|
Log-Analyse und Auswertung: TR/Patched.Ren.Gen - Überfordert!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.09.2014, 17:10 | #1 |
| TR/Patched.Ren.Gen - Überfordert! Hallo, ich muss mich hier leider in die Reihe der Überforderten mit dem Virus einreihen. Ich bekomme am laufenden Band Meldungen, wenn ich den PC anmache. Wenn ich die anderen Posts lese, muss ich gestehen, ich verstehe praktisch gar nichts von Computer. Bitte daher Anweisungen für die ganz Dummen! PHP-Code: Danke und Grüsse, Kapiernix |
09.09.2014, 17:16 | #2 |
/// TB-Ausbilder | TR/Patched.Ren.Gen - Überfordert!Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags: So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
09.09.2014, 17:26 | #3 |
| TR/Patched.Ren.Gen - Überfordert! Hallo Matthias!
__________________Vielen Dank erstmal, dass es Leute wie dich gibt! Hier nun die Infos nach dem Scan: FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014 Ran by ANTJEKRAMER (administrator) on ANTJE on 09-09-2014 18:20:50 Running from C:\Users\ANTJEKRAMER\Desktop Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Creative Technology Ltd) C:\Windows\System32\CTSVCCDA.EXE (Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe (Creative Technology Ltd.) C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe () C:\Users\ANTJEKRAMER\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1050000 2009-10-15] (Toshiba Europe GmbH) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-08] (Advanced Micro Devices, Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7858720 2009-10-21] (Realtek Semiconductor) HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-08-12] (TOSHIBA) HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [425984 2009-06-02] (TOSHIBA Electronics, Inc.) HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [480608 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-11-10] (TOSHIBA Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1586472 2009-10-15] (Synaptics Incorporated) HKLM\...\Run: [TWebCamera] => C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-11-21] (TOSHIBA CORPORATION.) HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1328480 2009-09-28] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-11-10] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [29528 2009-11-30] (TOSHIBA Corporation) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-31] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH) HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe [7642432 2014-08-27] () HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG) HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKU\S-1-5-21-2254722259-2390501912-3981444591-1000\...\Run: [CTZDetec.exe] => C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe [368640 2008-04-24] (Creative Technology Ltd.) HKU\S-1-5-21-2254722259-2390501912-3981444591-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.) HKU\S-1-5-21-2254722259-2390501912-3981444591-1000\...\Run: [Amazon Cloud Player] => C:\Users\ANTJEKRAMER\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] () Startup: C:\Users\ANTJEKRAMER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.lnk ShortcutTarget: firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {067F90BA-8380-42AD-A44C-56320425566A} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {E7F8E38E-F304-4B3D-A235-CD13DC20EAA9} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Ad-Aware Security Toolbar -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files\adawaretb\adawareDx.dll () BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Avira SearchFree Toolbar plus Web Protection -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll () Toolbar: HKCU - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\ANTJEKRAMER\AppData\Roaming\Mozilla\Firefox\Profiles\clcl7imp.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File FF Plugin: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: 20-20 3D Viewer - IKEA - C:\Users\ANTJEKRAMER\AppData\Roaming\Mozilla\Firefox\Profiles\clcl7imp.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-03-26] FF Extension: Avira Browser Safety - C:\Users\ANTJEKRAMER\AppData\Roaming\Mozilla\Firefox\Profiles\clcl7imp.default\Extensions\abs@avira.com [2014-08-31] FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\ANTJEKRAMER\AppData\Roaming\Mozilla\Firefox\Profiles\clcl7imp.default\Extensions\toolbar@ask.com [2011-11-30] FF Extension: Garmin Communicator - C:\Users\ANTJEKRAMER\AppData\Roaming\Mozilla\Firefox\Profiles\clcl7imp.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-03-08] FF Extension: Ad-Aware Security Toolbar - C:\Users\ANTJEKRAMER\AppData\Roaming\Mozilla\Firefox\Profiles\clcl7imp.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2011-12-12] FF Extension: YouTube Unblocker - C:\Users\ANTJEKRAMER\AppData\Roaming\Mozilla\Firefox\Profiles\clcl7imp.default\Extensions\youtubeunblocker@unblocker.yt.xpi [2013-06-01] Chrome: ======= CHR CustomProfile: C:\Users\ANTJEKRAMER\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (SaveSense) - C:\Users\ANTJEKRAMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk [2013-11-26] CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-31] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-31] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-31] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG) R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-10-27] (TOSHIBA CORPORATION) R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION) R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd) [File not signed] R2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed] R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [655864 2014-08-27] () R2 LMS; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-10-15] (Toshiba Europe GmbH) R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-06] (TOSHIBA Corporation) R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-09-28] (TOSHIBA Corporation) R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-11-05] (TOSHIBA Corporation) R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [677232 2009-11-10] (TOSHIBA Corporation) R2 UNS; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] S2 savesenselive; C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe /svc [X] S3 savesenselivem; C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe /medsvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-08-10] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-04-29] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG) S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-03-02] (Samsung Electronics Co., Ltd.) [File not signed] S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.) R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [165744 2014-04-22] (BitDefender LLC) S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation) S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2012-06-17] () R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-30] (COMPAL ELECTRONIC INC.) R2 PfModNT; C:\Windows\system32\drivers\PfModNT.sys [71596 2004-06-03] (Creative Technology Ltd.) [File not signed] R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation) R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [157536 2009-05-20] (Realtek Semiconductor Corp.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-15] (Avira GmbH) R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-03-02] (Samsung Electronics) [File not signed] R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.) R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation) S3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [X] S0 Lbd; system32\DRIVERS\Lbd.sys [X] S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-09 18:20 - 2014-09-09 18:22 - 00023510 _____ () C:\Users\ANTJEKRAMER\Desktop\FRST.txt 2014-09-09 18:20 - 2014-09-09 18:21 - 00000000 ____D () C:\FRST 2014-09-09 18:19 - 2014-09-09 18:19 - 01097728 _____ (Farbar) C:\Users\ANTJEKRAMER\Desktop\FRST.exe 2014-09-09 17:51 - 2014-09-09 17:55 - 00021664 _____ () C:\Users\ANTJEKRAMER\Desktop\Ereignisse.txt 2014-09-08 21:05 - 2014-09-08 21:05 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-09-08 20:44 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-09-08 20:44 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-09-08 20:44 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-09-08 20:44 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-09-08 20:33 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-08 20:33 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-08 20:33 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-08 20:33 - 2014-07-25 15:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-08 20:33 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-08 20:33 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-08 20:33 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-08 20:33 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-08 20:33 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-08 20:33 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-08 20:33 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-08 20:33 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-08 20:33 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-08 20:33 - 2014-07-25 14:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-08 20:33 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-08 20:33 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-08 20:33 - 2014-07-25 13:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-08 20:33 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-08 20:33 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-08 20:33 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-08 20:33 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-08 20:33 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-08 20:33 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-08 20:33 - 2014-07-25 13:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-08 20:33 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-08 20:33 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-08 20:33 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-08 20:33 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-08 20:33 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-08 20:33 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-08 20:33 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-09-08 20:33 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-09-08 20:33 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2014-09-08 20:33 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-09-08 20:32 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-09-08 20:32 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-09-08 20:31 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-08 20:31 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-09-08 20:31 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-09-08 20:31 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-09-08 20:31 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-09-08 20:29 - 2014-08-07 03:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-08 20:29 - 2014-08-07 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-08 20:29 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-09-08 20:12 - 2014-09-08 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2014-09-08 20:09 - 2014-09-08 20:09 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-09-08 19:57 - 2014-09-08 19:57 - 02806920 _____ () C:\Users\ANTJEKRAMER\Downloads\Adaware_Installer(1).exe 2014-08-31 15:21 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-31 