|
Plagegeister aller Art und deren Bekämpfung: Schrift erscheint grün und doppelt unterstrichen, der Computer ist sehr langsam, viel WerbungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.06.2014, 22:15 | #16 |
| Schrift erscheint grün und doppelt unterstrichen, der Computer ist sehr langsam, viel Werbung Ich warte auf Schritt 4.
__________________ Proud member of Unite |
18.06.2014, 22:19 | #17 |
| Schrift erscheint grün und doppelt unterstrichen, der Computer ist sehr langsam, viel Werbung Den habe ich gemacht, aber was weiter? Sie hatten mir dazu keine weiteren Anweisungen gegeben.
__________________ |
18.06.2014, 22:21 | #18 |
| Schrift erscheint grün und doppelt unterstrichen, der Computer ist sehr langsam, viel Werbung Poste bitte die Logs davon.
__________________
__________________ |
18.06.2014, 22:25 | #19 |
| Schrift erscheint grün und doppelt unterstrichen, der Computer ist sehr langsam, viel Werbung Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2014 Ran by Br. Pirminius Seber at 2014-06-18 21:54:47 Run:1 Running from C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\Run: [iLivid] => C:\Users\Br. Pirminius Seber\AppData\Local\iLivid\iLivid.exe [6827008 2013-09-09] (Bandoo Media Inc.) HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: F - F:\.\Autorun.exe AUTORUN=1 HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: {6990a982-fa63-11e1-9c64-b888e31620a2} - F:\.\Autorun.exe AUTORUN=1 HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: {7788dee7-f745-11e1-9ecd-b888e31620a2} - F:\.\Autorun.exe AUTORUN=1 HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: {7788def6-f745-11e1-9ecd-b888e31620a2} - F:\.\Autorun.exe AUTORUN=1 HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: {7788df31-f745-11e1-9ecd-b888e31620a2} - F:\.\Autorun.exe AUTORUN=1 HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: {c40c67f7-12a4-11e2-9840-74e543436fc5} - F:\.\Autorun.exe AUTORUN=1 HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: {d6e0105c-6e9f-11e2-8ff2-b888e31620a2} - F:\autorun.exe AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found ProxyServer: http=:;https=: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = WebSearches HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = WebSearches HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396034803&from=tugs&uid=TOSHIBAXMK5075GSX_52BJCFG5TXX52BJCFG5T&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = WebSearches HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = WebSearches HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396034803&from=tugs&uid=TOSHIBAXMK5075GSX_52BJCFG5TXX52BJCFG5T&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396034803&from=tugs&uid=TOSHIBAXMK5075GSX_52BJCFG5TXX52BJCFG5T&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = WebSearches HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = WebSearches HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396034803&from=tugs&uid=TOSHIBAXMK5075GSX_52BJCFG5TXX52BJCFG5T&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe WebSearches BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120902183624.dll No File BHO-x32: Caramava - {1e50bbda-c15a-47d5-9853-d829ff890664} - C:\Program Files (x86)\Caramava\Caramavabho.dll No File BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120902183624.dll No File Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Winsock: Catalog9 01 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist) Winsock: Catalog9 02 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist) Winsock: Catalog9 03 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist) Winsock: Catalog9 04 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist) Winsock: Catalog9 15 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist) Winsock: Catalog9-x64 01 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist) Winsock: Catalog9-x64 02 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist) Winsock: Catalog9-x64 03 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist) Winsock: Catalog9-x64 04 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist) Winsock: Catalog9-x64 15 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist) FF DefaultSearchEngine: webssearches R2 SecureAssist; C:\Program Files\SupraSavings\SecureAssist.exe [1558032 2014-03-12] (SecureAssist) [File not signed] S2 Update Caramava; "C:\Program Files (x86)\Caramava\updateCaramava.exe" [X] S2 Util Caramava; "C:\Program Files (x86)\Caramava\bin\utilCaramava.exe" [X] R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-29] (StdLib) 2014-06-18 15:26 - 2014-03-28 21:26 - 00000334 _____ () C:\Windows\Tasks\SaveSense.job 2014-06-18 14:49 - 2014-03-28 20:14 - 00002576 _____ () C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-4.job 2014-06-18 14:49 - 2014-03-28 20:14 - 00001896 _____ () C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-5.job 2014-06-18 14:49 - 2014-03-28 20:14 - 00001892 _____ () C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-5.job 2014-06-18 14:49 - 2014-03-28 20:14 - 00001792 _____ () C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-1.job 2014-06-18 14:49 - 2014-03-28 20:14 - 00001786 _____ () C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-1.job 2014-06-18 14:49 - 2014-03-28 20:14 - 00001720 _____ () C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-2.job 2014-06-18 14:49 - 2014-03-28 20:14 - 00001716 _____ () C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-2.job 2014-06-18 14:49 - 2014-03-28 20:13 - 00003468 _____ () C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-3.job 2014-06-18 14:49 - 2014-03-28 20:13 - 00003466 _____ () C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-3.job 2014-06-18 14:49 - 2014-03-28 20:13 - 00002578 _____ () C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-4.job 2014-06-18 13:45 - 2013-10-30 19:29 - 00000000 ____D () C:\Users\Br. Pirminius Seber\AppData\Local\iLivid 2014-06-18 13:42 - 2014-03-28 21:29 - 00000000 ____D () C:\Users\Br. Pirminius Seber\AppData\Local\Tuguu_SL 2014-06-18 13:42 - 2014-03-28 21:28 - 00000000 ____D () C:\Users\Br. Pirminius Seber\AppData\Roaming\SupTab 2014-06-18 13:42 - 2014-03-28 21:27 - 00000000 ____D () C:\Program Files\suprasavings 2014-06-18 12:59 - 2014-06-17 20:44 - 00000000 ____D () C:\Program Files (x86)\ConstaSurf C:\Users\Br. Pirminius Seber\AppData\Local\Temp\25829-656347-openoffice.exe C:\Users\Br. Pirminius Seber\AppData\Local\Temp\BackupSetup.exe C:\Users\Br. Pirminius Seber\AppData\Local\Temp\cabex.dll C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Caramava_bs.exe C:\Users\Br. Pirminius Seber\AppData\Local\Temp\FixMyRegistry.exe C:\Users\Br. Pirminius Seber\AppData\Local\Temp\instloffer.exe C:\Users\Br. Pirminius Seber\AppData\Local\Temp\mfc80.dll C:\Users\Br. Pirminius Seber\AppData\Local\Temp\mfc80u.dll C:\Users\Br. Pirminius Seber\AppData\Local\Temp\mfcm80.dll C:\Users\Br. Pirminius Seber\AppData\Local\Temp\mfcm80u.dll C:\Users\Br. Pirminius Seber\AppData\Local\Temp\msvcm80.dll C:\Users\Br. Pirminius Seber\AppData\Local\Temp\msvcp80.dll C:\Users\Br. Pirminius Seber\AppData\Local\Temp\msvcr80.dll C:\Users\Br. Pirminius Seber\AppData\Local\Temp\OSU.exe C:\Users\Br. Pirminius Seber\AppData\Local\Temp\PCSpeedMaximizer.exe C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Quarantine.exe C:\Users\Br. Pirminius Seber\AppData\Local\Temp\SkypeSetup.exe C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Somoto_23_03_2014(delay).exe C:\Users\Br. Pirminius Seber\AppData\Local\Temp\SpeedUpMyComputer.exe C:\Users\Br. Pirminius Seber\AppData\Local\Temp\speedupmypc.exe C:\Users\Br. Pirminius Seber\AppData\Local\Temp\SpOrder.dll C:\Users\Br. Pirminius Seber\AppData\Local\Temp\stubhelper.dll C:\Users\Br. Pirminius Seber\AppData\Local\Temp\unelevate.exe C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Uninstaller.exe C:\Users\Br. Pirminius Seber\AppData\Local\Temp\VersionUpdater.exe C:\Users\Br. Pirminius Seber\AppData\Local\Temp\WtgDriverInstallX.dll C:\Users\Br. Pirminius Seber\AppData\Local\Temp\WTGXMLUtil.dll C:\Users\Br. Pirminius Seber\AppData\Local\Temp\WtgZip.dll C:\Users\Br. Pirminius Seber\AppData\Local\Temp\ytai_ytareg_setup.exe Task: {02723420-C324-4033-9D54-D1C58B5C2B9C} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe <==== ATTENTION Task: {2E72B586-D272-4CF0-81BA-04BEF39AFCC9} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.exe <==== ATTENTION Task: {3CF585E3-A203-43CB-BBF1-C608B9FF06B5} - System32\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-2 => C:\Program Files (x86)\iWebar\7c82d588-f306-4366-8f8b-71f85e442eb4-2.exe <==== ATTENTION Task: {40ABC68F-87ED-4C69-A56E-4E4D95F35835} - System32\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-1 => C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe <==== ATTENTION Task: {7216ABB7-626D-42B9-A692-CAEFFCB1CCFA} - System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-3 => C:\Program Files (x86)\Sense\10496340-28c0-47c5-8c23-0aac03e48614-3.exe <==== ATTENTION Task: {7BD09033-2839-46D8-8D10-5BA7EE0958DF} - System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-2 => C:\Program Files (x86)\Sense\10496340-28c0-47c5-8c23-0aac03e48614-2.exe <==== ATTENTION Task: {89AE3122-54EC-4511-9EDF-EE89B28AD869} - System32\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-4 => C:\Program Files (x86)\iWebar\7c82d588-f306-4366-8f8b-71f85e442eb4-4.exe <==== ATTENTION Task: {8D04FCCB-254B-4A93-BA8B-EF46881055C6} - System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-1 => C:\Program Files (x86)\Sense\Sense-codedownloader.exe <==== ATTENTION Task: {94CD2741-56EF-4B90-A3AD-04F59638ABBF} - System32\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-5 => C:\Program Files (x86)\iWebar\7c82d588-f306-4366-8f8b-71f85e442eb4-5.exe <==== ATTENTION Task: {B2FF1A69-6E16-4126-AC47-61057E9D47E3} - System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-4 => C:\Program Files (x86)\Sense\10496340-28c0-47c5-8c23-0aac03e48614-4.exe <==== ATTENTION Task: {B8B9E4A1-5F54-4687-8149-92E7BA6FB3DD} - System32\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-3 => C:\Program Files (x86)\iWebar\7c82d588-f306-4366-8f8b-71f85e442eb4-3.exe <==== ATTENTION Task: {BBBB4417-70D0-46D0-83D2-28D2D628C9DE} - System32\Tasks\SaveSense => C:\Users\BRD788~1.PIR\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {CC767EAC-B4BE-4F97-9067-BDDC780B074B} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe <==== ATTENTION Task: {FFFBD286-540E-4859-830C-C5FFE98DDE93} - System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-5 => C:\Program Files (x86)\Sense\10496340-28c0-47c5-8c23-0aac03e48614-5.exe <==== ATTENTION Task: C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-1.job => C:\Program Files (x86)\Sense\Sense-codedownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-2.job => C:\Program Files (x86)\Sense\10496340-28c0-47c5-8c23-0aac03e48614-2.exe <==== ATTENTION Task: C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-3.job => C:\Program Files (x86)\Sense\10496340-28c0-47c5-8c23-0aac03e48614-3.exe <==== ATTENTION Task: C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-4.job => C:\Program Files (x86)\Sense\10496340-28c0-47c5-8c23-0aac03e48614-4.exe <==== ATTENTION Task: C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-5.job => C:\Program Files (x86)\Sense\10496340-28c0-47c5-8c23-0aac03e48614-5.exe <==== ATTENTION Task: C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-1.job => C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-2.job => C:\Program Files (x86)\iWebar\7c82d588-f306-4366-8f8b-71f85e442eb4-2.exe <==== ATTENTION Task: C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-3.job => C:\Program Files (x86)\iWebar\7c82d588-f306-4366-8f8b-71f85e442eb4-3.exe <==== ATTENTION Task: C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-4.job => C:\Program Files (x86)\iWebar\7c82d588-f306-4366-8f8b-71f85e442eb4-4.exe <==== ATTENTION Task: C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-5.job => C:\Program Files (x86)\iWebar\7c82d588-f306-4366-8f8b-71f85e442eb4-5.exe <==== ATTENTION Task: C:\Windows\Tasks\SaveSense.job => C:\Users\BRD788~1.PIR\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:AD022376 cmd: netsh winsock reset ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\Software\Microsoft\Windows\CurrentVersion\Run\\iLivid => value deleted successfully. 'HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3090635963-4145032168-3900013317-1001'=> Key not found. 'HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6990a982-fa63-11e1-9c64-b888e31620a2}' => Key deleted successfully. 'HKCR\CLSID\{6990a982-fa63-11e1-9c64-b888e31620a2}'=> Key not found. 'HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7788dee7-f745-11e1-9ecd-b888e31620a2}' => Key deleted successfully. 'HKCR\CLSID\{7788dee7-f745-11e1-9ecd-b888e31620a2}'=> Key not found. 'HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7788def6-f745-11e1-9ecd-b888e31620a2}' => Key deleted successfully. 'HKCR\CLSID\{7788def6-f745-11e1-9ecd-b888e31620a2}'=> Key not found. 'HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7788df31-f745-11e1-9ecd-b888e31620a2}' => Key deleted successfully. 'HKCR\CLSID\{7788df31-f745-11e1-9ecd-b888e31620a2}'=> Key not found. 'HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c40c67f7-12a4-11e2-9840-74e543436fc5}' => Key deleted successfully. 'HKCR\CLSID\{c40c67f7-12a4-11e2-9840-74e543436fc5}'=> Key not found. 'HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6e0105c-6e9f-11e2-8ff2-b888e31620a2}' => Key deleted successfully. 'HKCR\CLSID\{d6e0105c-6e9f-11e2-8ff2-b888e31620a2}'=> Key not found. "C:\PROGRA~2\SupTab\SEARCH~2.DLL" => Value Data removed successfully. "C:\PROGRA~2\SupTab\SEARCH~1.DLL" => Value Data removed successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}' => Key deleted successfully. 'HKCR\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}' => Key deleted successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e50bbda-c15a-47d5-9853-d829ff890664}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{1e50bbda-c15a-47d5-9853-d829ff890664}' => Key deleted successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}' => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully. 'HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}' => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully. 'HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}'=> Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. 'HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}'=> Key not found. Winsock: Catalog entry 000000000001 => Deleted successfully. Winsock: Catalog entry 000000000002 => Deleted successfully. Winsock: Catalog entry 000000000003 => Deleted successfully. Winsock: Catalog entry 000000000004 => Deleted successfully. Winsock: Catalog entry 000000000015 => Deleted successfully. Winsock: Catalog entry 000000000001 => Deleted successfully. Winsock: Catalog entry 000000000002 => Deleted successfully. Winsock: Catalog entry 000000000003 => Deleted successfully. Winsock: Catalog entry 000000000004 => Deleted successfully. Winsock: Catalog entry 000000000015 => Deleted successfully. Firefox DefaultSearchEngine deleted successfully. SecureAssist => Service stopped successfully. SecureAssist => Service deleted successfully. Update Caramava => Service deleted successfully. Util Caramava => Service deleted successfully. wStLibG64 => Service stopped successfully. wStLibG64 => Service deleted successfully. C:\Windows\Tasks\SaveSense.job => Moved successfully. C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-4.job => Moved successfully. C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-5.job => Moved successfully. C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-5.job => Moved successfully. C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-1.job => Moved successfully. C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-1.job => Moved successfully. C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-2.job => Moved successfully. C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-2.job => Moved successfully. C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-3.job => Moved successfully. C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-3.job => Moved successfully. C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-4.job => Moved successfully. "C:\Users\Br. Pirminius Seber\AppData\Local\iLivid" => File/Directory not found. C:\Users\Br. Pirminius Seber\AppData\Local\Tuguu_SL => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Roaming\SupTab => Moved successfully. C:\Program Files\suprasavings => Moved successfully. C:\Program Files (x86)\ConstaSurf => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\25829-656347-openoffice.exe => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\BackupSetup.exe => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\cabex.dll => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Caramava_bs.exe => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\FixMyRegistry.exe => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\instloffer.exe => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\mfc80.dll => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\mfc80u.dll => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\mfcm80.dll => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\mfcm80u.dll => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\msvcm80.dll => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\msvcp80.dll => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\msvcr80.dll => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\OSU.exe => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\PCSpeedMaximizer.exe => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\SkypeSetup.exe => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Somoto_23_03_2014(delay).exe => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\SpeedUpMyComputer.exe => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\speedupmypc.exe => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\SpOrder.dll => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\stubhelper.dll => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\unelevate.exe => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Uninstaller.exe => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\VersionUpdater.exe => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\WtgDriverInstallX.dll => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\WTGXMLUtil.dll => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\WtgZip.dll => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\ytai_ytareg_setup.exe => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{02723420-C324-4033-9D54-D1C58B5C2B9C}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02723420-C324-4033-9D54-D1C58B5C2B9C}' => Key deleted successfully. C:\Windows\System32\Tasks\ShopperPro => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperPro' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E72B586-D272-4CF0-81BA-04BEF39AFCC9}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E72B586-D272-4CF0-81BA-04BEF39AFCC9}' => Key deleted successfully. C:\Windows\System32\Tasks\SPDriver => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPDriver' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3CF585E3-A203-43CB-BBF1-C608B9FF06B5}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CF585E3-A203-43CB-BBF1-C608B9FF06B5}' => Key deleted successfully. C:\Windows\System32\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-2 => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7c82d588-f306-4366-8f8b-71f85e442eb4-2' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{40ABC68F-87ED-4C69-A56E-4E4D95F35835}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40ABC68F-87ED-4C69-A56E-4E4D95F35835}' => Key deleted successfully. C:\Windows\System32\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-1 => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7c82d588-f306-4366-8f8b-71f85e442eb4-1' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7216ABB7-626D-42B9-A692-CAEFFCB1CCFA}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7216ABB7-626D-42B9-A692-CAEFFCB1CCFA}' => Key deleted successfully. C:\Windows\System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-3 => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\10496340-28c0-47c5-8c23-0aac03e48614-3' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7BD09033-2839-46D8-8D10-5BA7EE0958DF}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BD09033-2839-46D8-8D10-5BA7EE0958DF}' => Key deleted successfully. C:\Windows\System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-2 => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\10496340-28c0-47c5-8c23-0aac03e48614-2' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{89AE3122-54EC-4511-9EDF-EE89B28AD869}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89AE3122-54EC-4511-9EDF-EE89B28AD869}' => Key deleted successfully. C:\Windows\System32\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-4 => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7c82d588-f306-4366-8f8b-71f85e442eb4-4' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8D04FCCB-254B-4A93-BA8B-EF46881055C6}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D04FCCB-254B-4A93-BA8B-EF46881055C6}' => Key deleted successfully. C:\Windows\System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-1 => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\10496340-28c0-47c5-8c23-0aac03e48614-1' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{94CD2741-56EF-4B90-A3AD-04F59638ABBF}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94CD2741-56EF-4B90-A3AD-04F59638ABBF}' => Key deleted successfully. C:\Windows\System32\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-5 => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7c82d588-f306-4366-8f8b-71f85e442eb4-5' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B2FF1A69-6E16-4126-AC47-61057E9D47E3}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2FF1A69-6E16-4126-AC47-61057E9D47E3}' => Key deleted successfully. C:\Windows\System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-4 => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\10496340-28c0-47c5-8c23-0aac03e48614-4' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8B9E4A1-5F54-4687-8149-92E7BA6FB3DD}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8B9E4A1-5F54-4687-8149-92E7BA6FB3DD}' => Key deleted successfully. C:\Windows\System32\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-3 => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7c82d588-f306-4366-8f8b-71f85e442eb4-3' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBBB4417-70D0-46D0-83D2-28D2D628C9DE}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBBB4417-70D0-46D0-83D2-28D2D628C9DE}' => Key deleted successfully. C:\Windows\System32\Tasks\SaveSense => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSense' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC767EAC-B4BE-4F97-9067-BDDC780B074B}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC767EAC-B4BE-4F97-9067-BDDC780B074B}' => Key deleted successfully. C:\Windows\System32\Tasks\ShopperProJSUpd => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FFFBD286-540E-4859-830C-C5FFE98DDE93}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFFBD286-540E-4859-830C-C5FFE98DDE93}' => Key deleted successfully. C:\Windows\System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-5 => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\10496340-28c0-47c5-8c23-0aac03e48614-5' => Key deleted successfully. C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-1.job not found. C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-2.job not found. C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-3.job not found. C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-4.job not found. C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-5.job not found. C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-1.job not found. C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-2.job not found. C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-3.job not found. C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-4.job not found. C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-5.job not found. C:\Windows\Tasks\SaveSense.job not found. C:\ProgramData\TEMP => ":AD022376" ADS removed successfully. ========= netsh winsock reset ========= Die Initialisierungsfunktion InitHelperDll in NSHHTTP.DLL konnte nicht gestartet werden. Fehlercode 10107 Der Winsock-Katalog wurde zur�ckgesetzt. Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en. ========= End of CMD: ========= ==== End of Fixlog ==== |
19.06.2014, 08:26 | #20 |
| Schrift erscheint grün und doppelt unterstrichen, der Computer ist sehr langsam, viel Werbung Ne, ich brauche ja die FRST.txt und die Addition.txt
__________________ Proud member of Unite |
22.06.2014, 22:39 | #21 |
| Schrift erscheint grün und doppelt unterstrichen, der Computer ist sehr langsam, viel Werbung Es tut mir leid, ich weiß es nicht, das ist das einzige, was ich kriege. |
23.06.2014, 06:01 | #22 |
| Schrift erscheint grün und doppelt unterstrichen, der Computer ist sehr langsam, viel WerbungBitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan. Poste die Logs in die nächste Antwort.
