Soo jetzt diese Frst.txt auch als CODE Tags
FRST Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-09-2013
Ran by SYSTEM on MININT-HT6B769 on 08-09-2013 21:08:54
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-02-11] (Toshiba Europe GmbH)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [NBAgent] - c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2011-01-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [462920 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [MobileBroadband] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [408576 2011-04-19] (Vodafone)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [RMAlert] - C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe [1318872 2012-03-21] (PC Tools)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKU\Acar Eren\...\Run: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-14] (Microsoft Corporation)
HKU\Acar Eren\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\Acar Eren\...\Run: [TC Login] - c:\tccargo\tccargo.exe [1215488 2012-09-07] (TimoCom Soft- und Hardware GmbH)
HKU\Acar Eren\...\Run: [Oxqyalwyw] - "C:\Users\Acar Eren\AppData\Roaming\Xiulev\yrxu.exe"
HKU\Acar Eren\...\Run: [PCSpeedUp] - C:\Program Files (x86)\PC Beschleunigen\PCSUNotifier.exe [259888 2013-05-23] ()
HKU\Acar Eren\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)
HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
AppInit_DLLs-x32: c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll [2148376 2012-12-05] ()
Startup: C:\Users\Acar Eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4h4vlmq.lnk
ShortcutTarget: 4h4vlmq.lnk -> C:\PROGRA~3\qmlv4h4.plz ()
Startup: C:\Users\Acar Eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
==================== Services (Whitelisted) =================
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-01] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 IB Updater; C:\Program Files\IB Updater\ExtensionUpdaterService.exe [188760 2013-01-29] ()
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1455408 2013-04-07] ()
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [655944 2012-07-03] (Malwarebytes Corporation)
S2 PCSUService; C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe [388912 2013-05-23] ()
S2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-03-21] (PC Tools)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
S2 Updater Service for AMZN; C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2013-03-21] ()
S2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-05-02] (Wajam)
S3 Winmgmt; C:\PROGRA~3\4h4vlmq.pzz [64604 2013-09-03] (Microsoft Corporation)
S3 Winmgmt; C:\PROGRA~3\4h4vlmq.pzz [64604 2013-09-03] (Microsoft Corporation)
S2 Browser Manager;
==================== Drivers (Whitelisted) ====================
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-04-24] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-04-27] (Avira GmbH)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-05-02] (Avira GmbH)
S0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2011-07-10] (Bytemobile, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2013-05-18] (Huawei Technologies Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
S1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2011-07-10] (Bytemobile, Inc.)
S1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2011-07-10] (Bytemobile, Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-03 23:54 - 2013-09-08 19:47 - 00000224 _____ C:\Windows\setupact.log
2013-09-03 23:54 - 2013-09-03 23:54 - 00000000 _____ C:\Windows\setuperr.log
2013-09-03 01:57 - 2013-09-08 19:48 - 00000000 _____ C:\ProgramData\4h4vlmq.ctrl
2013-09-03 01:57 - 2013-09-03 01:59 - 95025368 ____T C:\ProgramData\4h4vlmq.pff
2013-09-03 01:57 - 2013-09-03 01:57 - 00216064 _____ C:\ProgramData\qmlv4h4.plz
2013-09-03 01:57 - 2013-09-03 01:57 - 00064604 ____T (Microsoft Corporation) C:\ProgramData\4h4vlmq.pzz