15:21 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-31 15:21 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-31 15:21 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-31 15:20 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-31 15:20 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-31 15:20 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-31 15:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-31 15:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-09 18:22 - 2014-09-09 18:20 - 00023510 _____ () C:\Users\ANTJEKRAMER\Desktop\FRST.txt 2014-09-09 18:21 - 2014-09-09 18:20 - 00000000 ____D () C:\FRST 2014-09-09 18:19 - 2014-09-09 18:19 - 01097728 _____ (Farbar) C:\Users\ANTJEKRAMER\Desktop\FRST.exe 2014-09-09 18:17 - 2012-10-19 17:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-09 17:55 - 2014-09-09 17:51 - 00021664 _____ () C:\Users\ANTJEKRAMER\Desktop\Ereignisse.txt 2014-09-09 16:10 - 2011-01-05 21:06 - 01198430 _____ () C:\Windows\WindowsUpdate.log 2014-09-09 16:07 - 2013-04-17 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-09-09 16:07 - 2013-04-17 12:50 - 00000000 ____D () C:\Program Files\Avira 2014-09-09 16:07 - 2013-03-08 19:53 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-09 16:06 - 2009-07-14 06:34 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-09 16:06 - 2009-07-14 06:34 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-09 16:01 - 2011-02-13 18:01 - 00000000 ____D () C:\Users\ANTJEKRAMER\AppData\Roaming\Skype 2014-09-09 15:58 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-09 15:58 - 2009-07-14 06:39 - 00163958 _____ () C:\Windows\setupact.log 2014-09-09 10:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-09-08 21:58 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-08 21:13 - 2012-05-08 11:50 - 00000000 ____D () C:\Program Files\Google 2014-09-08 21:05 - 2014-09-08 21:05 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-09-08 21:05 - 2011-02-13 18:01 - 00000000 ____D () C:\ProgramData\Skype 2014-09-08 20:58 - 2011-01-05 21:25 - 00000000 ___RD () C:\Users\ANTJEKRAMER\Eigene Musik 2014-09-08 20:56 - 2009-07-14 06:33 - 00420584 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-08 20:55 - 2009-12-07 12:02 - 00712640 _____ () C:\Windows\PFRO.log 2014-09-08 20:53 - 2014-05-06 18:49 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-08 20:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-09-08 20:52 - 2009-12-07 12:12 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-08 20:50 - 2013-08-26 21:20 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-08 20:47 - 2011-01-14 21:40 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-08 20:12 - 2014-09-08 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2014-09-08 20:09 - 2014-09-08 20:09 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-09-08 20:01 - 2011-01-05 21:25 - 00000000 ____D () C:\Users\ANTJEKRAMER 2014-09-08 19:57 - 2014-09-08 19:57 - 02806920 _____ () C:\Users\ANTJEKRAMER\Downloads\Adaware_Installer(1).exe 2014-08-31 15:27 - 2012-03-09 19:59 - 00000000 ____D () C:\ProgramData\Avira 2014-08-25 06:53 - 2011-01-06 19:26 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-08-23 03:46 - 2014-09-08 20:32 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 02:42 - 2014-09-08 20:32 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-10 20:21 - 2009-12-07 11:39 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-10 19:54 - 2013-05-07 18:00 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-08-10 19:54 - 2013-04-17 12:50 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-08-10 19:41 - 2012-04-29 10:43 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-08-10 19:41 - 2009-12-07 12:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight Some content of TEMP: ==================== C:\Users\ANTJEKRAMER\AppData\Local\Temp\5b9d4686-8f15-432a-b212-0fb174737300.exe C:\Users\ANTJEKRAMER\AppData\Local\Temp\AskSLib.dll C:\Users\ANTJEKRAMER\AppData\Local\Temp\avgnt.exe C:\Users\ANTJEKRAMER\AppData\Local\Temp\CTWseAPI.dll C:\Users\ANTJEKRAMER\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcxgf1l.dll C:\Users\ANTJEKRAMER\AppData\Local\Temp\DWPUpgradeInstaller.exe C:\Users\ANTJEKRAMER\AppData\Local\Temp\pdf24-creator-update.exe C:\Users\ANTJEKRAMER\AppData\Local\Temp\setup.exe C:\Users\ANTJEKRAMER\AppData\Local\Temp\SkypeSetup.exe C:\Users\Gast\AppData\Local\Temp\AskSLib.dll C:\Users\Gast\AppData\Local\Temp\avgnt.exe C:\Users\Gast\AppData\Local\Temp\RSSSynchronizer.exe C:\Users\Gast\AppData\Local\Temp\rss_chs.dll C:\Users\Gast\AppData\Local\Temp\rss_cht.dll C:\Users\Gast\AppData\Local\Temp\rss_deu.dll C:\Users\Gast\AppData\Local\Temp\rss_enu.dll C:\Users\Gast\AppData\Local\Temp\rss_esn.dll C:\Users\Gast\AppData\Local\Temp\rss_fra.dll C:\Users\Gast\AppData\Local\Temp\rss_ita.dll C:\Users\Gast\AppData\Local\Temp\rss_jpn.dll C:\Users\Gast\AppData\Local\Temp\rss_nld.dll C:\Users\Gast\AppData\Local\Temp\rss_ptb.dll C:\Users\Gast\AppData\Local\Temp\v_o8atut.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-09 10:02 ==================== End Of Log ============================ Additional: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-09-2014 Ran by ANTJEKRAMER at 2014-09-09 18:24:36 Running from C:\Users\ANTJEKRAMER\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996} AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) Ad-Aware Antivirus (HKLM\...\{30EA2BAC-C89C-4EAE-BDCF-8C7C8DDB79B1}_AdAwareUpdater) (Version: 11.3.6321.0 - Lavasoft) Ad-Aware Browsing Protection (HKLM\...\Ad-Aware Browsing Protection) (Version: 0.9.0.2 - Lavasoft) Ad-Aware Security Toolbar (HKLM\...\adawaretb) (Version: 0.9.1.15 - Lavasoft) AdAwareInstaller (Version: 11.3.6321.0 - Lavasoft) Hidden AdAwareUpdater (Version: 11.3.6321.0 - Lavasoft) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.) Adobe AIR (Version: 1.5.2.8870 - Adobe Systems Inc.) Hidden Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC) Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC) AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.14.1.0 - Ask.com) <==== ATTENTION ATI Catalyst Install Manager (HKLM\...\{327302DA-42B3-CF80-A242-E7E16FB6BB91}) (Version: 3.0.741.0 - ATI Technologies, Inc.) Audible Download Manager (HKLM\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.) AudibleManager (HKLM\...\AudibleManager) (Version: 2000050912.48.56.27725034 - Audible, Inc.) Avira (HKLM\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Avira (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) CanoScan Toolbox Ver4.6 (HKLM\...\{088A077A-8028-408C-AE7B-4512AE2A65A0}) (Version: - ) Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (Version: 2009.0908.2225.38429 - ATI) Hidden Catalyst Control Center Graphics Full Existing (Version: 2009.0908.2225.38429 - ATI) Hidden Catalyst Control Center Graphics Full New (Version: 2009.0908.2225.38429 - ATI) Hidden Catalyst Control Center Graphics Light (Version: 2009.0908.2225.38429 - ATI) Hidden Catalyst Control Center Graphics Previews Common (Version: 2009.0908.2225.38429 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (Version: 2009.0908.2225.38429 - ATI) Hidden Catalyst Control Center InstallProxy (Version: 2009.0908.2225.38429 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (Version: 2009.0908.2225.38429 - ATI) Hidden CCC Help Chinese Standard (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Chinese Traditional (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Czech (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Danish (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Dutch (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help English (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Finnish (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help French (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help German (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Greek (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Hungarian (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Italian (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Japanese (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Korean (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Norwegian (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Polish (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Portuguese (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Russian (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Spanish (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Swedish (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Thai (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Turkish (Version: 2009.0908.2224.38429 - ATI) Hidden ccc-core-static (Version: 2009.0908.2225.38429 - Ihr Firmenname) Hidden ccc-utility (Version: 2009.0908.2225.38429 - ATI) Hidden Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Creative Jukebox Driver (HKLM\...\Creative Jukebox Driver) (Version: - ) Creative Media Lite (HKLM\...\Creative Media Lite) (Version: - ) Creative MediaSource (HKLM\...\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}) (Version: 2.00 - ) Creative Software Update (Version: 1.00.14 - Creative Technology Ltd.) Hidden Creative ZEN Stone-Benutzerhandbuch (HKLM\...\ZENStoneUG) (Version: - Creative Tech) Creative Zen Touch (HKLM\...\{1103112B-513D-4DEF-96B4-9889774E0118}) (Version: 1.0 - ) Creative-Systeminformationen (HKLM\...\SysInfo) (Version: - ) DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC) Elevated Installer (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden FOTOParadies (HKLM\...\{FD838798-E2CB-45FA-AF79-6011519031E2}}_is1) (Version: 3.5.7.5 - Foto Online Service GmbH) Garmin Express (HKLM\...\{9471d6bd-67a9-40f6-a420-2ae4f08ef003}) (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Garmin Express (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation) iTunes (HKLM\...\{C8EBB0DE-5655-4D32-99E1-9447E702A89F}) (Version: 11.1.2.32 - Apple Inc.) Java(TM) 6 Update 14 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.) Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.1 - F.J. Wechselberger) Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon) Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.1.1 - Nikon) PDF24 Creator 5.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.2 - Nikon) PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Plus-HD-2.2 (HKLM\...\Plus-HD-2.2) (Version: 1.31.153.0 - Plus HD) <==== ATTENTION QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.) Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5964 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.) Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.4.0 - SAMSUNG Electronics Co., Ltd.) Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.0 - Synaptics Incorporated) TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.12 - TOSHIBA) TOSHIBA Bulletin Board (HKLM\...\InstallShield_{6B81F4D9-A640-4081-A01D-7CB37F5DF4A4}) (Version: 1.5.06.32 - TOSHIBA Corporation) TOSHIBA Bulletin Board (Version: 1.5.06.32 - TOSHIBA Corporation) Hidden TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 - TOSHIBA Corporation) TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.06-A - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.1.12.0 - TOSHIBA Corporation) TOSHIBA eco Utility (Version: 1.1.12.0 - TOSHIBA Corporation) Hidden TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba) TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - Toshiba) Hidden TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.3.32 - TOSHIBA Corporation) TOSHIBA Face Recognition (Version: 3.1.3.32 - TOSHIBA Corporation) Hidden TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION) TOSHIBA Flash Cards Support Utility (Version: 1.63.0.4C - TOSHIBA CORPORATION) Hidden TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.16C - TOSHIBA CORPORATION) TOSHIBA Hardware Setup (Version: 1.63.0.16C - TOSHIBA CORPORATION) Hidden TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.4 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (Version: 3.1.0.4 - TOSHIBA Corporation) Hidden Toshiba Manuals (HKLM\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.00 - TOSHIBA) Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.08.0001 - TOSHIBA) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.1.0 - TOSHIBA Corporation) TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 - TOSHIBA Corporation) TOSHIBA ReelTime (HKLM\...