__________________ Proud member of Unite |
23.06.2014, 13:46 | #23 |
| Schrift erscheint grün und doppelt unterstrichen, der Computer ist sehr langsam, viel Werbung FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014 Ran by Br. Pirminius Seber (administrator) on BRUDERPIRMINIUS on 23-06-2014 14:42:56 Running from C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-07-28] (Realtek Semiconductor) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated) HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-07-27] (Toshiba Europe GmbH) HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG) HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.) HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-03-03] (TOSHIBA) HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-15] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-16] (AVAST Software) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-05-09] (RealNetworks, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\.DEFAULT\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\Run: [Facebook Update] => C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-28] (Facebook Inc.) HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: F - F:\.\Autorun.exe AUTORUN=1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba) Startup: C:\Users\Br. Pirminius Seber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Kopie 1).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Kopie 1).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Br. Pirminius Seber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: GMX MailCheck - C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\Extensions\toolbar@gmx.net.xpi [2013-03-21] FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-07] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-09] FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\extensions\quick_start@gmail.com FF HKLM-x32\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-09] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR Extension: (avast! Online Security) - C:\Users\Br. Pirminius Seber\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-18] CHR Extension: (RealPlayer Downloader) - C:\Users\Br. Pirminius Seber\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-06-18] CHR Extension: (Google Wallet) - C:\Users\Br. Pirminius Seber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-18] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-16] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06] CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Br. Pirminius Seber\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-04-06] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-16] (AVAST Software) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] () R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-05-09] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () [File not signed] S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH) ==================== Drivers (Whitelisted) ==================== R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-16] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-16] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-16] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-16] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-16] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-16] () S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [117248 2012-09-06] (Huawei Technologies Co., Ltd.) [File not signed] S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [121600 2012-09-06] (Huawei Technologies Co., Ltd.) [File not signed] S3 massfilter; system32\drivers\massfilter.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-18 21:35 - 2014-06-18 21:44 - 00000000 ____D () C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion 2014-06-18 15:29 - 2014-06-18 21:35 - 02082304 _____ (Farbar) C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe 2014-06-18 15:25 - 2014-06-18 15:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-18 15:19 - 2014-06-18 15:19 - 00003876 _____ () C:\Users\Br. Pirminius Seber\Desktop\JRT.txt 2014-06-18 15:10 - 2014-06-18 15:10 - 00000000 ____D () C:\Windows\ERUNT 2014-06-18 15:09 - 2014-06-18 15:10 - 01016261 _____ (Thisisu) C:\Users\Br. Pirminius Seber\Downloads\JRT.exe 2014-06-18 15:04 - 2014-06-18 15:04 - 00057486 _____ () C:\Users\Br. Pirminius Seber\Desktop\mbam.txt 2014-06-18 14:08 - 2014-06-18 14:25 - 00001073 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-18 14:08 - 2014-06-18 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-18 14:08 - 2014-06-18 14:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-18 14:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-18 14:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-18 14:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-18 13:52 - 2014-06-18 14:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Br. Pirminius Seber\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-18 13:04 - 2014-06-18 13:04 - 00000000 __SHD () C:\Users\Br. Pirminius Seber\AppData\Local\EmieUserList 2014-06-18 13:04 - 2014-06-18 13:04 - 00000000 __SHD () C:\Users\Br. Pirminius Seber\AppData\Local\EmieSiteList 2014-06-18 12:55 - 2014-06-18 13:00 - 00000000 ____D () C:\AdwCleaner 2014-06-17 22:21 - 2014-06-18 15:34 - 00029690 _____ () C:\Users\Br. Pirminius Seber\Downloads\Addition.txt 2014-06-17 22:20 - 2014-06-18 15:34 - 00054298 _____ () C:\Users\Br. Pirminius Seber\Downloads\FRST.txt 2014-06-17 22:19 - 2014-06-23 14:43 - 00000000 ____D () C:\FRST 2014-06-16 20:04 - 2014-06-16 20:04 - 00014814 _____ () C:\Users\Br. Pirminius Seber\Documents\Organistendienste St. Marien Zehlendorf April bis Juli 2014.odt 2014-06-16 12:18 - 2014-06-16 12:18 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-06-16 12:18 - 2014-06-16 12:18 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-06-12 16:46 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-12 16:46 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-12 16:46 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-12 16:46 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-12 16:46 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-12 16:46 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-12 16:46 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-12 16:46 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-12 16:46 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-12 16:46 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-12 16:46 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-12 16:46 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-12 16:46 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-12 16:46 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-12 16:46 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-12 16:46 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-12 16:46 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-12 16:46 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-12 16:46 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-12 16:46 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-12 16:46 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-12 16:46 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-12 16:46 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-12 16:46 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-12 16:46 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-12 16:46 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-12 16:46 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-12 16:46 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-12 16:46 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-12 16:46 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-12 16:46 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-12 16:46 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-12 16:46 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-12 16:46 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-12 16:46 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-12 16:46 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-12 16:46 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-12 16:46 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-12 16:46 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-12 16:46 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-12 16:46 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-12 16:46 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-12 16:46 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-12 16:46 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-12 16:46 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-12 16:46 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-12 16:46 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-12 16:46 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-12 16:46 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-12 16:46 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-12 16:46 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-12 16:46 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-12 16:46 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-12 16:46 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-12 16:46 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-12 16:46 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-12 16:46 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-12 16:46 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-12 16:46 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-12 16:46 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-12 16:46 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-12 16:46 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-12 16:46 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-12 16:45 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-12 16:44 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-12 16:44 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll ==================== One Month Modified Files and Folders ======= 2014-06-23 14:43 - 2014-06-17 22:19 - 00000000 ____D () C:\FRST 2014-06-23 14:43 - 2009-07-14 06:45 - 00024912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-23 14:43 - 2009-07-14 06:45 - 00024912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-23 14:39 - 2012-06-19 11:12 - 01557655 _____ () C:\Windows\WindowsUpdate.log 2014-06-23 14:38 - 2011-07-27 10:59 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-23 14:35 - 2013-02-25 21:54 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-06-23 14:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-23 14:35 - 2009-07-14 06:51 - 00084037 _____ () C:\Windows\setupact.log 2014-06-23 02:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-06-23 02:15 - 2012-09-02 15:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-23 02:14 - 2011-07-27 10:59 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-23 02:01 - 2012-12-20 14:01 - 00000284 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job 2014-06-23 01:37 - 2012-09-04 16:02 - 00049435 _____ () C:\Users\Br. Pirminius Seber\Documents\Hochkirchliche St.-Johannes-Bruderschaft - Gliederliste.odt 2014-06-23 01:27 - 2012-09-28 13:22 - 00000984 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001UA.job 2014-06-22 23:31 - 2012-09-02 12:41 - 00000000 ____D () C:\Users\Br. Pirminius Seber\AppData\Roaming\TOSHIBA Online Product Information 2014-06-22 23:25 - 2012-10-07 00:33 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-06-22 23:24 - 2012-09-02 14:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-18 21:44 - 2014-06-18 21:35 - 00000000 ____D () C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion 2014-06-18 21:35 - 2014-06-18 15:29 - 02082304 _____ (Farbar) C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe 2014-06-18 20:52 - 2010-11-21 05:47 - 00231336 _____ () C:\Windows\PFRO.log 2014-06-18 15:34 - 2014-06-17 22:21 - 00029690 _____ () C:\Users\Br. Pirminius Seber\Downloads\Addition.txt 2014-06-18 15:34 - 2014-06-17 22:20 - 00054298 _____ () C:\Users\Br. Pirminius Seber\Downloads\FRST.txt 2014-06-18 15:25 - 2014-06-18 15:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-18 15:19 - 2014-06-18 15:19 - 00003876 _____ () C:\Users\Br. Pirminius Seber\Desktop\JRT.txt 2014-06-18 15:10 - 2014-06-18 15:10 - 00000000 ____D () C:\Windows\ERUNT 2014-06-18 15:10 - 2014-06-18 15:09 - 01016261 _____ (Thisisu) C:\Users\Br. Pirminius Seber\Downloads\JRT.exe 2014-06-18 15:04 - 2014-06-18 15:04 - 00057486 _____ () C:\Users\Br. Pirminius Seber\Desktop\mbam.txt 2014-06-18 15:01 - 2014-03-29 03:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-18 14:49 - 2012-12-27 13:09 - 00003382 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001 2014-06-18 14:49 - 2012-12-27 13:09 - 00003276 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3090635963-4145032168-3900013317-1001 2014-06-18 14:48 - 2010-11-21 09:00 - 00000000 ____D () C:\Windows\ShellNew 2014-06-18 14:25 - 2014-06-18 14:08 - 00001073 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-18 14:25 - 2014-06-18 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-18 14:25 - 2014-06-18 14:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-18 14:18 - 2014-05-19 16:21 - 00003404 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001 2014-06-18 14:18 - 2014-03-28 20:30 - 00003298 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3090635963-4145032168-3900013317-1001 2014-06-18 14:05 - 2014-06-18 13:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Br. Pirminius