==================== One Month Modified Files and Folders =======
2013-09-08 19:55 - 2011-07-02 21:52 - 00196608 _____ C:\Windows\System32\Ikeext.etl
2013-09-08 19:55 - 2009-07-14 05:45 - 00016080 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-08 19:55 - 2009-07-14 05:45 - 00016080 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-08 19:51 - 2013-05-29 15:55 - 00000000 ____D C:\Program Files (x86)\PC Beschleunigen
2013-09-08 19:48 - 2013-09-03 01:57 - 00000000 _____ C:\ProgramData\4h4vlmq.ctrl
2013-09-08 19:48 - 2012-09-09 16:21 - 00000292 _____ C:\Windows\Tasks\RMAutoUpdate.job
2013-09-08 19:47 - 2013-09-03 23:54 - 00000224 _____ C:\Windows\setupact.log
2013-09-08 19:47 - 2012-09-09 16:20 - 00000000 ____D C:\Program Files (x86)\PC Tools Registry Mechanic
2013-09-08 19:47 - 2011-05-22 18:40 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-08 19:47 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-08 19:24 - 2012-07-21 11:58 - 01098105 _____ C:\Windows\WindowsUpdate.log
2013-09-06 12:58 - 2011-05-22 18:40 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-04 00:51 - 2013-05-29 15:55 - 00000362 _____ C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2013-09-03 23:54 - 2013-09-03 23:54 - 00000000 _____ C:\Windows\setuperr.log
2013-09-03 02:48 - 2011-08-06 21:05 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-09-03 01:59 - 2013-09-03 01:57 - 95025368 ____T C:\ProgramData\4h4vlmq.pff
2013-09-03 01:57 - 2013-09-03 01:57 - 00216064 _____ C:\ProgramData\qmlv4h4.plz
2013-09-03 01:57 - 2013-09-03 01:57 - 00064604 ____T (Microsoft Corporation) C:\ProgramData\4h4vlmq.pzz
2013-09-03 01:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2013-09-03 01:29 - 2011-03-22 04:24 - 00000000 ____D C:\Users\Acar Eren\AppData\Roaming\Skype
2013-09-03 00:08 - 2009-07-14 18:58 - 00654400 _____ C:\Windows\System32\perfh007.dat
2013-09-03 00:08 - 2009-07-14 18:58 - 00130240 _____ C:\Windows\System32\perfc007.dat
2013-09-03 00:08 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\System32\PerfStringBackup.INI
Files to move or delete:
====================
C:\Users\Acar Eren\21nbaja8rmmgl.exe
C:\Users\Acar Eren\5xgvpqhvv3ggg.exe
C:\Users\Acar Eren\8m4fgj1o7d751.exe
C:\Users\Acar Eren\f0hyd8djc7qja.exe
C:\Users\Acar Eren\fdhs9pbvs22h2.exe
C:\Users\Acar Eren\gd8qrr5jt31lm.exe
C:\Users\Acar Eren\hobbt6v8xrrmy.exe
C:\ProgramData\4h4vlmq.ctrl
C:\ProgramData\pmt_0piot.pad
C:\ProgramData\qmlv4h4.plz
C:\Users\Public\AlexaNSISPlugin.6104.dll
C:\Users\Acar Eren\AppData\Local\Temp\jxnbiagasqidvajpqif.bfg
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-05-20 02:00:41
Restore point made on: 2013-05-29 17:49:54
Restore point made on: 2013-05-30 17:45:14
Restore point made on: 2013-06-14 14:24:50
Restore point made on: 2013-06-28 18:07:23
Restore point made on: 2013-07-03 12:53:31
Restore point made on: 2013-07-15 22:41:39
Restore point made on: 2013-07-22 00:42:00
Restore point made on: 2013-07-22 00:44:17
Restore point made on: 2013-07-22 00:45:19
Restore point made on: 2013-07-22 00:45:55
Restore point made on: 2013-07-22 00:47:44
Restore point made on: 2013-07-22 14:14:50
Restore point made on: 2013-07-31 23:53:39
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 3954.67 MB
Available physical RAM: 3356.86 MB
Total Pagefile: 3952.82 MB
Available Pagefile: 3350.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:134 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:223.59 GB) NTFS
Drive e: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (CREEPER) (Removable) (Total:3.92 GB) (Free:0.18 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 40D49AEE)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 0214F36C)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
LastRegBack: 2013-09-04 00:13
==================== End Of Log ============================
--- --- ---
09.09.2013, 16:57
Baum-Darstellung