\InstallShield_{921F22A4-290B-4B6C-9E8E-B50B58F18ED0}) (Version: 1.5.08.32 - TOSHIBA Corporation) TOSHIBA ReelTime (Version: 1.5.08.32 - TOSHIBA Corporation) Hidden TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA) TOSHIBA Supervisor Password (Version: 1.63.0.7C - TOSHIBA CORPORATION) Hidden TOSHIBA Supervisorkennwort (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION) Toshiba TEMPRO (HKLM\...\{14555947-6F14-421F-8F61-6489E0FDFAE5}) (Version: 3.08 - Toshiba Europe GmbH) TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.34 - TOSHIBA Corporation) TOSHIBA Value Added Package (Version: 1.2.34 - TOSHIBA Corporation) Hidden TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.9 - TOSHIBA Corporation) TRORMCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.9 - TOSHIBA) TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 (KB974631) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{052CA271-6C3E-4B8F-9EEE-CEA84BC901DC}) (Version: - Microsoft) Update for Microsoft Office Word 2007 (KB974631) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CA2F3DF8-C8AE-4933-92F1-FE482442F6E6}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Utility Common Driver (Version: 1.0.50.27C - TOSHIBA) Hidden VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden ViewNX (HKLM\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.1.1 - Nikon) Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation) VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN) WildTangent-Spiele (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent) Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{4D72E5BC-BC7C-11E0-83CA-10424824019B}\InprocServer32 -> C:\Users\ANTJEKRAMER\AppData\Local\AskToolbar\Downloaded Program Files\AviraIDW.dll (Ask.com) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{595EF3BD-A186-454A-810C-02015139ACDC}\InprocServer32 -> C:\Users\ANTJEKRAMER\AppData\Local\AskToolbar\Downloaded Program Files\Avira.dll (Ask.com) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{5CAA6074-C368-4FAD-A0D6-2F348355C324}\InprocServer32 -> C:\Users\ANTJEKRAMER\AppData\Local\AskToolbar\Downloaded Program Files\AviraIDWUPD.dll (Ask.com) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{7F902AD4-FC6A-4B2F-8B8D-B6DD4E329B76}\InprocServer32 -> C:\Users\ANTJEKRAMER\AppData\Local\AskToolbar\Downloaded Program Files\AviraWidget.dll (Ask.com) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{DF846759-BE0F-4451-B9D3-4BEFF765A1FD}\InprocServer32 -> C:\Users\ANTJEKRAMER\AppData\Local\AskToolbar\Downloaded Program Files\AviraTrans.dll (Ask.com) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{FBE88A10-FF53-11E0-AB2A-AE904824019B}\InprocServer32 -> C:\Users\ANTJEKRAMER\AppData\Local\AskToolbar\Downloaded Program Files\AviraIDWUS.dll (Ask.com) ==================== Restore Points ========================= 01-08-2014 20:06:23 Windows Update 01-08-2014 20:25:51 Windows Update 10-08-2014 17:52:08 Windows Update 31-08-2014 13:16:31 Entfernt Creative MediaSource Detector 31-08-2014 13:18:53 Windows Update 31-08-2014 13:18:58 Konfiguriert Engine Installer 31-08-2014 13:20:55 Windows-Sicherung 08-09-2014 17:59:10 AA11 08-09-2014 18:23:51 Windows Update 08-09-2014 18:35:24 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00C2DFFB-ADB0-439F-A6A9-2DA06D1AAB8D} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION Task: {0B967E98-4F4A-40AE-B171-8C85852EEE01} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-17] (Adobe Systems Incorporated) Task: {1BA01909-43F1-46E1-803F-A22ABA4E19D0} - System32\Tasks\{79283F13-2AE4-4C8C-8849-5B6327159300} => C:\Users\ANTJEKRAMER\Downloads\B4A01dex.exe Task: {282F9EC6-53CD-474D-87F6-66F444FAA039} - System32\Tasks\{35B5CFF1-DB37-46C7-84DF-488BAD58EF78} => C:\Program Files\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.) Task: {68BD67CC-4802-49D3-9495-90B2B15B34C9} - System32\Tasks\SaveSense => C:\Users\ANTJEK~1\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {71291486-D27D-478A-AB82-2D212F8A774B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {71D01C25-F216-4C33-AE59-C4BF3FCC486B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-08] (Google Inc.) Task: {73B03B2C-5D11-41DF-BED2-3D36F9B14519} - System32\Tasks\Plus-HD-2.2-firefoxinstaller => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe Task: {7813C8B8-F101-4F09-A3A0-6F885586596A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-08] (Google Inc.) Task: {86F2AF6F-6C3E-4CEF-93D0-A47FAAA86807} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-01-04] () <==== ATTENTION Task: {8B0E9263-B6FC-47CB-B8E6-73792DE33F3B} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION) Task: {8E41DFE5-BA27-465C-9CCE-70FDF9D52CE9} - System32\Tasks\Plus-HD-2.2-chromeinstaller => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe Task: {9FBD16D5-860C-432D-B5B1-0CE6296219E8} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2012-05-25] (Lavasoft Limited ) Task: {C572C1CD-B38D-4B0E-B392-093AA0B9818C} - \8e6d0740 No Task File <==== ATTENTION Task: {D63CD7E5-5B48-487C-AF3C-5BE8FDF8028B} - System32\Tasks\{3BE50B50-EFD9-4B8C-954D-6292082461B3} => C:\Users\ANTJEKRAMER\Downloads\4200fvst8611a_xpen(1).exe Task: {E30DFE58-948F-4434-955B-E57E1C757F70} - System32\Tasks\Plus-HD-2.2-codedownloader => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe Task: {FBDC998E-BBF7-4F7D-9F68-30883BD168D7} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe <==== ATTENTION Task: C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe <==== ATTENTION Task: C:\Windows\Tasks\SaveSense.job => C:\Users\ANTJEK~1\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2012-10-11 22:56 - 2012-10-11 22:56 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2012-10-11 22:56 - 2012-10-11 22:56 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-08-27 12:51 - 2014-08-27 12:51 - 00655864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe 2014-08-27 12:55 - 2014-08-27 12:55 - 00087896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_thread-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00022360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_system-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00030040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_chrono-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00048480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_date_time-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00107872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_filesystem-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 09918800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareServiceKernel.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 02423600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\RCF.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00638296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_regex-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00580424 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareActivation.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 01643352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareApplicationUpdater.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00642376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareGamingMode.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00087360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareReset.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00105280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTime.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00747352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdater.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00693096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdaterScheduler.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00865608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIgnoreList.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00206664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareQuarantine.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00779096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiMalwareEngine.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00174936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiRootkitEngine.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00870736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerHistory.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 01000256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScanner.dll 2014-08-27 12:56 - 2014-08-27 12:56 - 00030552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_timer-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00768344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerScheduler.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00868184 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareRealTimeProtection.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00190800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIncompatibles.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00703304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiSpam.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00666448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiPhishing.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 02359632 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareParentalControl.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 02411344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareWebProtection.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00834384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareEmailProtection.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00999256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNetworkProtection.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00796992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePromo.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00286536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareFeedback.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 02124120 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareThreatWorkAlliance.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00977216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePinCode.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00796992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNotice.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00739656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAvcEngine.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00123712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\SecurityCenter.dll 2009-09-28 15:42 - 2009-09-28 15:42 - 00525688 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll 2011-01-05 20:59 - 2009-10-02 14:18 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 02555216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareShellExtension.dll 2011-01-05 22:05 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll 2009-10-18 16:20 - 2009-10-18 16:20 - 07980344 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2009-11-03 14:26 - 2009-11-03 14:26 - 00058680 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll 2009-12-07 11:56 - 2009-06-22 15:38 - 00015160 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll 2009-03-12 20:08 - 2009-03-12 20:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll 2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll 2009-07-29 16:35 - 2009-07-29 16:35 - 00014648 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll 2014-08-31 15:27 - 2014-07-14 16:49 - 00049744 _____ () C:\Users\ANTJEKRAMER\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 07642432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe 2014-08-27 12:55 - 2014-08-27 12:55 - 00405848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_locale-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 01597248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\HtmlFramework.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00056632 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\DllStorage.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00833360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTrayDefaultSkin.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00641344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\Localization.dll 2014-05-09 17:31 - 2014-05-08 19:26 - 03145536 _____ () C:\Users\ANTJEKRAMER\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe 2009-05-04 11:45 - 2009-05-04 11:45 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll 2011-01-05 21:02 - 2011-01-05 21:02 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2009-11-05 10:14 - 2009-11-05 10:14 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll 2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll 2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll 2014-07-31 20:24 - 2014-07-31 20:24 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-07-17 20:32 - 2014-07-17 20:32 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: GamesAppService => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk => C:\Windows\pss\Nikon Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^ANTJEKRAMER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ApnUpdater => "C:\Program Files\Ask.com\Updater\Updater.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: Creative Detector => "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R MSCONFIG\startupreg: CTZDetec.exe => C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: KiesHelper => C:\Program Files\Samsung\Kies\KiesHelper.exe /s MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: Optimizer Pro => C:\Program Files\Optimizer Pro\OptProLauncher.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SoftAuto.exe => "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe ==================== Faulty Device Manager Devices ============= Name: SBRE Description: SBRE Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: SBRE Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (09/09/2014 03:55:01 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm avscan.exe, Version 14.0.6.548 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 958 Startzeit: 01cfcb9a70592443 Endzeit: 60000 Anwendungspfad: C:\Program Files\Avira\AntiVir Desktop\avscan.exe Berichts-ID: b3d482ce-3828-11e4-8bef-705ab6857b2d Error: (09/09/2014 10:05:26 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (09/09/2014 05:58:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 28230581 Error: (09/09/2014 05:58:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 28230581 Error: (09/09/2014 05:58:36 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/31/2014 03:16:29 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {549cea21-e3b6-4833-9b97-bd2cafe601fc} Error: (08/31/2014 03:13:00 PM) (Source: MsiInstaller) (EventID: 1024) (User: ANTJE) Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (07/31/2014 07:09:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: googledrivesync.exe, Version: 1.14.6059.644, Zeitstempel: 0x509418e4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00052d37 ID des fehlerhaften Prozesses: 0xf50 Startzeit der fehlerhaften Anwendung: 0xgoogledrivesync.exe0 Pfad der fehlerhaften Anwendung: googledrivesync.exe1 Pfad des fehlerhaften Moduls: googledrivesync.exe2 Berichtskennung: googledrivesync.exe3 Error: (06/26/2014 09:57:07 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm OIS.EXE, Version 12.0.6606.1000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b28 Startzeit: 01cf917886a9e584 Endzeit: 4 Anwendungspfad: C:\PROGRA~1\MICROS~2\Office12\OIS.EXE Berichts-ID: e677c100-fd6b-11e3-b579-705ab6857b2d Error: (06/21/2014 09:51:16 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: ) Description: TSS Load: could not communicate with TMachInfo service System errors: ============= Error: (09/09/2014 04:06:15 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} Error: (09/09/2014 04:04:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (09/09/2014 04:01:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SaveSenseLive Service (savesenselive)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/09/2014 04:01:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (09/09/2014 04:01:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht. Error: (09/09/2014 03:58:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error: (09/09/2014 03:58:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error: (09/09/2014 05:58:31 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Garmin Core Update Service erreicht. Error: (09/08/2014 09:27:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (09/08/2014 09:24:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SaveSenseLive Service (savesenselive)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (06/16/2011 09:36:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1183 seconds with 600 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz Percentage of memory in use: 67% Total physical RAM: 3061.61 MB Available physical RAM: 979.88 MB Total Pagefile: 6121.5 MB Available Pagefile: 4007.24 MB Total Virtual: 2047.88 MB Available Virtual: 1895.68 MB ==================== Drives ================================ Drive c: (WINDOWS) (Fixed) (Total:232.42 GB) (Free:161.22 GB) NTFS Drive d: (Data) (Fixed) (Total:232.95 GB) (Free:88.38 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 76D98D76) Partition 1: (Active) - (Size=400 MB) - (Type=27) Partition 2: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Vielen, vielen DANK!!!! Grüsse Antje |
09.09.2014, 17:36 | #4 |
/// TB-Ausbilder | TR/Patched.Ren.Gen - Überfordert! Servus, wir beginnen erst mal so: Scan mit Combofix
|
09.09.2014, 18:20 | #5 |
| TR/Patched.Ren.Gen - Überfordert! so, fertig Code:
ATTFilter ComboFix 14-09-09.01 - ANTJEKRAMER 09.09.2014 18:48:39.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3062.940 [GMT 2:00] ausgeführt von:: c:\users\ANTJEKRAMER\Desktop\ComboFix.exe AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996} AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED} SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B} SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\SaveSenseLive c:\programdata\SaveSenseLive\Update\Log\SaveSenseLive.log c:\users\ANTJEK~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll c:\users\ANTJEKRAMER\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll c:\users\ANTJEKRAMER\AppData\Roaming\SaveSense c:\users\ANTJEKRAMER\AppData\Roaming\SaveSense\UpdateProc\config.dat c:\windows\system32\System32\MASetupCleaner.exe c:\windows\system32\System32\muzapp.exe . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_savesenselive -------\Service_savesenselivem . . ((((((((((((((((((((((( Dateien erstellt von 2014-08-09 bis 2014-09-09 )))))))))))))))))))))))))))))) . . 2014-09-09 16:58 . 2014-09-09 16:58 -------- d-----w- c:\users\Gast\AppData\Local\temp 2014-09-09 16:58 . 2014-09-09 17:03 -------- d-----w- c:\users\ANTJEKRAMER\AppData\Local\temp 2014-09-09 16:58 . 2014-09-09 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-09-09 16:20 . 2014-09-09 16:25 -------- d-----w- C:\FRST 2014-09-08 19:05 . 2014-09-08 19:05 -------- d-----w- c:\program files\Common Files\Skype 2014-09-08 18:44 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll 2014-09-08 18:44 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll 2014-09-08 18:44 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe 2014-09-08 18:44 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2014-09-08 18:32 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll 2014-09-08 18:32 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys 2014-09-08 18:31 . 2014-07-16 02:46 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-08 18:31 . 2014-06-03 09:30 101824 ----a-w- c:\windows\system32\consent.exe 2014-09-08 18:31 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\system32\msi.dll 2014-09-08 18:31 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\system32\authui.dll 2014-09-08 18:31 . 2014-06-03 09:29 337408 ----a-w- c:\windows\system32\msihnd.dll 2014-09-08 18:29 . 2014-08-07 01:43 412160 ----a-w- c:\windows\system32\aepdu.dll 2014-09-08 18:29 . 2014-08-07 01:39 302592 ----a-w- c:\windows\system32\aeinv.dll 2014-09-08 18:09 . 2014-09-08 18:09 -------- d-----w- c:\program files\Common Files\Lavasoft 2014-08-31 13:21 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll 2014-08-31 13:21 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe 2014-08-31 13:21 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll 2014-08-31 13:21 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll 2014-08-31 13:20 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll 2014-08-31 13:20 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll 2014-08-31 13:20 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll 2014-08-31 13:19 . 2014-05-14 07:23 179656 ----a-w- c:\windows\system32\wuwebv.dll 2014-08-31 13:19 . 2014-05-14 07:17 33792 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-09-09 14:39 . 2014-09-09 08:06 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD336A1C-EF5C-4E47-9A67-AB9D315E2DC7}\offreg.dll 2014-08-25 04:53 . 2011-01-06 17:26 231584 ------w- c:\windows\system32\MpSigStub.exe 2014-08-21 09:24 . 2014-09-09 08:01 8581864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD336A1C-EF5C-4E47-9A67-AB9D315E2DC7}\mpengine.dll 2014-08-10 17:54 . 2013-05-07 16:00 35848 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2014-08-10 17:54 . 2013-04-17 10:50 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2014-07-17 19:18 . 2012-10-19 15:51 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-07-17 19:18 . 2011-05-15 16:25 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-06-18 01:51 . 2014-07-17 18:37 646144 ----a-w- c:\windows\system32\osk.exe 2013-10-18 13:20 . 2013-10-18 13:20 50053120 ----a-w- c:\program files\GUTA5A2.tmp . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] 2011-11-29 19:15 86696 ----a-w- c:\program files\adawaretb\adawareDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-11-29 86696] . [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2008-04-24 368640] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-07-24 21650016] "Amazon Cloud Player"="c:\users\ANTJEKRAMER\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2014-05-08 3145536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-10-15 1050000] "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-08 98304] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-21 7858720] "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984] "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-05 480608] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-11-10 738616] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-15 1586472] "TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-21 2454840] "SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-10-19 163840] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 611672] "ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136] "Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-09-28 1328480] "TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-11-10 611672] "TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-11-30 29528] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-08-31 751184] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-12-12 163000] "AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe" [2014-08-27 7642432] "Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-27 164656] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296] . c:\users\ANTJEKRAMER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2014-7-31 275568] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk backup=c:\windows\pss\Nikon Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^ANTJEKRAMER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] path=c:\users\ANTJEKRAMER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater] 2011-09-08 13:55 888488 ----a-w- c:\program files\Ask.com\Updater\Updater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-09-13 17:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector] 2004-12-02 17:23 102400 ------w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTZDetec.exe] 2008-04-24 16:57 368640 ------w- c:\program files\Creative\Creative Media Lite\CTZDetec.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer] 2013-05-20 02:37 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp] 2013-09-19 07:47 1093976 ----a-w- c:\program files\Garmin\Express Tray\ExpressTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2013-10-23 15:31 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftAuto.exe] 2008-05-28 02:39 401408 ----a-w- c:\program files\Creative\Software Update 3\SoftAuto.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration] 2009-08-25 14:49 134032 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaReminder.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosNC] 2009-11-30 09:46 467304 ----a-w- c:\program files\TOSHIBA\BulletinBoard\TosNcCore.exe . R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192] R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 265088] R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-07-13 11904] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 80824] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-07-25 108032] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2012-06-17 15232] R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-12-02 137600] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 174592] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 121064] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 12776] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 136808] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 181432] R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 111960] R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 677232] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-12 1343400] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-25 37352] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-08 172032] S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-08-31 430160] S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-08-31 1021008] S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-08-27 160048] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-10-27 185712] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-09-19 250200] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336] S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [2014-08-27 655864] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 5120] S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2009-10-15 116104] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 185712] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 12920] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240] S3 gzflt;gzflt;c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [2014-04-22 165744] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2011-06-20 1117800] . . Inhalt des "geplante Tasks" Ordners . 2014-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 19:18] . 2014-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-08 09:50] . 2014-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-08 09:50] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\ANTJEKRAMER\AppData\Roaming\Mozilla\Firefox\Profiles\clcl7imp.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . SafeBoot-mcmscsvc SafeBoot-MCODS MSConfigStartUp-GoogleDriveSync - c:\program files\Google\Drive\googledrivesync.exe MSConfigStartUp-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe MSConfigStartUp-KiesPDLR - c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\KiesTrayAgent.exe MSConfigStartUp-Optimizer Pro - c:\program files\Optimizer Pro\OptProLauncher.exe AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTsvcCDA.EXE c:\program files\Creative\Shared Files\CTDevSrv.exe c:\windows\system32\taskhost.exe c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\windows\system32\TODDSrv.exe c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Zeit der Fertigstellung: 2014-09-09 19:09:51 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2014-09-09 17:09 . Vor Suchlauf: 10 Verzeichnis(se), 173.785.526.272 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 175.929.077.760 Bytes frei . - - End Of File - - B40242CA3A8B8E3E00BBAD571BD1F9B7 A36C5E4F47E84449FF07ED3517B43A31 |
10.09.2014, 08:48 | #6 | |
/// TB-Ausbilder | TR/Patched.Ren.Gen - Überfordert! So geht es weiter: Mehrere Anti-Virus-Programme Code:
ATTFilter Ad-Aware Antivirus Avira Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast. Zitat:
Anschließend diese Schritte ausführen: Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
10.09.2014, 16:16 | #7 |
| TR/Patched.Ren.Gen - Überfordert! Hallo Matthias, also, Avira hab ich deinstalliert, so dass nur noch Adaware läuft. AdwCleaner S0: Code:
ATTFilter # AdwCleaner v3.309 - Bericht erstellt am 10/09/2014 um 15:59:42 # Aktualisiert 02/09/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits) # Benutzername : ANTJEKRAMER - ANTJE # Gestartet von : C:\Users\ANTJEKRAMER\Desktop\adwcleaner_3.309.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Partner Ordner Gelöscht : C:\Program Files\adawaretb Ordner Gelöscht : C:\Program Files\Ask.com [/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien Ordner Gelöscht : C:\Program Files\Plus-HD-2.2 Ordner Gelöscht : C:\Program Files\Toolbar Cleaner Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe} Ordner Gelöscht : C:\Users\ANTJEKRAMER\AppData\Local\AskToolbar Ordner Gelöscht : C:\Users\ANTJEKRAMER\AppData\Local\SaveSenseLive Ordner Gelöscht : C:\Users\ANTJEKRAMER\AppData\LocalLow\adawaretb Ordner Gelöscht : C:\Users\ANTJEKRAMER\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\ANTJEKRAMER\Documents\Optimizer Pro Ordner Gelöscht : C:\Users\Gast\AppData\Local\AskToolbar Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\adawaretb Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\ANTJEKRAMER\AppData\Roaming\Mozilla\Firefox\Profiles\clcl7imp.default\adawaretb Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\96gqb7pq.default\adawaretb Ordner Gelöscht : C:\Users\ANTJEKRAMER\AppData\Roaming\Mozilla\Firefox\Profiles\clcl7imp.default\Extensions\toolbar@ask.com Ordner Gelöscht : C:\Users\ANTJEKRAMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk ***** [ Tasks ] ***** Task Gelöscht : SaveSense Task Gelöscht : Scheduled Update for Ask Toolbar ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickCtrl.9 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLive.Update3WebControl.3 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3 Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{997E3BFB-F821-411C-8B96-D61D415EC8FA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44FC7A33-2E5C-48DC-B6F5-B81E8005D122} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{93D3100A-BBB6-456C-96FC-82CAC5F383AC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{997E3BFB-F821-411C-8B96-D61D415EC8FA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CDDAB3A4-E64D-4AE0-9E1D-F3132F5F913F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E66A759D-367F-433E-85C6-ED7F040BCC32} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27CE191D-733B-4450-AFCD-096D105288C3} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] Schlüssel Gelöscht : HKCU\Software\1ClickDownload Schlüssel Gelöscht : HKCU\Software\Ask.com Schlüssel Gelöscht : HKCU\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\SaveSense Schlüssel Gelöscht : HKCU\Software\SaveSenseLive Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\AskToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\DealPlyLive Schlüssel Gelöscht : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Plus-HD-2.2 Schlüssel Gelöscht : HKLM\SOFTWARE\SaveSense Schlüssel Gelöscht : HKLM\SOFTWARE\SaveSenseLive Schlüssel Gelöscht : HKLM\SOFTWARE\Toolbar Cleaner Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.2 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17239 -\\ Mozilla Firefox v31.0 (x86 de) [ Datei : C:\Users\ANTJEKRAMER\AppData\Roaming\Mozilla\Firefox\Profiles\clcl7imp.default\prefs.js ] Zeile gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\"); Zeile gelöscht : user_pref("extensions.asktb.cbid", "JM"); Zeile gelöscht : user_pref("extensions.asktb.config-updated", true); Zeile gelöscht : user_pref("extensions.asktb.crumb", "2011.07.03+03.07.04-toolbar003iad-DE-QmVybGluLEdlcm1hbnk%3D"); Zeile gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar"); Zeile gelöscht : user_pref("extensions.asktb.dtid", "YYYYYYYYDE"); Zeile gelöscht : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false); Zeile gelöscht : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0007"); Zeile gelöscht : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C"); Zeile gelöscht : user_pref("extensions.asktb.first-restart-after-config-update", true); Zeile gelöscht : user_pref("extensions.asktb.fresh-install", false); Zeile gelöscht : user_pref("extensions.asktb.guid", "811e83be-d670-4bb2-9b82-7c5d53ea9a72"); Zeile gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...] Zeile gelöscht : user_pref("extensions.asktb.if", "first"); Zeile gelöscht : user_pref("extensions.asktb.keyword-toggled-in-session", false); Zeile gelöscht : user_pref("extensions.asktb.l", "dis"); Zeile gelöscht : user_pref("extensions.asktb.last-config-req", "1410356295718"); Zeile gelöscht : user_pref("extensions.asktb.last-v", "3.14.0.100010"); Zeile gelöscht : user_pref("extensions.asktb.locale", "de_DE"); Zeile gelöscht : user_pref("extensions.asktb.location", "Berlin,Germany"); Zeile gelöscht : user_pref("extensions.asktb.new-tab-opt-out", true); Zeile gelöscht : user_pref("extensions.asktb.notification-shown", true); Zeile gelöscht : user_pref("extensions.asktb.o", "100000080"); Zeile gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Zeile gelöscht : user_pref("extensions.asktb.qsrc", "2871"); Zeile gelöscht : user_pref("extensions.asktb.r", "20"); Zeile gelöscht : user_pref("extensions.asktb.sa", "NO"); Zeile gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true); Zeile gelöscht : user_pref("extensions.asktb.silent-upgrade", true); Zeile gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false); Zeile gelöscht : user_pref("extensions.asktb.themeid", ""); Zeile gelöscht : user_pref("extensions.asktb.to", ""); Zeile gelöscht : user_pref("extensions.asktb.v", "3.14.0.100015"); [ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\96gqb7pq.default\prefs.js ] -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [17283 octets] - [10/09/2014 15:49:00] AdwCleaner[S0].txt - [17221 octets] - [10/09/2014 15:59:42] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17282 octets] ########## So, jetzt wurds blöd: MBAM hat gesucht und gefunden. Aber die Suchlauf-Datei war leer. Als ich einfach versuchte zu exportieren, ist jedes Mal das Programm abgestürzt. Hab alles Mögliche versucht, Neustarten, Deinstallieren und wieder installieren, neuer Suchlauf. Hat alles nichts gebracht. Daher hier mal zumindest die MBAM-"Schutz"datei Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 10.09.2014 16:06:42, SYSTEM, ANTJE, Protection, Malware Protection, Starting, Protection, 10.09.2014 16:06:42, SYSTEM, ANTJE, Protection, Malware Protection, Started, Protection, 10.09.2014 16:06:42, SYSTEM, ANTJE, Protection, Malicious Website Protection, Starting, Update, 10.09.2014 16:06:44, SYSTEM, ANTJE, Manual, Rootkit Database, 2014.2.20.1, 2014.8.21.1, Update, 10.09.2014 16:07:16, SYSTEM, ANTJE, Manual, Malware Database, 2014.3.4.9, 2014.9.10.5, Protection, 10.09.2014 16:07:17, SYSTEM, ANTJE, Protection, Refresh, Starting, Protection, 10.09.2014 16:07:28, SYSTEM, ANTJE, Protection, Malicious Website Protection, Started, Protection, 10.09.2014 16:07:28, SYSTEM, ANTJE, Protection, Malicious Website Protection, Stopping, Protection, 10.09.2014 16:07:28, SYSTEM, ANTJE, Protection, Malicious Website Protection, Stopped, Protection, 10.09.2014 16:07:33, SYSTEM, ANTJE, Protection, Refresh, Success, Protection, 10.09.2014 16:07:33, SYSTEM, ANTJE, Protection, Malicious Website Protection, Starting, Protection, 10.09.2014 16:07:34, SYSTEM, ANTJE, Protection, Malicious Website Protection, Started, Protection, 10.09.2014 16:26:55, SYSTEM, ANTJE, Protection, Malware Protection, Starting, Protection, 10.09.2014 16:26:55, SYSTEM, ANTJE, Protection, Malware Protection, Started, Protection, 10.09.2014 16:26:55, SYSTEM, ANTJE, Protection, Malicious Website Protection, Starting, Protection, 10.09.2014 16:28:22, SYSTEM, ANTJE, Protection, Malicious Website Protection, Started, Protection, 10.09.2014 16:36:04, SYSTEM, ANTJE, Protection, Malware Protection, Starting, Protection, 10.09.2014 16:36:04, SYSTEM, ANTJE, Protection, Malware Protection, Started, Protection, 10.09.2014 16:36:04, SYSTEM, ANTJE, Protection, Malicious Website Protection, Starting, Protection, 10.09.2014 16:38:19, SYSTEM, ANTJE, Protection, Malicious Website Protection, Started, Protection, 10.09.2014 16:42:05, SYSTEM, ANTJE, Protection, Malicious Website Protection, Stopping, Protection, 10.09.2014 16:42:05, SYSTEM, ANTJE, Protection, Malicious Website Protection, Stopped, Protection, 10.09.2014 16:42:05, SYSTEM, ANTJE, Protection, Malware Protection, Stopping, Protection, 10.09.2014 16:42:12, SYSTEM, ANTJE, Protection, Malware Protection, Stopped, Protection, 10.09.2014 16:44:30, SYSTEM, ANTJE, Protection, Malware Protection, Starting, Protection, 10.09.2014 16:44:30, SYSTEM, ANTJE, Protection, Malware Protection, Started, Protection, 10.09.2014 16:44:30, SYSTEM, ANTJE, Protection, Malicious Website Protection, Starting, Protection, 10.09.2014 16:44:30, SYSTEM, ANTJE, Protection, Malicious Website Protection, Started, Update, 10.09.2014 16:44:32, SYSTEM, ANTJE, Manual, Rootkit Database, 2014.2.20.1, 2014.8.21.1, Update, 10.09.2014 16:45:03, SYSTEM, ANTJE, Manual, Malware Database, 2014.3.4.9, 2014.9.10.6, Protection, 10.09.2014 16:45:04, SYSTEM, ANTJE, Protection, Refresh, Starting, Protection, 10.09.2014 16:45:04, SYSTEM, ANTJE, Protection, Malicious Website Protection, Stopping, Protection, 10.09.2014 16:45:04, SYSTEM, ANTJE, Protection, Malicious Website Protection, Stopped, Protection, 10.09.2014 16:45:09, SYSTEM, ANTJE, Protection, Refresh, Success, Protection, 10.09.2014 16:45:09, SYSTEM, ANTJE, Protection, Malicious Website Protection, Starting, Protection, 10.09.2014 16:45:10, SYSTEM, ANTJE, Protection, Malicious Website Protection, Started, Protection, 10.09.2014 16:45:45, SYSTEM, ANTJE, Protection, Malicious Website Protection, Stopping, Protection, 10.09.2014 16:45:45, SYSTEM, ANTJE, Protection, Malicious Website Protection, Stopped, Protection, 10.09.2014 16:45:45, SYSTEM, ANTJE, Protection, Malware Protection, Stopping, Protection, 10.09.2014 16:45:45, SYSTEM, ANTJE, Protection, Malware Protection, Stopped, Protection, 10.09.2014 16:49:59, SYSTEM, ANTJE, Protection, Malware Protection, Starting, Protection, 10.09.2014 16:49:59, SYSTEM, ANTJE, Protection, Malware Protection, Started, Protection, 10.09.2014 16:49:59, SYSTEM, ANTJE, Protection, Malicious Website Protection, Starting, Update, 10.09.2014 16:50:01, SYSTEM, ANTJE, Manual, Rootkit Database, 2014.2.20.1, 2014.8.21.1, Update, 10.09.2014 16:50:32, SYSTEM, ANTJE, Manual, Malware Database, 2014.3.4.9, 2014.9.10.6, Protection, 10.09.2014 16:50:33, SYSTEM, ANTJE, Protection, Refresh, Starting, Protection, 10.09.2014 16:50:57, SYSTEM, ANTJE, Protection, Malicious Website Protection, Started, Protection, 10.09.2014 16:50:57, SYSTEM, ANTJE, Protection, Malicious Website Protection, Stopping, Protection, 10.09.2014 16:50:57, SYSTEM, ANTJE, Protection, Malicious Website Protection, Stopped, Protection, 10.09.2014 16:51:02, SYSTEM, ANTJE, Protection, Refresh, Success, Protection, 10.09.2014 16:51:02, SYSTEM, ANTJE, Protection, Malicious Website Protection, Starting, Protection, 10.09.2014 16:51:02, SYSTEM, ANTJE, Protection, Malicious Website Protection, Started, (end) Code:
ATTFilter 2014/09/10 16:08:02 +0200 mbam-log-2014-09-10 (16-08-00).xml yes 2.00.2.1012 v2014.09.10.05 v2014.08.21.01 trial enabled enabled disabled Windows 7 Service Pack 1 x86 ANTJEKRAMER NTFS threat completed 352302 786 0 0 2 2 0 1 0 0 enabled enabled enabled enabled disabled disabled enabled enabled enabled HKU\S-1-5-21-2254722259-2390501912-3981444591-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}PUP.Optional.FrostwireTB.Asuccessf20b02e9d6a5bf77be61ab129072d22e HKU\S-1-5-21-2254722259-2390501912-3981444591-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}PUP.Optional.FrostwireTB.Asuccessf20b02e9d6a5bf77be61ab129072d22e HKU\S-1-5-21-2254722259-2390501912-3981444591-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER{D4027C7F-154A-4066-A1AD-4243D8127440}PUP.Optional.FrostwireTB.Asuccess JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.3 (03.23.2014:1) OS: Windows 7 Home Premium x86 Ran by ANTJEKRAMER on 10.09.2014 at 16:57:12,25 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\ANTJEKRAMER\appdata\locallow\boost_interprocess" ~~~ FireFox Successfully deleted: [Folder] C:\Users\ANTJEKRAMER\AppData\Roaming\mozilla\firefox\profiles\clcl7imp.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} Emptied folder: C:\Users\ANTJEKRAMER\AppData\Roaming\mozilla\firefox\profiles\clcl7imp.default\minidumps [290 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 10.09.2014 at 17:00:30,16 Computer was rebooted End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014 Ran by ANTJEKRAMER (administrator) on ANTJE on 10-09-2014 17:06:22 Running from C:\Users\ANTJEKRAMER\Desktop Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Creative Technology Ltd) C:\Windows\System32\CTSVCCDA.EXE (Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Creative Technology Ltd.) C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe () C:\Users\ANTJEKRAMER\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1050000 2009-10-15] (Toshiba Europe GmbH) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-08] (Advanced Micro Devices, Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7858720 2009-10-21] (Realtek Semiconductor) HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-08-12] (TOSHIBA) HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [425984 2009-06-02] (TOSHIBA Electronics, Inc.) HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [480608 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-11-10] (TOSHIBA Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1586472 2009-10-15] (Synaptics Incorporated) HKLM\...\Run: [TWebCamera] => C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-11-21] (TOSHIBA CORPORATION.) HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1328480 2009-09-28] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-11-10] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [29528 2009-11-30] (TOSHIBA Corporation) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH) HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe [7642432 2014-08-27] () HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [avgnt] => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKU\.DEFAULT\...\Winlogon: [Userinit] [[%%INSTALLTIME%%]] HKU\.DEFAULT\...\Winlogon: [Shell] [[%%INSTALLTIME%%]] <==== ATTENTION HKU\S-1-5-19\...\Winlogon: [Userinit] [[%%INSTALLTIME%%]] HKU\S-1-5-19\...\Winlogon: [Shell] [[%%INSTALLTIME%%]] <==== ATTENTION HKU\S-1-5-20\...\Winlogon: [Userinit] [[%%INSTALLTIME%%]] HKU\S-1-5-20\...\Winlogon: [Shell] [[%%INSTALLTIME%%]] <==== ATTENTION HKU\S-1-5-21-2254722259-2390501912-3981444591-1000\...\Run: [CTZDetec.exe] => C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe [368640 2008-04-24] (Creative Technology Ltd.) HKU\S-1-5-21-2254722259-2390501912-3981444591-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.) HKU\S-1-5-21-2254722259-2390501912-3981444591-1000\...\Run: [Amazon Cloud Player] => C:\Users\ANTJEKRAMER\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] () Startup: C:\Users\ANTJEKRAMER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.lnk ShortcutTarget: firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKCU - {067F90BA-8380-42AD-A44C-56320425566A} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 SearchScopes: HKCU - {E7F8E38E-F304-4B3D-A235-CD13DC20EAA9} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\ANTJEKRAMER\AppData\Roaming\Mozilla\Firefox\Profiles\clcl7imp.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: 20-20 3D Viewer - IKEA - C:\Users\ANTJEKRAMER\AppData\Roaming\Mozilla\Firefox\Profiles\clcl7imp.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-03-26] FF Extension: Avira Browser Safety - C:\Users\ANTJEKRAMER\AppData\Roaming\Mozilla\Firefox\Profiles\clcl7imp.default\Extensions\abs@avira.com [2014-08-31] FF Extension: Garmin Communicator - C:\Users\ANTJEKRAMER\AppData\Roaming\Mozilla\Firefox\Profiles\clcl7imp.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-03-08] FF Extension: YouTube Unblocker - C:\Users\ANTJEKRAMER\AppData\Roaming\Mozilla\Firefox\Profiles\clcl7imp.default\Extensions\youtubeunblocker@unblocker.yt.xpi [2013-06-01] Chrome: ======= CHR CustomProfile: C:\Users\ANTJEKRAMER\AppData\Local\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG) R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-10-27] (TOSHIBA CORPORATION) R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION) R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd) [File not signed] R2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed] R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [655864 2014-08-27] () R2 LMS; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-10-15] (Toshiba Europe GmbH) R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-06] (TOSHIBA Corporation) R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-09-28] (TOSHIBA Corporation) R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-11-05] (TOSHIBA Corporation) R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [677232 2009-11-10] (TOSHIBA Corporation) R2 UNS; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-03-02] (Samsung Electronics Co., Ltd.) [File not signed] S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.) R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [165744 2014-04-22] (BitDefender LLC) S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation) S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2012-06-17] () R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-30] (COMPAL ELECTRONIC INC.