Seber\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-18 13:49 - 2012-10-07 00:34 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-06-18 13:44 - 2012-09-02 12:07 - 00000000 ____D () C:\Users\Br. Pirminius Seber 2014-06-18 13:42 - 2012-09-05 00:41 - 00000000 ____D () C:\Users\Br. Pirminius Seber\Downloads\SJB - geographische Verteilung (außer Ost)-Dateien 2014-06-18 13:42 - 2012-09-02 15:51 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-06-18 13:42 - 2011-07-27 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-06-18 13:42 - 2010-11-21 09:00 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-06-18 13:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-06-18 13:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-06-18 13:41 - 2012-11-23 03:04 - 00000000 ____D () C:\ProgramData\Real 2014-06-18 13:04 - 2014-06-18 13:04 - 00000000 __SHD () C:\Users\Br. Pirminius Seber\AppData\Local\EmieUserList 2014-06-18 13:04 - 2014-06-18 13:04 - 00000000 __SHD () C:\Users\Br. Pirminius Seber\AppData\Local\EmieSiteList 2014-06-18 13:00 - 2014-06-18 12:55 - 00000000 ____D () C:\AdwCleaner 2014-06-16 20:04 - 2014-06-16 20:04 - 00014814 _____ () C:\Users\Br. Pirminius Seber\Documents\Organistendienste St. Marien Zehlendorf April bis Juli 2014.odt 2014-06-16 18:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-06-16 13:27 - 2012-09-28 13:22 - 00000962 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001Core.job 2014-06-16 12:19 - 2012-10-07 00:38 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-06-16 12:19 - 2012-10-07 00:38 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-06-16 12:18 - 2014-06-16 12:18 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-06-16 12:18 - 2014-06-16 12:18 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-06-16 12:18 - 2013-03-19 23:12 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-06-16 12:18 - 2013-03-19 23:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-06-16 12:18 - 2012-10-07 00:33 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-06-16 12:18 - 2012-10-07 00:33 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-06-13 22:35 - 2011-07-27 10:59 - 00002356 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-06-13 02:01 - 2014-05-07 01:35 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-08 11:13 - 2014-06-12 16:44 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-08 11:08 - 2014-06-12 16:44 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-05 21:26 - 2012-11-24 04:20 - 00018915 _____ () C:\Users\Br. Pirminius Seber\Documents\Hochkirchliche St.-Johannes-Bruderschaft - Namenstage.odt 2014-06-05 12:42 - 2014-01-27 23:02 - 00014877 _____ () C:\Users\Br. Pirminius Seber\Documents\Organistendienste St. Marien Zehlendorf April bis Juni 2014.odt 2014-05-30 12:21 - 2014-06-12 16:45 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-30 12:02 - 2014-06-12 16:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-30 12:02 - 2014-06-12 16:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-05-30 11:45 - 2014-06-12 16:46 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-30 11:39 - 2014-06-12 16:46 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-30 11:39 - 2014-06-12 16:46 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-05-30 11:38 - 2014-06-12 16:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-05-30 11:28 - 2014-06-12 16:46 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-30 11:27 - 2014-06-12 16:46 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-05-30 11:24 - 2014-06-12 16:46 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-30 11:21 - 2014-06-12 16:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-30 11:21 - 2014-06-12 16:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-05-30 11:20 - 2014-06-12 16:46 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-05-30 11:18 - 2014-06-12 16:46 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-30 11:11 - 2014-06-12 16:46 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-05-30 11:08 - 2014-06-12 16:46 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-30 11:06 - 2014-06-12 16:46 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-30 11:02 - 2014-06-12 16:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-30 10:55 - 2014-06-12 16:46 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-05-30 10:49 - 2014-06-12 16:46 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-05-30 10:46 - 2014-06-12 16:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-30 10:44 - 2014-06-12 16:46 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-05-30 10:44 - 2014-06-12 16:46 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-30 10:43 - 2014-06-12 16:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-05-30 10:42 - 2014-06-12 16:46 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-05-30 10:38 - 2014-06-12 16:46 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-05-30 10:35 - 2014-06-12 16:46 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-05-30 10:34 - 2014-06-12 16:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-05-30 10:33 - 2014-06-12 16:46 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-05-30 10:30 - 2014-06-12 16:46 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-05-30 10:29 - 2014-06-12 16:46 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-30 10:28 - 2014-06-12 16:46 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-05-30 10:27 - 2014-06-12 16:46 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-05-30 10:24 - 2014-06-12 16:46 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-05-30 10:23 - 2014-06-12 16:46 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-30 10:16 - 2014-06-12 16:46 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-05-30 10:10 - 2014-06-12 16:46 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-05-30 10:06 - 2014-06-12 16:46 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-05-30 10:04 - 2014-06-12 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-30 10:02 - 2014-06-12 16:46 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-05-30 09:56 - 2014-06-12 16:46 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-05-30 09:56 - 2014-06-12 16:46 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-30 09:54 - 2014-06-12 16:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-05-30 09:50 - 2014-06-12 16:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-05-30 09:49 - 2014-06-12 16:46 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-05-30 09:43 - 2014-06-12 16:46 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-30 09:40 - 2014-06-12 16:46 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-05-30 09:30 - 2014-06-12 16:46 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-30 09:21 - 2014-06-12 16:46 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-05-30 09:15 - 2014-06-12 16:46 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-05-30 09:13 - 2014-06-12 16:46 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-05-30 09:13 - 2014-06-12 16:46 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-19 01:34 ==================== End Of Log ============================ --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2014 Ran by Br. Pirminius Seber at 2014-06-23 14:43:53 Running from C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader XI (11.0.02) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated) avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited) Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{61ADDE9C-3AE6-46FC-9127-DFFF637AED03}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Deskjet 3050A J611 series Hilfe (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations) HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard) Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation) Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.8 - McAfee, Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10900.8.100 - Nero AG) Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG) Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden Nero Control Center 10 (x32 Version: 10.6.12700.0.7 - Nero AG) Hidden Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG) Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG) Nero InfoTool 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.15100.59.100 - Nero AG) Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{2063D199-D79F-471A-9019-9E647296394D}) (Version: 10.6.10300 - Nero AG) Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG) Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG) Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG) NeroKwikMedia Help (CHM) (x32 Version: 10.6.10900 - Nero AG) Hidden OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) RealDownloader (x32 Version: 17.0.9 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.9 - RealNetworks) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.) Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated) TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION) TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation) TOSHIBA Bulletin Board (Version: 2.1.10.64 - TOSHIBA Corporation) Hidden TOSHIBA ConfigFree (HKLM-x32\...\{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}) (Version: 8.0.38 - TOSHIBA CORPORATION) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation) TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.11C - TOSHIBA CORPORATION) TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.11C - TOSHIBA CORPORATION) Hidden TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.30C - TOSHIBA CORPORATION) TOSHIBA Hardware Setup (x32 Version: 1.63.0.30C - TOSHIBA CORPORATION) Hidden TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA) TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION) TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.11 - TOSHIBA CORPORATION) TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA) TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation) TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 x64 - TOSHIBA Corporation) TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA) TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation) TOSHIBA ReelTime (Version: 1.7.17.64 - TOSHIBA Corporation) Hidden TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA) TOSHIBA Supervisor Password (x32 Version: 1.63.0.10C - TOSHIBA CORPORATION) Hidden TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.10C - TOSHIBA CORPORATION) TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation) TOSHIBA Value Added Package (Version: 1.3.19.64 - TOSHIBA Corporation) Hidden TOSHIBA Value Added Package (x32 Version: 1.3.19.64 - TOSHIBA Corporation) Hidden TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.1.5 - TOSHIBA Corporation) TOSHIBA Web Camera Application (x32 Version: 2.0.1.5 - TOSHIBA Corporation) Hidden TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION) TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - ) TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 21-05-2014 18:28:15 Windows Update 05-06-2014 10:08:21 Windows Update 10-06-2014 14:25:48 Windows Update 13-06-2014 00:01:18 Windows Update 16-06-2014 10:13:39 avast! antivirus system restore point 17-06-2014 15:31:01 Windows Update 18-06-2014 11:39:01 Wiederherstellungsvorgang 18-06-2014 11:44:04 avast! antivirus system restore point 18-06-2014 11:49:48 Windows Update 22-06-2014 21:30:22 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {00861946-591E-4280-A18C-28971A50D87F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.) Task: {06AAD3C0-96D5-45EB-96E0-F4D999110471} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.) Task: {39453143-C890-4E73-B425-DD43C80766D3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001UA => C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-28] (Facebook Inc.) Task: {5BEA0EB2-19DB-4E1C-AF8D-90C45DE99150} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-07] (RealNetworks, Inc.) Task: {5F459C19-110D-40F7-B927-7F3BC56FF8FF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-16] (AVAST Software) Task: {7D9C35AF-D8F1-4275-8B58-1A5B0A1DE3BD} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-04-06] (RealNetworks, Inc.) Task: {9027BC15-68ED-4BF8-9258-0432480EDC5B} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] () Task: {96BD8039-57AF-4010-A67B-B98537FAFB52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-27] (Google Inc.) Task: {BB28F385-CB84-451E-9245-DA859554C905} - System32\Tasks\{93CF5D12-ADD9-4933-AE8A-EBCB6D15719F} => C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe Task: {C031F401-D170-471B-A47C-39591E3B8CDA} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.) Task: {D77EB404-188A-4315-A436-D63E23453434} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001Core => C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-28] (Facebook Inc.) Task: {DD88F62D-C58A-458E-AE8A-54539D6A368E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-18] (Adobe Systems Incorporated) Task: {EFCCC7CD-08FE-44A2-8C79-0CA153CCE1C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-27] (Google Inc.) Task: {F201AE44-C9F1-439B-B9A1-FC8DD0475121} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.) Task: {F9FCFF82-C0AA-4A06-BE08-4A2FE39223C8} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION) Task: {FABB902B-7C9F-428D-802A-28406F71842F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-07] (RealNetworks, Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001Core.job => C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001UA.job => C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe ==================== Loaded Modules (whitelisted) ============= 2014-04-06 23:00 - 2014-04-06 23:00 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2014-04-07 03:06 - 2014-04-07 03:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe 2011-03-03 23:21 - 2011-03-03 23:21 - 03420584 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll 2010-04-07 16:07 - 2010-04-07 16:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2009-11-03 13:26 - 2009-11-03 13:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll 2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll 2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll 2011-07-27 10:29 - 2010-08-31 15:21 - 00017272 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll 2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll 2009-07-25 16:38 - 2009-07-25 16:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll 2011-07-27 10:40 - 2011-02-22 11:16 - 00559104 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\de\Humphrey.resources.dll 2011-07-27 10:58 - 2011-12-15 15:56 - 00022400 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\de\TosDILangPack.resources.dll 2011-07-27 10:58 - 2011-12-15 15:55 - 00063360 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIInternal.XmlSerializers.dll 2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll 2014-06-22 23:27 - 2014-06-22 23:27 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062201\algo.dll 2014-06-23 14:36 - 2014-06-23 14:36 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062300\algo.dll 2014-05-09 18:24 - 2014-05-09 18:24 - 00859224 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll 2014-02-16 00:36 - 2014-02-16 00:36 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-06-18 15:25 - 2014-06-18 15:25 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-05-18 21:16 - 2014-05-18 21:16 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/23/2014 02:37:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/23/2014 00:53:20 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (06/22/2014 11:26:14 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2014 01:36:54 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (06/18/2014 10:00:41 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: bcc Startzeit: 01cf8b272ba4eaae Endzeit: 70 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: 1ff0ada8-f723-11e3-a6b4-b888e31620a2 Error: (06/18/2014 09:54:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233 Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000141b ID des fehlerhaften Prozesses: 0xf98 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (06/18/2014 09:33:49 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm FRST64.exe, Version 16.6.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1bd0 Startzeit: 01cf8b2bf0e0bc67 Endzeit: 7 Anwendungspfad: C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe Berichts-ID: 6b3f0853-f71f-11e3-a6b4-b888e31620a2 Error: (06/18/2014 09:31:55 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm FRST64.exe, Version 16.6.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1d50 Startzeit: 01cf8b2bbfcefb78 Endzeit: 5 Anwendungspfad: C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe Berichts-ID: 125913f9-f71f-11e3-a6b4-b888e31620a2 Error: (06/18/2014 08:54:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (06/19/2014 01:52:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (06/19/2014 01:52:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (06/19/2014 01:52:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (06/19/2014 01:52:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (06/19/2014 01:52:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (06/19/2014 01:52:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (06/19/2014 01:52:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (06/19/2014 01:51:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (06/19/2014 01:51:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (06/19/2014 01:51:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Microsoft Office Sessions: ========================= Error: (06/23/2014 02:37:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/23/2014 00:53:20 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe Error: (06/22/2014 11:26:14 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2014 01:36:54 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe Error: (06/18/2014 10:00:41 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7601.17567bcc01cf8b272ba4eaae70C:\Windows\Explorer.EXE1ff0ada8-f723-11e3-a6b4-b888e31620a2 Error: (06/18/2014 09:54:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141bf9801cf8b2920db0d80C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll6ba35d6b-f722-11e3-a6b4-b888e31620a2 Error: (06/18/2014 09:33:49 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: FRST64.exe16.6.2014.01bd001cf8b2bf0e0bc677C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe6b3f0853-f71f-11e3-a6b4-b888e31620a2 Error: (06/18/2014 09:31:55 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: FRST64.exe16.6.2014.01d5001cf8b2bbfcefb785C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe125913f9-f71f-11e3-a6b4-b888e31620a2 Error: (06/18/2014 08:54:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 45% Total physical RAM: 3890.67 MB Available physical RAM: 2117.39 MB Total Pagefile: 7779.52 MB Available Pagefile: 5743.04 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:186.03 GB) NTFS Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:224.04 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9E527146) Partition 1: (Active) - (Size=400 MB) - (Type=27) Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
23.06.2014, 15:03 | #24 |
| Schrift erscheint grün und doppelt unterstrichen, der Computer ist sehr langsam, viel Werbung Schritt 1: FRST Fix Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: F - F:\.\Autorun.exe AUTORUN=1 Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2: FRST Scan Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan. Schritt 3: ESET ESET Online Scanner
Schritt 4: Frage Wie läuft Dein PC?
__________________ Proud member of Unite |
23.06.2014, 18:08 | #25 |
| Schrift erscheint grün und doppelt unterstrichen, der Computer ist sehr langsam, viel Werbung Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014 Ran by Br. Pirminius Seber at 2014-06-23 18:56:10 Run:2 Running from C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: F - F:\.\Autorun.exe AUTORUN=1 ***************** 'HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3090635963-4145032168-3900013317-1001'=> Key not found. ==== End of Fixlog ==== FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014 Ran by Br. Pirminius Seber (administrator) on BRUDERPIRMINIUS on 23-06-2014 18:58:30 Running from C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-07-28] (Realtek Semiconductor) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated) HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-07-27] (Toshiba Europe GmbH) HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG) HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.) HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-03-03] (TOSHIBA) HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-15] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-16] (AVAST Software) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-05-09] (RealNetworks, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\.DEFAULT\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\Run: [Facebook Update] => C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-28] (Facebook Inc.) HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: F - F:\.\Autorun.exe AUTORUN=1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba) Startup: C:\Users\Br. Pirminius Seber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Kopie 1).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Kopie 1).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Br. Pirminius Seber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: GMX MailCheck - C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\Extensions\toolbar@gmx.net.xpi [2013-03-21] FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-07] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-09] FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\extensions\quick_start@gmail.com FF HKLM-x32\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-09] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR Extension: (avast! Online Security) - C:\Users\Br. Pirminius Seber\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-18] CHR Extension: (RealPlayer Downloader) - C:\Users\Br. Pirminius Seber\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-06-18] CHR Extension: (Google Wallet) - C:\Users\Br. Pirminius Seber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-18] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-16] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06] CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Br. Pirminius Seber\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-04-06] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-16] (AVAST Software) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] () R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-05-09] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () [File not signed] S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH) ==================== Drivers (Whitelisted) ==================== R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-16] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-16] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-16] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-16] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-16] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-16] () S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [117248 2012-09-06] (Huawei Technologies Co., Ltd.) [File not signed] S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [121600 2012-09-06] (Huawei Technologies Co., Ltd.) [File not signed] S3 massfilter; system32\drivers\massfilter.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-18 21:35 - 2014-06-18 21:44 - 00000000 ____D () C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion 2014-06-18 15:29 - 2014-06-18 21:35 - 02082304 _____ (Farbar) C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe 2014-06-18 15:25 - 2014-06-18 15:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-18 15:19 - 2014-06-18 15:19 - 00003876 _____ () C:\Users\Br. Pirminius Seber\Desktop\JRT.txt 2014-06-18 15:10 - 2014-06-18 15:10 - 00000000 ____D () C:\Windows\ERUNT 2014-06-18 15:09 - 2014-06-18 15:10 - 01016261 _____ (Thisisu) C:\Users\Br. Pirminius Seber\Downloads\JRT.exe 2014-06-18 15:04 - 2014-06-18 15:04 - 00057486 _____ () C:\Users\Br. Pirminius Seber\Desktop\mbam.txt 2014-06-18 14:08 - 2014-06-18 14:25 - 00001073 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-18 14:08 - 2014-06-18 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-18 14:08 - 2014-06-18 14:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-18 14:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-18 14:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-18 14:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-18 13:52 - 2014-06-18 14:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Br. Pirminius Seber\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-18 13:04 - 2014-06-18 13:04 - 00000000 __SHD () C:\Users\Br. Pirminius Seber\AppData\Local\EmieUserList 2014-06-18 13:04 - 2014-06-18 13:04 - 00000000 __SHD () C:\Users\Br. Pirminius Seber\AppData\Local\EmieSiteList 2014-06-18 12:55 - 2014-06-18 13:00 - 00000000 ____D () C:\AdwCleaner 2014-06-17 22:21 - 2014-06-18 15:34 - 00029690 _____ () C:\Users\Br. Pirminius Seber\Downloads\Addition.txt 2014-06-17 22:20 - 2014-06-18 15:34 - 00054298 _____ () C:\Users\Br. Pirminius Seber\Downloads\FRST.txt 2014-06-17 22:19 - 2014-06-23 18:58 - 00000000 ____D () C:\FRST 2014-06-16 20:04 - 2014-06-16 20:04 - 00014814 _____ () C:\Users\Br. Pirminius Seber\Documents\Organistendienste St. Marien Zehlendorf April bis Juli 2014.odt 2014-06-16 12:18 - 2014-06-16 12:18 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-06-16 12:18 - 2014-06-16 12:18 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-06-12 16:46 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-12 16:46 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-12 16:46 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-12 16:46 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-12 16:46 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-12 16:46 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-12 16:46 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-12 16:46 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-12 16:46 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-12 16:46 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-12 16:46 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-12 16:46 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-12 16:46 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-12 16:46 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-12 16:46 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-12 16:46 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-12 16:46 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-12 16:46 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-12 16:46 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-12 16:46 