ProgramData\RUNDLL32.EXE-2904-F.txt
2014-06-28 07:04 - 2014-06-28 07:01 - 00001395 _____ () C:\ProgramData\RUNDLL32.EXE-1200-F.txt
2014-06-27 20:04 - 2014-06-27 19:36 - 00014038 _____ () C:\ProgramData\RUNDLL32.EXE-3060-F.txt
2014-06-26 21:25 - 2014-06-26 20:22 - 00032176 _____ () C:\ProgramData\RUNDLL32.EXE-2560-F.txt
2014-06-26 16:36 - 2014-06-26 16:24 - 00006492 _____ () C:\ProgramData\RUNDLL32.EXE-2500-F.txt
2014-06-25 21:11 - 2014-06-25 19:54 - 00038357 _____ () C:\ProgramData\RUNDLL32.EXE-1276-F.txt
2014-06-25 20:35 - 2011-12-29 20:28 - 00041984 _____ () C:\Users\Reinhard\Documents\Besondere Ereignisse.xls
2014-06-25 16:36 - 2014-06-25 16:25 - 00005634 _____ () C:\ProgramData\RUNDLL32.EXE-1524-F.txt
2014-06-24 15:44 - 2014-06-24 15:23 - 00010651 _____ () C:\ProgramData\RUNDLL32.EXE-688-F.txt

Files to move or delete:
====================
C:\Users\Reinhard\avg_avct_stb_all_2012_1796_cm10.exe
C:\Users\Reinhard\InstallMyTomTomSA.exe
C:\Users\Reinhard\Office2003SP3-KB923618-FullFile-DEU.exe


Some content of TEMP:
====================
C:\Users\Reinhard\AppData\Local\Temp\dRbT.dll
C:\Users\Reinhard\AppData\Local\Temp\iSXk.dll
C:\Users\Reinhard\AppData\Local\Temp\kktxil.exe
C:\Users\Reinhard\AppData\Local\Temp\NEventMessages.dll
C:\Users\Reinhard\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Reinhard\AppData\Local\Temp\P5U0.dll
C:\Users\Reinhard\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


LastRegBack: 2013-10-12 16:03

==================== End Of Log ============================
--- --- ---




Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2014 01
Ran by Reinhard at 2014-07-24 07:44:41
Running from C:\Users\Reinhard\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton 360 (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Avira Desktop (Disabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2013 (Version: 13.0.3204 - AVG Technologies) Hidden
Avira SearchFree Toolbar plus Web Protection Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.6.45268 - Ask.com) <==== ATTENTION
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant Polaris Unused CIR Function (HKLM\...\Uninstaller52c67e7f37d) (Version: 1.0.0.0 - Conexant Systems)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Shell Extension - 64Bit (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM-x32\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (x32 Version: 1.1 - Corel Corporation) Hidden
Crazy Browser version 3.0.5 (HKLM-x32\...\Crazy Browser 3.0.5_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriverScanner (HKLM-x32\...\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1) (Version: 4.0.10.0 - Uniblue Systems Ltd)
DriverTuner 3.5.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.5.0.1 - LionSea Software co., ltd)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
HP Officejet 4620 series - Grundlegende Software für das Gerät (HKLM\...\{B16F9E6E-1388-472C-98C3-F32D397EF85D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Hilfe (HKLM-x32\...\{72EDA2AC-2908-4BB3-97E5-4F9DDEBF9731}) (Version: 6.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Installation Manager (x32 Version: 1.00.0000 - CNC Software, Inc.) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mastercam X6 Demo\HLE (x32 Version: 15.0.4.4 - CNC Software, Inc.) Hidden
Mastercam X7 (x32 Version: 2.00.2000 - CNC Software, Inc.) Hidden
Mastercam X7 Art 64 Bit (Version: 16.0.6.2 - CNC Software, Inc.) Hidden
Mastercam X7 Demo\HLE (HKLM-x32\...\{ED4D307E-FC64-4784-AD1E-ADFD7E42517D}-IM) (Version: 16.0.6.2 - CNC Software, Inc.)
Mastercam X7 Demo-HLE (Version: 16.0.6.2 - CNC Software, Inc.) Hidden
Mastercam X7 Sample Files (x32 Version: 16.0.6.2 - CNC Software, Inc.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Mozilla Firefox 25.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 de)) (Version: 25.0.1 - Mozilla)
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Lifeblog 2.5 (HKLM-x32\...\{E94603CA-2996-4154-8EE2-A5FCD4BFB500}) (Version: 2.5.224 - Nokia)
Nokia NSeries Application Installer (HKLM-x32\...\{FD349381-D79C-4E5C-8980-015DFFB962D5}) (Version: 6.82.15 - Nokia)
Nokia NSeries Content Copier (HKLM-x32\...\{F779EC8D-6703-4C4A-817C-37B07898E647}) (Version: 6.82.15 - Nokia)
Nokia NSeries Multimedia Player (HKLM-x32\...\{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}) (Version: 6.82.15 - Nokia)
Nokia NSeries One Touch Access (HKLM-x32\...\{F4EE8763-EAA8-4BC1-8594-8501F5F00414}) (Version: 6.82.15 - Nokia)
Nokia NSeries System Utilities (HKLM-x32\...\{96E94E18-54D6-42C1-8FC4-24DACEDC3395}) (Version: 6.82.16 - Nokia)
Nokia Nseries Video Manager (HKLM-x32\...\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}) (Version: 1.1.9 - Nokia)
Nokia PC Suite (HKLM-x32\...\{531317A5-586A-4E36-87C1-CA823447B375}) (Version: 6.81.13.0 - Nokia)
Nokia Phone Browser 64-bit (Version: 6.81.13.0 - Nokia) Hidden
Nokia Software Launcher (HKLM-x32\...\{8287D31D-78FF-4EDA-BB26-A29459E8DA97}) (Version: 1.6.77 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PC Connectivity Solution 64-bit components (Version: 6.43.14.0 - Nokia) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6225 - Realtek Semiconductor Corp.)
Studie zur Verbesserung von HP Officejet 4620 series Produkten (HKLM\...\{ABBC6F00-E9C9-4B1E-B046-8FFD7BA3A456}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
TomTom HOME 2.8.3.2499 (HKLM-x32\...\TomTom HOME) (Version: 2.8.3.2499 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TuneUp Utilities 2013 (x32 Version: 13.0.2020.4 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.2020.4 - TuneUp Software) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Video Grabber (HKLM\...\Uninstaller52c67e8274) (Version: 1.0.0.0 - Conexant Systems)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia Modem  (05/22/2008 3.8) (HKLM\...\C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD) (Version: 05/22/2008 3.8 - Nokia)
Windows-Treiberpaket - Nokia Modem  (05/22/2008 7.00.0.1) (HKLM\...\9CD348AE9C64C4B939B624E8E24F3903EFDFC82B) (Version: 05/22/2008 7.00.0.1 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WinZipper (HKLM-x32\...\WinZipper) (Version: 1.4.8 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID entries: ==========================