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-10] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R2 PfModNT; C:\Windows\system32\drivers\PfModNT.sys [71596 2004-06-03] (Creative Technology Ltd.) [File not signed] R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation) R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [157536 2009-05-20] (Realtek Semiconductor Corp.) R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-03-02] (Samsung Electronics) [File not signed] S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.) R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\ANTJEK~1\AppData\Local\Temp\catchme.sys [X] S3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [X] S0 Lbd; system32\DRIVERS\Lbd.sys [X] S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-10 17:05 - 2014-09-10 17:06 - 00020552 _____ () C:\Users\ANTJEKRAMER\Desktop\FRST.txt 2014-09-10 17:00 - 2014-09-10 17:00 - 00001274 _____ () C:\Users\ANTJEKRAMER\Desktop\JRT.txt 2014-09-10 16:54 - 2014-09-10 16:54 - 00000000 ____D () C:\Windows\ERUNT 2014-09-10 16:53 - 2014-09-10 16:53 - 01016261 _____ (Thisisu) C:\Users\ANTJEKRAMER\Desktop\JRT.exe 2014-09-10 16:52 - 2014-09-10 16:52 - 00002906 _____ () C:\Users\ANTJEKRAMER\Desktop\mbam.Xml 2014-09-10 16:51 - 2014-09-10 16:51 - 00005048 _____ () C:\Users\ANTJEKRAMER\Desktop\mbam_schutz.txt 2014-09-10 16:49 - 2014-09-10 16:58 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-10 16:49 - 2014-09-10 16:49 - 00001031 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-10 16:49 - 2014-09-10 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-10 16:49 - 2014-09-10 16:49 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-10 16:49 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-10 16:49 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-10 16:49 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-10 16:42 - 2014-09-10 16:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\ANTJEKRAMER\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-10 16:06 - 2014-09-10 16:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-10 15:48 - 2014-09-10 15:59 - 00000000 ____D () C:\AdwCleaner 2014-09-10 15:48 - 2014-09-10 15:48 - 01370483 _____ () C:\Users\ANTJEKRAMER\Desktop\adwcleaner_3.309.exe 2014-09-09 19:09 - 2014-09-09 19:09 - 00022457 _____ () C:\ComboFix.txt 2014-09-09 18:45 - 2014-09-09 19:09 - 00000000 ____D () C:\Qoobox 2014-09-09 18:45 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-09 18:45 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-09 18:45 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-09-09 18:45 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-09 18:45 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-09 18:45 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-09 18:45 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-09 18:45 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-09 18:44 - 2014-09-09 19:08 - 00000000 ____D () C:\Windows\erdnt 2014-09-09 18:41 - 2014-09-09 18:41 - 05576885 ____R (Swearware) C:\Users\ANTJEKRAMER\Desktop\ComboFix.exe 2014-09-09 18:20 - 2014-09-10 17:06 - 00000000 ____D () C:\FRST 2014-09-09 18:19 - 2014-09-09 18:19 - 01097728 _____ (Farbar) C:\Users\ANTJEKRAMER\Desktop\FRST.exe 2014-09-08 21:05 - 2014-09-08 21:05 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-09-08 20:44 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-09-08 20:44 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-09-08 20:44 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-09-08 20:44 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-09-08 20:33 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-08 20:33 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-08 20:33 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-08 20:33 - 2014-07-25 15:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-08 20:33 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-08 20:33 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-08 20:33 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-08 20:33 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-08 20:33 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-08 20:33 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-08 20:33 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-08 20:33 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-08 20:33 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-08 20:33 - 2014-07-25 14:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-08 20:33 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-08 20:33 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-08 20:33 - 2014-07-25 13:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-08 20:33 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-08 20:33 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-08 20:33 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-08 20:33 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-08 20:33 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-08 20:33 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-08 20:33 - 2014-07-25 13:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-08 20:33 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-08 20:33 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-08 20:33 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-08 20:33 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-08 20:33 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-08 20:33 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-08 20:33 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-09-08 20:33 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-09-08 20:33 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2014-09-08 20:33 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-09-08 20:32 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-09-08 20:32 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-09-08 20:31 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-08 20:31 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-09-08 20:31 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-09-08 20:31 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-09-08 20:31 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-09-08 20:29 - 2014-08-07 03:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-08 20:29 - 2014-08-07 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-08 20:29 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-09-08 20:12 - 2014-09-08 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2014-09-08 20:09 - 2014-09-08 20:09 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-09-08 19:57 - 2014-09-08 19:57 - 02806920 _____ () C:\Users\ANTJEKRAMER\Downloads\Adaware_Installer(1).exe 2014-08-31 15:21 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-31 15:21 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-31 15:21 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-31 15:21 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-31 15:20 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-31 15:20 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-31 15:20 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-31 15:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-31 15:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-10 17:06 - 2014-09-10 17:05 - 00020552 _____ () C:\Users\ANTJEKRAMER\Desktop\FRST.txt 2014-09-10 17:06 - 2014-09-09 18:20 - 00000000 ____D () C:\FRST 2014-09-10 17:04 - 2011-02-13 18:01 - 00000000 ____D () C:\Users\ANTJEKRAMER\AppData\Roaming\Skype 2014-09-10 17:03 - 2009-07-14 06:34 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-10 17:03 - 2009-07-14 06:34 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-10 17:00 - 2014-09-10 17:00 - 00001274 _____ () C:\Users\ANTJEKRAMER\Desktop\JRT.txt 2014-09-10 16:59 - 2011-01-05 21:06 - 01429120 _____ () C:\Windows\WindowsUpdate.log 2014-09-10 16:58 - 2014-09-10 16:49 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-10 16:56 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-10 16:56 - 2009-07-14 06:39 - 00164406 _____ () C:\Windows\setupact.log 2014-09-10 16:54 - 2014-09-10 16:54 - 00000000 ____D () C:\Windows\ERUNT 2014-09-10 16:53 - 2014-09-10 16:53 - 01016261 _____ (Thisisu) C:\Users\ANTJEKRAMER\Desktop\JRT.exe 2014-09-10 16:52 - 2014-09-10 16:52 - 00002906 _____ () C:\Users\ANTJEKRAMER\Desktop\mbam.Xml 2014-09-10 16:51 - 2014-09-10 16:51 - 00005048 _____ () C:\Users\ANTJEKRAMER\Desktop\mbam_schutz.txt 2014-09-10 16:49 - 2014-09-10 16:49 - 00001031 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-10 16:49 - 2014-09-10 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-10 16:49 - 2014-09-10 16:49 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-10 16:43 - 2014-09-10 16:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\ANTJEKRAMER\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-10 16:26 - 2012-10-19 17:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-10 16:18 - 2012-10-19 17:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-10 16:18 - 2011-05-15 18:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-09-10 16:06 - 2014-09-10 16:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-10 16:00 - 2009-12-07 12:02 - 00715352 _____ () C:\Windows\PFRO.log 2014-09-10 15:59 - 2014-09-10 15:48 - 00000000 ____D () C:\AdwCleaner 2014-09-10 15:48 - 2014-09-10 15:48 - 01370483 _____ () C:\Users\ANTJEKRAMER\Desktop\adwcleaner_3.309.exe 2014-09-10 15:42 - 2013-04-17 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-09-09 19:09 - 2014-09-09 19:09 - 00022457 _____ () C:\ComboFix.txt 2014-09-09 19:09 - 2014-09-09 18:45 - 00000000 ____D () C:\Qoobox 2014-09-09 19:09 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default 2014-09-09 19:09 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-09-09 19:08 - 2014-09-09 18:44 - 00000000 ____D () C:\Windows\erdnt 2014-09-09 19:03 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini 2014-09-09 19:01 - 2009-07-14 04:03 - 63700992 _____ () C:\Windows\system32\config\software.bak 2014-09-09 19:01 - 2009-07-14 04:03 - 21757952 _____ () C:\Windows\system32\config\system.bak 2014-09-09 19:01 - 2009-07-14 04:03 - 00524288 _____ () C:\Windows\system32\config\default.bak 2014-09-09 19:01 - 2009-07-14 04:03 - 00061440 _____ () C:\Windows\system32\config\sam.bak 2014-09-09 19:01 - 2009-07-14 04:03 - 00028672 _____ () C:\Windows\system32\config\security.bak 2014-09-09 18:41 - 2014-09-09 18:41 - 05576885 ____R (Swearware) C:\Users\ANTJEKRAMER\Desktop\ComboFix.exe 2014-09-09 18:19 - 2014-09-09 18:19 - 01097728 _____ (Farbar) C:\Users\ANTJEKRAMER\Desktop\FRST.exe 2014-09-09 16:07 - 2013-04-17 12:50 - 00000000 ____D () C:\Program Files\Avira 2014-09-09 16:07 - 2013-03-08 19:53 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-09 10:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-09-08 21:58 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-08 