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-12 16:46 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-12 16:46 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-12 16:46 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-12 16:46 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-12 16:46 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-12 16:46 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-12 16:46 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-12 16:46 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-12 16:46 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-12 16:46 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-12 16:46 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-12 16:46 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-12 16:46 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-12 16:46 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-12 16:46 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-12 16:46 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-12 16:46 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-12 16:46 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-12 16:46 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-12 16:46 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-12 16:46 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-12 16:46 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-12 16:46 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-12 16:46 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-12 16:46 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-12 16:46 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-12 16:46 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-12 16:46 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-12 16:46 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-12 16:46 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-12 16:46 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-12 16:46 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-12 16:46 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-12 16:46 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-12 16:46 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-12 16:46 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-12 16:46 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-12 16:46 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-12 16:46 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-12 16:46 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-12 16:46 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-12 16:46 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-12 16:46 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-12 16:45 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-12 16:44 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-12 16:44 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll ==================== One Month Modified Files and Folders ======= 2014-06-23 18:58 - 2014-06-17 22:19 - 00000000 ____D () C:\FRST 2014-06-23 18:58 - 2012-06-19 11:12 - 01570441 _____ () C:\Windows\WindowsUpdate.log 2014-06-23 18:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-06-23 18:48 - 2012-12-20 14:01 - 00000284 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job 2014-06-23 18:48 - 2012-09-28 13:22 - 00000984 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001UA.job 2014-06-23 18:48 - 2012-09-02 15:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-23 18:48 - 2011-07-27 10:59 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-23 14:43 - 2009-07-14 06:45 - 00024912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-23 14:43 - 2009-07-14 06:45 - 00024912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-23 14:38 - 2011-07-27 10:59 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-23 14:35 - 2013-02-25 21:54 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-06-23 14:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-23 14:35 - 2009-07-14 06:51 - 00084037 _____ () C:\Windows\setupact.log 2014-06-23 01:37 - 2012-09-04 16:02 - 00049435 _____ () C:\Users\Br. Pirminius Seber\Documents\Hochkirchliche St.-Johannes-Bruderschaft - Gliederliste.odt 2014-06-22 23:31 - 2012-09-02 12:41 - 00000000 ____D () C:\Users\Br. Pirminius Seber\AppData\Roaming\TOSHIBA Online Product Information 2014-06-22 23:25 - 2012-10-07 00:33 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-06-22 23:24 - 2012-09-02 14:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-18 21:44 - 2014-06-18 21:35 - 00000000 ____D () C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion 2014-06-18 21:35 - 2014-06-18 15:29 - 02082304 _____ (Farbar) C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe 2014-06-18 20:52 - 2010-11-21 05:47 - 00231336 _____ () C:\Windows\PFRO.log 2014-06-18 15:34 - 2014-06-17 22:21 - 00029690 _____ () C:\Users\Br. Pirminius Seber\Downloads\Addition.txt 2014-06-18 15:34 - 2014-06-17 22:20 - 00054298 _____ () C:\Users\Br. Pirminius Seber\Downloads\FRST.txt 2014-06-18 15:25 - 2014-06-18 15:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-18 15:19 - 2014-06-18 15:19 - 00003876 _____ () C:\Users\Br. Pirminius Seber\Desktop\JRT.txt 2014-06-18 15:10 - 2014-06-18 15:10 - 00000000 ____D () C:\Windows\ERUNT 2014-06-18 15:10 - 2014-06-18 15:09 - 01016261 _____ (Thisisu) C:\Users\Br. Pirminius Seber\Downloads\JRT.exe 2014-06-18 15:04 - 2014-06-18 15:04 - 00057486 _____ () C:\Users\Br. Pirminius Seber\Desktop\mbam.txt 2014-06-18 15:01 - 2014-03-29 03:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-18 14:49 - 2012-12-27 13:09 - 00003382 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001 2014-06-18 14:49 - 2012-12-27 13:09 - 00003276 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3090635963-4145032168-3900013317-1001 2014-06-18 14:48 - 2010-11-21 09:00 - 00000000 ____D () C:\Windows\ShellNew 2014-06-18 14:25 - 2014-06-18 14:08 - 00001073 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-18 14:25 - 2014-06-18 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-18 14:25 - 2014-06-18 14:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-18 14:18 - 2014-05-19 16:21 - 00003404 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001 2014-06-18 14:18 - 2014-03-28 20:30 - 00003298 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3090635963-4145032168-3900013317-1001 2014-06-18 14:05 - 2014-06-18 13:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Br. Pirminius Seber\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-18 13:49 - 2012-10-07 00:34 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-06-18 13:44 - 2012-09-02 12:07 - 00000000 ____D () C:\Users\Br. Pirminius Seber 2014-06-18 13:42 - 2012-09-05 00:41 - 00000000 ____D () C:\Users\Br. Pirminius Seber\Downloads\SJB - geographische Verteilung (außer Ost)-Dateien 2014-06-18 13:42 - 2012-09-02 15:51 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-06-18 13:42 - 2011-07-27 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-06-18 13:42 - 2010-11-21 09:00 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-06-18 13:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-06-18 13:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-06-18 13:41 - 2012-11-23 03:04 - 00000000 ____D () C:\ProgramData\Real 2014-06-18 13:04 - 2014-06-18 13:04 - 00000000 __SHD () C:\Users\Br. Pirminius Seber\AppData\Local\EmieUserList 2014-06-18 13:04 - 2014-06-18 13:04 - 00000000 __SHD () C:\Users\Br. Pirminius Seber\AppData\Local\EmieSiteList 2014-06-18 13:00 - 2014-06-18 12:55 - 00000000 ____D () C:\AdwCleaner 2014-06-16 20:04 - 2014-06-16 20:04 - 00014814 _____ () C:\Users\Br. Pirminius Seber\Documents\Organistendienste St. Marien Zehlendorf April bis Juli 2014.odt 2014-06-16 18:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-06-16 13:27 - 2012-09-28 13:22 - 00000962 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001Core.job 2014-06-16 12:19 - 2012-10-07 00:38 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-06-16 12:19 - 2012-10-07 00:38 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-06-16 12:18 - 2014-06-16 12:18 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-06-16 12:18 - 2014-06-16 12:18 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-06-16 12:18 - 2013-03-19 23:12 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-06-16 12:18 - 2013-03-19 23:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-06-16 12:18 - 2012-10-07 00:33 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-06-16 12:18 - 2012-10-07 00:33 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-06-13 22:35 - 2011-07-27 10:59 - 00002356 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-06-13 02:01 - 2014-05-07 01:35 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-08 11:13 - 2014-06-12 16:44 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-08 11:08 - 2014-06-12 16:44 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-05 21:26 - 2012-11-24 04:20 - 00018915 _____ () C:\Users\Br. Pirminius Seber\Documents\Hochkirchliche St.-Johannes-Bruderschaft - Namenstage.odt 2014-06-05 12:42 - 2014-01-27 23:02 - 00014877 _____ () C:\Users\Br. Pirminius Seber\Documents\Organistendienste St. Marien Zehlendorf April bis Juni 2014.odt 2014-05-30 12:21 - 2014-06-12 16:45 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-30 12:02 - 2014-06-12 16:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-30 12:02 - 2014-06-12 16:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-05-30 11:45 - 2014-06-12 16:46 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-30 11:39 - 2014-06-12 16:46 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-30 11:39 - 2014-06-12 16:46 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-05-30 11:38 - 2014-06-12 16:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-05-30 11:28 - 2014-06-12 16:46 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-30 11:27 - 2014-06-12 16:46 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-05-30 11:24 - 2014-06-12 16:46 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-30 11:21 - 2014-06-12 16:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-30 11:21 - 2014-06-12 16:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-05-30 11:20 - 2014-06-12 16:46 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-05-30 11:18 - 2014-06-12 16:46 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-30 11:11 - 2014-06-12 16:46 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-05-30 11:08 - 2014-06-12 16:46 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-30 11:06 - 2014-06-12 16:46 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-30 11:02 - 2014-06-12 16:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-30 10:55 - 2014-06-12 16:46 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-05-30 10:49 - 2014-06-12 16:46 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-05-30 10:46 - 2014-06-12 16:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-30 10:44 - 2014-06-12 16:46 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-05-30 10:44 - 2014-06-12 16:46 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-30 10:43 - 2014-06-12 16:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-05-30 10:42 - 2014-06-12 16:46 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-05-30 10:38 - 2014-06-12 16:46 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-05-30 10:35 - 2014-06-12 16:46 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-05-30 10:34 - 2014-06-12 16:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-05-30 10:33 - 2014-06-12 16:46 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-05-30 10:30 - 2014-06-12 16:46 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-05-30 10:29 - 2014-06-12 16:46 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-30 10:28 - 2014-06-12 16:46 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-05-30 10:27 - 2014-06-12 16:46 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-05-30 10:24 - 2014-06-12 16:46 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-05-30 10:23 - 2014-06-12 16:46 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-30 10:16 - 2014-06-12 16:46 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-05-30 10:10 - 2014-06-12 16:46 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-05-30 10:06 - 2014-06-12 16:46 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-05-30 10:04 - 2014-06-12 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-30 10:02 - 2014-06-12 16:46 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-05-30 09:56 - 2014-06-12 16:46 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-05-30 09:56 - 2014-06-12 16:46 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-30 09:54 - 2014-06-12 16:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-05-30 09:50 - 2014-06-12 16:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-05-30 09:49 - 2014-06-12 16:46 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-05-30 09:43 - 2014-06-12 16:46 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-30 09:40 - 2014-06-12 16:46 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-05-30 09:30 - 2014-06-12 16:46 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-30 09:21 - 2014-06-12 16:46 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-05-30 09:15 - 2014-06-12 16:46 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-05-30 09:13 - 2014-06-12 16:46 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-05-30 09:13 - 2014-06-12 16:46 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-19 01:34 ==================== End Of Log ============================ --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2014 Ran by Br. Pirminius Seber at 2014-06-23 18:59:27 Running from C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader XI (11.0.02) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated) avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited) Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{61ADDE9C-3AE6-46FC-9127-DFFF637AED03}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Deskjet 3050A J611 series Hilfe (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations) HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard) Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation) Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.8 - McAfee, Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10900.8.100 - Nero AG) Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG) Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden Nero Control Center 10 (x32 Version: 10.6.12700.0.7 - Nero AG) Hidden Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG) Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG) Nero InfoTool 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.15100.59.100 - Nero AG) Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{2063D199-D79F-471A-9019-9E647296394D}) (Version: 10.6.10300 - Nero AG) Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG) Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG) Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG) NeroKwikMedia Help (CHM) (x32 Version: 10.6.10900 - Nero AG) Hidden OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) RealDownloader (x32 Version: 17.0.9 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.9 - RealNetworks) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.) Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated) TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION) TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation) TOSHIBA Bulletin Board (Version: 2.1.10.64 - TOSHIBA Corporation) Hidden TOSHIBA ConfigFree (HKLM-x32\...\{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}) (Version: 8.0.38 - TOSHIBA CORPORATION) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation) TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.11C - TOSHIBA CORPORATION) TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.11C - TOSHIBA CORPORATION) Hidden TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.30C - TOSHIBA CORPORATION) TOSHIBA Hardware Setup (x32 Version: 1.63.0.30C - TOSHIBA CORPORATION) Hidden TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA) TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION) TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.11 - TOSHIBA CORPORATION) TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA) TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation) TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 x64 - TOSHIBA Corporation) TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA) TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation) TOSHIBA ReelTime (Version: 1.7.17.64 - TOSHIBA Corporation) Hidden TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA) TOSHIBA Supervisor Password (x32 Version: 1.63.0.10C - TOSHIBA CORPORATION) Hidden TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.10C - TOSHIBA CORPORATION) TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation) TOSHIBA Value Added Package (Version: 1.3.19.64 - TOSHIBA Corporation) Hidden TOSHIBA Value Added Package (x32 Version: 1.3.19.64 - TOSHIBA Corporation) Hidden TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.1.5 - TOSHIBA Corporation) TOSHIBA Web Camera Application (x32 Version: 2.0.1.5 - TOSHIBA Corporation) Hidden TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION) TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - ) TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 21-05-2014 18:28:15 Windows Update 05-06-2014 10:08:21 Windows Update 10-06-2014 14:25:48 Windows Update 13-06-2014 00:01:18 Windows Update 16-06-2014 10:13:39 avast! antivirus system restore point 17-06-2014 15:31:01 Windows Update 18-06-2014 11:39:01 Wiederherstellungsvorgang 18-06-2014 11:44:04 avast! antivirus system restore point 18-06-2014 11:49:48 Windows Update 22-06-2014 21:30:22 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {00861946-591E-4280-A18C-28971A50D87F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.) Task: {06AAD3C0-96D5-45EB-96E0-F4D999110471} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.) Task: {39453143-C890-4E73-B425-DD43C80766D3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001UA => C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-28] (Facebook Inc.) Task: {5BEA0EB2-19DB-4E1C-AF8D-90C45DE99150} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-07] (RealNetworks, Inc.) Task: {5F459C19-110D-40F7-B927-7F3BC56FF8FF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-16] (AVAST Software) Task: {7D9C35AF-D8F1-4275-8B58-1A5B0A1DE3BD} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-04-06] (RealNetworks, Inc.) Task: {9027BC15-68ED-4BF8-9258-0432480EDC5B} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] () Task: {96BD8039-57AF-4010-A67B-B98537FAFB52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-27] (Google Inc.) Task: {BB28F385-CB84-451E-9245-DA859554C905} - System32\Tasks\{93CF5D12-ADD9-4933-AE8A-EBCB6D15719F} => C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe Task: {C031F401-D170-471B-A47C-39591E3B8CDA} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.) Task: {D77EB404-188A-4315-A436-D63E23453434} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001Core => C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-28] (Facebook Inc.) Task: {DD88F62D-C58A-458E-AE8A-54539D6A368E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-18] (Adobe Systems Incorporated) Task: {EFCCC7CD-08FE-44A2-8C79-0CA153CCE1C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-27] (Google Inc.) Task: {F201AE44-C9F1-439B-B9A1-FC8DD0475121} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.) Task: {F9FCFF82-C0AA-4A06-BE08-4A2FE39223C8} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION) Task: {FABB902B-7C9F-428D-802A-28406F71842F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-07] (RealNetworks, Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001Core.job => C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001UA.job => C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe ==================== Loaded Modules (whitelisted) ============= 2014-04-06 23:00 - 2014-04-06 23:00 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2014-04-07 03:06 - 2014-04-07 03:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe 2011-03-03 23:21 - 2011-03-03 23:21 - 03420584 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll 2010-04-07 16:07 - 2010-04-07 16:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2009-11-03 13:26 - 2009-11-03 13:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll 2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll 2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll 2011-07-27 10:29 - 2010-08-31 15:21 - 00017272 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll 2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll 2009-07-25 16:38 - 2009-07-25 16:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll 2011-07-27 10:40 - 2011-02-22 11:16 - 00559104 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\de\Humphrey.resources.dll 2011-07-27 10:58 - 2011-12-15 15:56 - 00022400 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\de\TosDILangPack.resources.dll 2011-07-27 10:58 - 2011-12-15 15:55 - 00063360 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIInternal.XmlSerializers.dll 2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll 2014-06-22 23:27 - 2014-06-22 23:27 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062201\algo.dll 2014-06-23 14:36 - 2014-06-23 14:36 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062300\algo.dll 2014-05-09 18:24 - 2014-05-09 18:24 - 00859224 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll 2014-02-16 00:36 - 2014-02-16 00:36 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-06-18 15:25 - 2014-06-18 15:25 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-05-18 21:16 - 2014-05-18 21:16 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/23/2014 02:37:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/23/2014 00:53:20 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (06/22/2014 11:26:14 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2014 01:36:54 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (06/18/2014 10:00:41 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: bcc Startzeit: 01cf8b272ba4eaae Endzeit: 70 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: 1ff0ada8-f723-11e3-a6b4-b888e31620a2 Error: (06/18/2014 09:54:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233 Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000141b ID des fehlerhaften Prozesses: 0xf98 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (06/18/2014 09:33:49 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm FRST64.exe, Version 16.6.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1bd0 Startzeit: 01cf8b2bf0e0bc67 Endzeit: 7 Anwendungspfad: C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe Berichts-ID: 6b3f0853-f71f-11e3-a6b4-b888e31620a2 Error: (06/18/2014 09:31:55 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm FRST64.exe, Version 16.6.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1d50 Startzeit: 01cf8b2bbfcefb78 Endzeit: 5 Anwendungspfad: C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe Berichts-ID: 125913f9-f71f-11e3-a6b4-b888e31620a2 Error: (06/18/2014 08:54:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (06/19/2014 01:52:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (06/19/2014 01:52:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (06/19/2014 01:52:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (06/19/2014 01:52:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (06/19/2014 01:52:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (06/19/2014 01:52:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (06/19/2014 01:52:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (06/19/2014 01:51:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (06/19/2014 01:51:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (06/19/2014 01:51:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Microsoft Office Sessions: ========================= Error: (06/23/2014 02:37:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/23/2014 00:53:20 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe Error: (06/22/2014 11:26:14 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2014 01:36:54 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe Error: (06/18/2014 10:00:41 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7601.17567bcc01cf8b272ba4eaae70C:\Windows\Explorer.EXE1ff0ada8-f723-11e3-a6b4-b888e31620a2 Error: (06/18/2014 09:54:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141bf9801cf8b2920db0d80C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll6ba35d6b-f722-11e3-a6b4-b888e31620a2 Error: (06/18/2014 09:33:49 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: FRST64.exe16.6.2014.01bd001cf8b2bf0e0bc677C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe6b3f0853-f71f-11e3-a6b4-b888e31620a2 Error: (06/18/2014 09:31:55 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: FRST64.exe16.6.2014.01d5001cf8b2bbfcefb785C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe125913f9-f71f-11e3-a6b4-b888e31620a2 Error: (06/18/2014 08:54:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 55% Total physical RAM: 3890.67 MB Available physical RAM: 1736.09 MB Total Pagefile: 7779.52 MB Available Pagefile: 5199.96 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:186.01 GB) NTFS Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:224.04 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9E527146) Partition 1: (Active) - (Size=400 MB) - (Type=27) Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
23.06.2014, 18:25 | #26 |
| Schrift erscheint grün und doppelt unterstrichen, der Computer ist sehr langsam, viel Werbung OK ich warte auf weitere Logs.
__________________ Proud member of Unite |
23.06.2014, 19:28 | #27 |