CustomCLSID: HKU\S-1-5-21-145491947-2959547439-914181856-1001_Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> Orphan?
CustomCLSID: HKU\S-1-5-21-145491947-2959547439-914181856-1001_Classes\CLSID\{2F3F0717-0DC7-4F39-89D2-5EF30BBE2FF7} -> Orphan?
CustomCLSID: HKU\S-1-5-21-145491947-2959547439-914181856-1001_Classes\CLSID\{6DB94B00-1987-450D-9E9E-5934008B7E60} -> Orphan?

==================== Restore Points  =========================

15-04-2014 16:31:56 Removed Bonjour
18-04-2014 16:06:26 Removed Bonjour
01-05-2014 09:39:34 Wiederherstellungsvorgang
11-05-2014 08:08:17 Installed iTunes
31-05-2014 14:45:38 Removed Catalyst Control Center InstallProxy
31-05-2014 14:47:37 Removed Catalyst Control Center Localization All
28-06-2014 10:31:57 Installed iTunes
13-07-2014 15:52:36 Removed Bonjour
13-07-2014 15:55:23 Removed CodeMeter Runtime Kit v4.50c
19-07-2014 20:51:41 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte
20-07-2014 08:38:07 Wiederherstellungsvorgang
21-07-2014 15:51:41 Removed PDF Architect

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {15EBCA02-54AB-4EEF-8E92-4BA5F91B6B15} - System32\Tasks\{3C67D930-1C73-4494-B357-FF4D38A4F931} => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
Task: {19902612-2AE7-4951-9E88-E2A6BCA9D62B} - System32\Tasks\{324B488F-5347-47A2-9690-B8F7B7228400} => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
Task: {233C469A-5CA5-4A4C-9DBD-E409264A3AA1} - System32\Tasks\Dealply => C:\Users\Reinhard\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {291EA8E2-5F43-4235-9794-549C269BE756} - System32\Tasks\Plus-HD-2.3-enabler => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe
Task: {338BA3B1-E0FA-4CFF-B8D5-CC4929EA75C6} - System32\Tasks\Plus-HD-2.3-codedownloader => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe
Task: {4B16436F-2846-4AFF-8A59-BCF4CF4A0EB0} - System32\Tasks\Plus-HD-2.3-chromeinstaller => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe
Task: {52457FA8-E427-4A8E-B74D-D1BB170C9A0C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {5A568CC4-684F-4534-9DCD-C823D9312670} - System32\Tasks\dsmonitor => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2013-01-16] (Uniblue Systems Ltd)
Task: {669089E0-30EF-45DF-A0E3-DF7D6BE0F736} - System32\Tasks\{0D535947-054F-4734-9AD6-A07BAEA17DCC} => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
Task: {6742A5C6-70B0-4BA4-9C80-48D50AFC7C1E} - System32\Tasks\{D894CE53-87BD-4B91-A6D8-54DA1252A0D0} => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
Task: {6848ADE2-149E-4EE6-890E-AED50961EEC1} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files (x86)\Omiga Plus\omigaplus.exe
Task: {834A83EA-AFA3-4CE2-A4F9-1C01B0E2056C} - System32\Tasks\FGRun => C:\Users\Reinhard\AppData\Roaming\pack.exe
Task: {96B42385-F3D9-4A81-B786-9483E5623163} - System32\Tasks\DriverScanner => C:\Program Files (x86)\Uniblue\DriverScanner\driverscanner.exe [2013-01-16] (Uniblue Systems Ltd)
Task: {9A987851-AA45-4752-8BB6-B4F1B7FFE7D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {9CA53529-D803-4282-95D3-245D28407B46} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {A015A283-FCBD-48B4-B66C-C22AB5573663} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\WSCStub.exe
Task: {AE24EACC-0BFE-47C7-B624-23ABF80D530D} - System32\Tasks\{AA0EFF99-58FD-484E-ABEB-AFAD10B533E6} => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
Task: {B25EDAE7-5BA3-47E6-9719-C13B271DC18A} - System32\Tasks\{4D2A3CE2-97D1-452A-9065-24B60E40915F} => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
Task: {B814A678-18B7-4B85-8F41-DE002152B582} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2012-09-19] (TuneUp Software)
Task: {C1320AE8-5329-4509-8546-212D94FAB89C} - System32\Tasks\{CA991E41-4EE0-4DE6-9D75-9742020F3814} => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
Task: {D4AF0789-1FC2-444A-9DF7-D1B9961F604D} - System32\Tasks\Plus-HD-2.3-updater => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe
Task: {EF6E0FF8-5D86-4514-95E0-A02FFBADE650} - System32\Tasks\Plus-HD-2.3-firefoxinstaller => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe
Task: C:\Windows\Tasks\0.job => c:\program files\internet explorer\iexplore.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Reinhard\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\DriverScanner.job => C:\Program Files (x86)\Uniblue\DriverScanner\driverscanner.exe
Task: C:\Windows\Tasks\dsmonitor.job => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
Task: C:\Windows\Tasks\SpeedUpMyPC.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe <==== ATTENTION
Task: C:\Windows\Tasks\Systweak Support Dock.job => C:\Program Files (x86)\Systweak Support Dock\SystweakDock.exe
Task: C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{F287EF7A-FA7F-4EA0-A6DC-EF9579167F65}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2007-11-06 10:16 - 2007-11-06 10:16 - 03096576 _____ () C:\Program Files (x86)\Nokia\Nokia Software Launcher\NSLauncher.exe
2013-07-31 09:37 - 2013-07-31 09:37 - 00612520 _____ () C:\Program Files (x86)\WinZipper\sqlite3.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2013-04-15 14:26 - 2013-04-15 14:26 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2013-04-15 14:26 - 2013-04-15 14:26 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2013-10-02 21:28 - 2013-10-02 21:28 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2013-10-02 21:30 - 2013-10-02 21:30 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2013-10-02 21:28 - 2013-10-02 21:28 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2013-10-02 21:30 - 2013-10-02 21:30 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-08 17:12 - 2013-12-04 08:08 - 00483136 _____ () C:\Users\Reinhard\AppData\Local\Beamrise\Application\29.3.0.7126\ppGoogleNaClPluginChrome.dll
2013-12-08 17:12 - 2013-12-04 08:08 - 00868160 _____ () C:\Users\Reinhard\AppData\Local\Beamrise\Application\29.3.0.7126\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:AD022376

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe

==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2014 07:42:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/24/2014 07:39:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: APSDaemon.exe, Version: 2.3.4.27, Zeitstempel: 0x52f31902
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00242a83
ID des fehlerhaften Prozesses: 0xab0
Startzeit der fehlerhaften Anwendung: 0xAPSDaemon.exe0
Pfad der fehlerhaften Anwendung: APSDaemon.exe1
Pfad des fehlerhaften Moduls: APSDaemon.exe2
Berichtskennung: APSDaemon.exe3

Error: (07/24/2014 07:39:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AppleMobileDeviceService.exe, Version: 17.327.4.24, Zeitstempel: 0x52fa24ee
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00142a83
ID des fehlerhaften Prozesses: 0x604
Startzeit der fehlerhaften Anwendung: 0xAppleMobileDeviceService.exe0
Pfad der fehlerhaften Anwendung: AppleMobileDeviceService.exe1
Pfad des fehlerhaften Moduls: AppleMobileDeviceService.exe2
Berichtskennung: AppleMobileDeviceService.exe3

Error: (07/23/2014 08:48:41 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <10, 0x80070005, "">.