| Schrift erscheint grün und doppelt unterstrichen, der Computer ist sehr langsam, viel Werbung ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7587 # api_version=3.0.2 # EOSSerial=9f3d10344ed7b8438cffa75a191559c4 # engine=18843 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-06-23 06:18:15 # local_time=2014-06-23 08:18:15 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 100 87 455487 167967985 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 74814 155177345 0 0 # scanned=159088 # found=53 # cleaned=0 # scan_time=3811 sh=44A7956A5D046523ABEDE48F6073E90961AAC364 ft=1 fh=7006f955c1e9646d vn="Variante von MSIL/Adware.iBryte.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserSafeguard\uninstall.BrowserSafeguard.exe.vir" sh=07EE6B2AF931FA381DE38B845181C8A12F092C1A ft=1 fh=a5c2abfedbc93267 vn="Variante von Win32/BrowseFox.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\ConstaSurfBHO.dll.vir" sh=FA9D2CA31C755D0F5A81AE72A3CCB51EE989BAA4 ft=1 fh=05c404252e66b822 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\updateConstaSurf.exe.vir" sh=63FFFBF7FA1F7DC08E3EAF79A6A28823FD3AEC47 ft=1 fh=598a7e1eeccac04b vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\ConstaSurf.BrowserAdapter.exe.vir" sh=D55371162E7AC08458FC1AC581B44FC5A6FF053F ft=1 fh=3b3d92f7237ca1af vn="Variante von Win64/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\ConstaSurf.PurBrowse64.exe.vir" sh=DC16A1153D3F88CBFAF13D0E863833C537037600 ft=1 fh=e1707a6df3f3b19b vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\ConstaSurfBAApp.dll.vir" sh=FA9D2CA31C755D0F5A81AE72A3CCB51EE989BAA4 ft=1 fh=05c404252e66b822 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\utilConstaSurf.exe.vir" sh=EDE61E449BEDDA5DDD605A395496D49703F573F9 ft=1 fh=8b21ad2fcf9602e3 vn="Variante von Win32/BrowseFox.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\{0782648b-1717-4fef-ac58-8cb3ce03adb3}.dll.vir" sh=E4C197DC89A0611542EA828724C5D1EC585580B9 ft=1 fh=d63ea59554f3e16a vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.Bromon.dll.vir" sh=B04C191760E311310E614768EA151FE0892B750D ft=1 fh=fc6b5dbd9b3b3f44 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.BroStats.dll.vir" sh=9EDB59531A9FA3C3D37E57FF56EEC6D448C5C650 ft=1 fh=2c8832b93e9ac067 vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.BrowserAdapterS.dll.vir" sh=05EADA5D6C46530C679C6A80FB8FBF9E2B21E0D7 ft=1 fh=b33ddd491724e59f vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.CompatibilityChecker.dll.vir" sh=9C4EAB8D84EFB47BE6E31100B31CBE23F8DFA9EC ft=1 fh=81149872a0603674 vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.FFUpdate.dll.vir" sh=35A23CE4F5641DC402C1A22CAB99044C6B9CAA55 ft=1 fh=4d0c1233abec05c4 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.IEUpdate.dll.vir" sh=A4D08D7A58951F22EBFE9A9D121855EE345E56F7 ft=1 fh=edd95934e1ec67b0 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.PurBrowseG.dll.vir" sh=CED05266ECDC6547AFB0B18E7AB4DBCCA5535FB9 ft=1 fh=2791e6518558f99b vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe.vir" sh=81FBC911F6F39943B5A508257ED317C6A388CA54 ft=1 fh=f881a71255879118 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir" sh=6F4FD559E82ECD0E9BF238374A8AE7763D9AF88F ft=1 fh=0fe3e64a55eab364 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir" sh=09975ED04166B761DC1CED0B15BAE6D37DCC0560 ft=1 fh=919d2464905062de vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir" sh=CC7735B51ACFC778DAFCE7B9C25798C1149059CA ft=1 fh=bdcf262ba56c13e6 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir" sh=E07AC00C609A9096EFEDCF5839D77AD91C96BD2D ft=1 fh=a44174895411af10 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir" sh=3AE79DE1D9A3C56075DB1B53DF9D7880AE03A5F6 ft=1 fh=bd390a3911fc5a39 vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir" sh=0F00EB8310C851AAD8AE9C7C17EF5F0D81617D3A ft=1 fh=1090c94a8e08b65e vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir" sh=2ADB3F435305E66F52A44D4E6509661F8B5BA47A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Br. Pirminius Seber\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.249_0\extensionData\plugins\91.js.vir" sh=DC2F44E408378C231AFA4D5E0BC65855573FA17D ft=1 fh=576bb7911dc12d10 vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Br. Pirminius Seber\AppData\Local\iLivid\Helper.dll.vir" sh=93578A0F21346F205CD6A11CE02BD58ABB98EE11 ft=1 fh=f2d1349e4484dc5e vn="Variante von Win32/Toolbar.SearchSuite.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Br. Pirminius Seber\AppData\Local\iLivid\Uninstall.exe.vir" sh=9949E2AA700EA8DC0CFEE91198AC53800C6BD0D6 ft=1 fh=aa0558f6d40a46cb vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Br. Pirminius Seber\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe.vir" sh=E082854FA3F7C89221E44406EA71086403E834E7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\Extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\91.js.vir" sh=AFFB7478306D0BAF1CBC2C646B61FB39DD4AB1FA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\Extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\91.js.vir" sh=B8E6BA69D75149795E4283A8A484B694CC50C001 ft=1 fh=7690bee84a2cb28f vn="Win32/VOPackage.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Br. Pirminius Seber\AppData\Roaming\VOPackage\Uninstall.exe.vir" sh=44ED55CB1079D34027CB77CD62248064FF5A0A09 ft=1 fh=3916453e74289c7d vn="Win32/VOPackage.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Br. Pirminius Seber\AppData\Roaming\VOPackage\VOPackage.exe.vir" sh=312B4326F089F044FEFE73A81FD94223E3F36410 ft=1 fh=789dc111d976203c vn="Variante von Win32/VOPackage.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Br. Pirminius Seber\AppData\Roaming\VOPackage\VOsrv.exe.vir" sh=CCBAAB1EB050FA9CAB112ABED57872373467F2D4 ft=1 fh=fa50e357e61e53d8 vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Br. Pirminius Seber\AppData\Local\Temp\PCSpeedMaximizer.exe.xBAD" sh=668865374E1866E82174D7683B968CEC3527691A ft=1 fh=d8f6daf83def6dca vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Br. Pirminius Seber\AppData\Local\Temp\speedupmypc.exe.xBAD" sh=990A77ECC18BC46820C2354D3726F20FAAC791E9 ft=0 fh=0000000000000000 vn="Variante von Win32/AdWare.Adpeak.I Anwendung" ac=I fn="C:\temp\t.msi" sh=3B155C78095C8F4A7851112D14C35A8128113C2C ft=1 fh=1de3c52b009f0bf0 vn="Variante von Win32/SpeedBit.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Installer\Install_10128\ytai.exe" sh=3B155C78095C8F4A7851112D14C35A8128113C2C ft=1 fh=1de3c52b009f0bf0 vn="Variante von Win32/SpeedBit.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Installer\Install_19196\ytai.exe" sh=3B155C78095C8F4A7851112D14C35A8128113C2C ft=1 fh=1de3c52b009f0bf0 vn="Variante von Win32/SpeedBit.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Installer\Install_32603\ytai.exe" sh=8E5D0DDD88C86A467E04B9323475029CD80A66D8 ft=1 fh=f12484e4e350440f vn="Variante von Win32/BrowseFox.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FNEW0LN\Setup[1].exe" sh=B2141692BDF56352A137D83E9EC73D05C423D2E5 ft=1 fh=e9e99cb68f1bf246 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FNEW0LN\SpeedUpMyPC-standalone-setup[1].exe" sh=19CA6B0692A041B3DA02EC0BA7B8D970CFC61F15 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Temp\MsiToExe.SetupExtension.msi" sh=8398427DEE8FECAF5BC25B22C826FC2DC6DF9747 ft=1 fh=81c159dc949cee29 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsg653B.tmp" sh=ACC1C7D6CD8420D4EA46A35522AFC0F096B77CCD ft=1 fh=54c2a27e7a7711bf vn="Variante von Win32/Injected.F Trojaner" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsi3A76.tmp" sh=939C16ADE15384AA65A71E9DD19E53ABBBDC344C ft=1 fh=96b3e5887a7711bf vn="Variante von Win32/Injected.F Trojaner" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsq433E.tmp" sh=BBAC352F257862DF68413AE710544A318DD2A091 ft=1 fh=c7ae4474b5cb8b84 vn="Variante von Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Uninstall.exe582819.del" sh=D2EAFFAD45CC86DE6E07E9D8E42440CD25DA5754 ft=1 fh=855d8e396d7ffddb vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Temp\0967d265-08c9-4fb3-929e-9662bc5292a5\software\Cloud_Backup_Setup.exe" sh=BBAC352F257862DF68413AE710544A318DD2A091 ft=1 fh=c7ae4474b5cb8b84 vn="Variante von Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Temp\580542.Uninstall\Uninstall.exe" sh=DE7457A095FE26A437AE65ABFF603EBC7041B29A ft=1 fh=21434bd82dbff710 vn="Variante von Win32/Packed.ScrambleWrapper.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_11175\sense.exe" sh=ADEA6F0F89F9B4A6BDCFF42C4E4AD7DA93D3B724 ft=1 fh=9219e53dcc10c3ae vn="Variante von Win32/Packed.ScrambleWrapper.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_18125\iwebar.exe" sh=3B155C78095C8F4A7851112D14C35A8128113C2C ft=1 fh=1de3c52b009f0bf0 vn="Variante von Win32/SpeedBit.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_26552\ytai.exe" sh=DEA5116E65880CCB22EC504C4C4CC7E0A1FE65B2 ft=1 fh=f49a059729fb3b71 vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\Downloads\installer_openoffice_Deutsch.exe" sh=BBAC352F257862DF68413AE710544A318DD2A091 ft=1 fh=c7ae4474b5cb8b84 vn="Variante von Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\Downloads\VideoPlayerSetup.exe" sh=146F0A6C10435A26DB5100D044452322EE84FCFE ft=1 fh=314a90aba3c22b66 vn="Variante von MSIL/Adware.Proxomoto.F Anwendung" ac=I fn="C:\Windows\Microsoft\System Update kb77600\WindowsUpdater.exe" Der Laptop funktioniert bislang wieder sehr gut. |
23.06.2014, 19:36 | #28 |
| Schrift erscheint grün und doppelt unterstrichen, der Computer ist sehr langsam, viel Werbung Schritt 1: FRST Fix Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Br. Pirminius Seber\AppData\Local\Installer C:\Users\Br. Pirminius Seber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FNEW0LN C:\Users\Br. Pirminius Seber\AppData\Local\Temp\MsiToExe.SetupExtension.msi C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsg653B.tmp C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsi3A76.tmp C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsq433E.tmp C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Uninstall.exe582819.del C:\Users\Br. Pirminius Seber\AppData\Local\Temp\0967d265-08c9-4fb3-929e-9662bc5292a5\software\Cloud_Backup_Setup.exe C:\Users\Br. Pirminius Seber\AppData\Local\Temp\580542.Uninstall\Uninstall.exe C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_11175 C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_18125 C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_26552 C:\Users\Br. Pirminius Seber\Downloads\installer_openoffice_Deutsch.exe C:\Users\Br. Pirminius Seber\Downloads\VideoPlayerSetup.exe C:\Windows\Microsoft\System Update kb77600 HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: F - F:\.\Autorun.exe AUTORUN=1 Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2: Datenträgerbereinigung Datenträgerbereinigung
__________________ Proud member of Unite |
23.06.2014, 19:45 | #29 |
| Schrift erscheint grün und doppelt unterstrichen, der Computer ist sehr langsam, viel Werbung Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014 Ran by Br. Pirminius Seber at 2014-06-23 20:45:15 Run:3 Running from C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Br. Pirminius Seber\AppData\Local\Installer C:\Users\Br. Pirminius Seber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FNEW0LN C:\Users\Br. Pirminius Seber\AppData\Local\Temp\MsiToExe.SetupExtension.msi C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsg653B.tmp C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsi3A76.tmp C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsq433E.tmp C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Uninstall.exe582819.del C:\Users\Br. Pirminius Seber\AppData\Local\Temp\0967d265-08c9-4fb3-929e-9662bc5292a5\software\Cloud_Backup_Setup.exe C:\Users\Br. Pirminius Seber\AppData\Local\Temp\580542.Uninstall\Uninstall.exe C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_11175 C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_18125 C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_26552 C:\Users\Br. Pirminius Seber\Downloads\installer_openoffice_Deutsch.exe C:\Users\Br. Pirminius Seber\Downloads\VideoPlayerSetup.exe C:\Windows\Microsoft\System Update kb77600 HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: F - F:\.\Autorun.exe AUTORUN=1 ***************** C:\Users\Br. Pirminius Seber\AppData\Local\Installer => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FNEW0LN => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\MsiToExe.SetupExtension.msi => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsg653B.tmp => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsi3A76.tmp => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsq433E.tmp => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Uninstall.exe582819.del => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\0967d265-08c9-4fb3-929e-9662bc5292a5\software\Cloud_Backup_Setup.exe => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\580542.Uninstall\Uninstall.exe => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_11175 => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_18125 => Moved successfully. C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_26552 => Moved successfully. C:\Users\Br. Pirminius Seber\Downloads\installer_openoffice_Deutsch.exe => Moved successfully. C:\Users\Br. Pirminius Seber\Downloads\VideoPlayerSetup.exe => Moved successfully. C:\Windows\Microsoft\System Update kb77600 => Moved successfully. 'HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3090635963-4145032168-3900013317-1001'=> Key not found. ==== End of Fixlog ==== |
23.06.2014, 19:48 | #30 |
| Schrift erscheint grün und doppelt unterstrichen, der Computer ist sehr langsam, viel Werbung Hallo, nach meiner Erkenntnis, ist Dein PC soweit sauber. Die Reihenfolge ist hier entscheidend.
Falls Du mir Feedback geben willst, kannst Du es hier gerne tun: Lob, Kritik und Wünsche - Trojaner-Board Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Sicheres Browsen
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ Proud member of Unite |
Themen zu Schrift erscheint grün und doppelt unterstrichen, der Computer ist sehr langsam, viel Werbung |
msil/adware.ibryte.d, msil/browsefox.e, msil/browsefox.g, pup.optional.bundleinstaller.a, pup.optional.conduit.a, pup.optional.crossrider.a, pup.optional.crossrider.m, pup.optional.dealply.a, pup.optional.dynconie.a, pup.optional.iepluginservice.a, pup.optional.iwebar.a, pup.optional.qone8, pup.optional.savesense, pup.optional.savesense.a, pup.optional.shopperpro.a, pup.optional.skytech.a, pup.optional.speedupmypc, pup.optional.suptab.a, pup.optional.websteroids.a, pup.optional.wpmanager.a, win32/browsefox.f, win32/browsefox.h, win32/browsefox.i, win32/browsefox.k, win64/browsefox.a |