Error: (07/23/2014 05:25:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3016) (User: NT-AUTORITÄT)
Description: Der Wert "Object List" des Schlüssels "SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance" kann nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode, und das zweite DWORD enthält den aktualisierten Wert.

Error: (07/23/2014 05:25:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3016) (User: NT-AUTORITÄT)
Description: Der Wert "First Help" des Schlüssels "SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance" kann nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode, und das zweite DWORD enthält den aktualisierten Wert.

Error: (07/23/2014 05:25:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3016) (User: NT-AUTORITÄT)
Description: Der Wert "First Counter" des Schlüssels "SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance" kann nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode, und das zweite DWORD enthält den aktualisierten Wert.

Error: (07/23/2014 05:25:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3016) (User: NT-AUTORITÄT)
Description: Der Wert "Last Help" des Schlüssels "SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance" kann nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode, und das zweite DWORD enthält den aktualisierten Wert.

Error: (07/23/2014 05:25:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3016) (User: NT-AUTORITÄT)
Description: Der Wert "Last Counter" des Schlüssels "SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance" kann nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode, und das zweite DWORD enthält den aktualisierten Wert.

Error: (07/23/2014 05:25:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3016) (User: NT-AUTORITÄT)
Description: Der Wert "Last Help" des Schlüssels "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib" kann nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode, und das zweite DWORD enthält den aktualisierten Wert.


System errors:
=============
Error: (07/24/2014 07:39:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/24/2014 07:39:13 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver. Dieser Dienst ist eventuell nicht installiert.

Error: (07/23/2014 08:19:26 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.

Error: (07/23/2014 08:18:52 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver. Dieser Dienst ist eventuell nicht installiert.

Error: (07/23/2014 08:18:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎23.‎07.‎2014 um 20:17:07 unerwartet heruntergefahren.

Error: (07/23/2014 07:41:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/23/2014 06:11:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/23/2014 05:40:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/23/2014 05:40:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/23/2014 05:26:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068


Microsoft Office Sessions:
=========================
Error: (07/24/2014 07:42:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestI:\esetsmartinstaller_deu.exe

Error: (07/24/2014 07:39:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: APSDaemon.exe2.3.4.2752f31902unknown0.0.0.000000000c000000500242a83ab001cfa701a11590c2C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exeunknowndec6de63-12f4-11e4-b4fd-6c626dba55d9

Error: (07/24/2014 07:39:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AppleMobileDeviceService.exe17.327.4.2452fa24eeunknown0.0.0.000000000c000000500142a8360401cfa70199e970fcC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeunknownd940d580-12f4-11e4-b4fd-6c626dba55d9

Error: (07/23/2014 08:48:41 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 100x80070005

Error: (07/23/2014 05:25:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3016) (User: NT-AUTORITÄT)
Description: Object ListSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance8130000001A110000

Error: (07/23/2014 05:25:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3016) (User: NT-AUTORITÄT)
Description: First HelpSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance1213000000776B0000FC100000

Error: (07/23/2014 05:25:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3016) (User: NT-AUTORITÄT)
Description: First CounterSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance1213000000766B0000DF100000

Error: (07/23/2014 05:25:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3016) (User: NT-AUTORITÄT)
Description: Last HelpSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance12130000001D6C0000C2100000

Error: (07/23/2014 05:25:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3016) (User: NT-AUTORITÄT)
Description: Last CounterSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance12130000001C6C0000A5100000

Error: (07/23/2014 05:25:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3016) (User: NT-AUTORITÄT)
Description: Last HelpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib12130000001D6C000087100000


==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 4095.29 MB
Available physical RAM: 2629.28 MB
Total Pagefile: 8188.76 MB
Available Pagefile: 6619.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:1366.17 GB) (Free:1203.72 GB) NTFS
Drive d: (Recover) (Fixed) (Total:30 GB) (Free:10.4 GB) NTFS
Drive i: (USB DISK) (Removable) (Total:3.73 GB) (Free:3.7 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-732114714624) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 4 (Size: 4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

M-K-D-B 24.07.2014 19:44
Servus,



du hast noch ganz andere Probleme wie die lästige Adware... erst mal folgendes ausführen:



Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

M-K-D-B 28.07.2014 13:29
Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:15 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131