21:13 - 2012-05-08 11:50 - 00000000 ____D () C:\Program Files\Google 2014-09-08 21:05 - 2014-09-08 21:05 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-09-08 21:05 - 2011-02-13 18:01 - 00000000 ____D () C:\ProgramData\Skype 2014-09-08 20:58 - 2011-01-05 21:25 - 00000000 ___RD () C:\Users\ANTJEKRAMER\Eigene Musik 2014-09-08 20:56 - 2009-07-14 06:33 - 00420584 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-08 20:53 - 2014-05-06 18:49 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-08 20:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-09-08 20:52 - 2009-12-07 12:12 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-08 20:50 - 2013-08-26 21:20 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-08 20:47 - 2011-01-14 21:40 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-08 20:12 - 2014-09-08 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2014-09-08 20:09 - 2014-09-08 20:09 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-09-08 20:01 - 2011-01-05 21:25 - 00000000 ____D () C:\Users\ANTJEKRAMER 2014-09-08 19:57 - 2014-09-08 19:57 - 02806920 _____ () C:\Users\ANTJEKRAMER\Downloads\Adaware_Installer(1).exe 2014-08-31 15:27 - 2012-03-09 19:59 - 00000000 ____D () C:\ProgramData\Avira 2014-08-25 06:53 - 2011-01-06 19:26 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-08-23 03:46 - 2014-09-08 20:32 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 02:42 - 2014-09-08 20:32 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys Some content of TEMP: ==================== C:\Users\ANTJEKRAMER\AppData\Local\temp\avgnt.exe C:\Users\ANTJEKRAMER\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-09 10:02 ==================== End Of Log ============================ Additional: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-09-2014 Ran by ANTJEKRAMER at 2014-09-10 17:06:55 Running from C:\Users\ANTJEKRAMER\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996} AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) Ad-Aware Antivirus (HKLM\...\{30EA2BAC-C89C-4EAE-BDCF-8C7C8DDB79B1}_AdAwareUpdater) (Version: 11.3.6321.0 - Lavasoft) Ad-Aware Browsing Protection (HKLM\...\Ad-Aware Browsing Protection) (Version: 0.9.0.2 - Lavasoft) AdAwareInstaller (Version: 11.3.6321.0 - Lavasoft) Hidden AdAwareUpdater (Version: 11.3.6321.0 - Lavasoft) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.) Adobe AIR (Version: 1.5.2.8870 - Adobe Systems Inc.) Hidden Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC) Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC) AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{327302DA-42B3-CF80-A242-E7E16FB6BB91}) (Version: 3.0.741.0 - ATI Technologies, Inc.) Audible Download Manager (HKLM\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.) AudibleManager (HKLM\...\AudibleManager) (Version: 2000050912.48.56.27725034 - Audible, Inc.) Avira (HKLM\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Avira (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) CanoScan Toolbox Ver4.6 (HKLM\...\{088A077A-8028-408C-AE7B-4512AE2A65A0}) (Version: - ) Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (Version: 2009.0908.2225.38429 - ATI) Hidden Catalyst Control Center Graphics Full Existing (Version: 2009.0908.2225.38429 - ATI) Hidden Catalyst Control Center Graphics Full New (Version: 2009.0908.2225.38429 - ATI) Hidden Catalyst Control Center Graphics Light (Version: 2009.0908.2225.38429 - ATI) Hidden Catalyst Control Center Graphics Previews Common (Version: 2009.0908.2225.38429 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (Version: 2009.0908.2225.38429 - ATI) Hidden Catalyst Control Center InstallProxy (Version: 2009.0908.2225.38429 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (Version: 2009.0908.2225.38429 - ATI) Hidden CCC Help Chinese Standard (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Chinese Traditional (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Czech (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Danish (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Dutch (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help English (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Finnish (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help French (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help German (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Greek (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Hungarian (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Italian (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Japanese (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Korean (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Norwegian (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Polish (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Portuguese (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Russian (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Spanish (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Swedish (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Thai (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Turkish (Version: 2009.0908.2224.38429 - ATI) Hidden ccc-core-static (Version: 2009.0908.2225.38429 - Ihr Firmenname) Hidden ccc-utility (Version: 2009.0908.2225.38429 - ATI) Hidden Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Creative Jukebox Driver (HKLM\...\Creative Jukebox Driver) (Version: - ) Creative Media Lite (HKLM\...\Creative Media Lite) (Version: - ) Creative MediaSource (HKLM\...\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}) (Version: 2.00 - ) Creative Software Update (Version: 1.00.14 - Creative Technology Ltd.) Hidden Creative ZEN Stone-Benutzerhandbuch (HKLM\...\ZENStoneUG) (Version: - Creative Tech) Creative Zen Touch (HKLM\...\{1103112B-513D-4DEF-96B4-9889774E0118}) (Version: 1.0 - ) Creative-Systeminformationen (HKLM\...\SysInfo) (Version: - ) DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC) Elevated Installer (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden FOTOParadies (HKLM\...\{FD838798-E2CB-45FA-AF79-6011519031E2}}_is1) (Version: 3.5.7.5 - Foto Online Service GmbH) Garmin Express (HKLM\...\{9471d6bd-67a9-40f6-a420-2ae4f08ef003}) (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Garmin Express (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation) iTunes (HKLM\...\{C8EBB0DE-5655-4D32-99E1-9447E702A89F}) (Version: 11.1.2.32 - Apple Inc.) Java(TM) 6 Update 14 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.) Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.1 - F.J. Wechselberger) Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon) Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.1.1 - Nikon) PDF24 Creator 5.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.2 - Nikon) PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.) Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5964 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.) Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.4.0 - SAMSUNG Electronics Co., Ltd.) Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.0 - Synaptics Incorporated) TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.12 - TOSHIBA) TOSHIBA Bulletin Board (HKLM\...\InstallShield_{6B81F4D9-A640-4081-A01D-7CB37F5DF4A4}) (Version: 1.5.06.32 - TOSHIBA Corporation) TOSHIBA Bulletin Board (Version: 1.5.06.32 - TOSHIBA Corporation) Hidden TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 - TOSHIBA Corporation) TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.06-A - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.1.12.0 - TOSHIBA Corporation) TOSHIBA eco Utility (Version: 1.1.12.0 - TOSHIBA Corporation) Hidden TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba) TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - Toshiba) Hidden TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.3.32 - TOSHIBA Corporation) TOSHIBA Face Recognition (Version: 3.1.3.32 - TOSHIBA Corporation) Hidden TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION) TOSHIBA Flash Cards Support Utility (Version: 1.63.0.4C - TOSHIBA CORPORATION) Hidden TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.16C - TOSHIBA CORPORATION) TOSHIBA Hardware Setup (Version: 1.63.0.16C - TOSHIBA CORPORATION) Hidden TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.4 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (Version: 3.1.0.4 - TOSHIBA Corporation) Hidden Toshiba Manuals (HKLM\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.00 - TOSHIBA) Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.08.0001 - TOSHIBA) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.1.0 - TOSHIBA Corporation) TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 - TOSHIBA Corporation) TOSHIBA ReelTime (HKLM\...\InstallShield_{921F22A4-290B-4B6C-9E8E-B50B58F18ED0}) (Version: 1.5.08.32 - TOSHIBA Corporation) TOSHIBA ReelTime (Version: 1.5.08.32 - TOSHIBA Corporation) Hidden TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA) TOSHIBA Supervisor Password (Version: 1.63.0.7C - TOSHIBA CORPORATION) Hidden TOSHIBA Supervisorkennwort (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION) Toshiba TEMPRO (HKLM\...\{14555947-6F14-421F-8F61-6489E0FDFAE5}) (Version: 3.08 - Toshiba Europe GmbH) TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.34 - TOSHIBA Corporation) TOSHIBA Value Added Package (Version: 1.2.34 - TOSHIBA Corporation) Hidden TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.9 - TOSHIBA Corporation) TRORMCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.9 - TOSHIBA) TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 (KB974631) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{052CA271-6C3E-4B8F-9EEE-CEA84BC901DC}) (Version: - Microsoft) Update for Microsoft Office Word 2007 (KB974631) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CA2F3DF8-C8AE-4933-92F1-FE482442F6E6}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Utility Common Driver (Version: 1.0.50.27C - TOSHIBA) Hidden VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden ViewNX (HKLM\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.1.1 - Nikon) Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation) VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN) WildTangent-Spiele (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent) Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{4D72E5BC-BC7C-11E0-83CA-10424824019B}\InprocServer32 -> C:\Users\ANTJEK~1\AppData\Local\ASKTOO~1\DOWNLO~1\AviraIDW.dll No File CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{595EF3BD-A186-454A-810C-02015139ACDC}\InprocServer32 -> C:\Users\ANTJEK~1\AppData\Local\ASKTOO~1\DOWNLO~1\Avira.dll No File CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{5CAA6074-C368-4FAD-A0D6-2F348355C324}\InprocServer32 -> C:\Users\ANTJEK~1\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAI~2.DLL No File CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{7F902AD4-FC6A-4B2F-8B8D-B6DD4E329B76}\InprocServer32 -> C:\Users\ANTJEK~1\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No File CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{DF846759-BE0F-4451-B9D3-4BEFF765A1FD}\InprocServer32 -> C:\Users\ANTJEK~1\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAT~1.DLL No File CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{FBE88A10-FF53-11E0-AB2A-AE904824019B}\InprocServer32 -> C:\Users\ANTJEK~1\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAI~1.DLL No File ==================== Restore Points ========================= 01-08-2014 20:06:23 Windows Update 01-08-2014 20:25:51 Windows Update 10-08-2014 17:52:08 Windows Update 31-08-2014 13:16:31 Entfernt Creative MediaSource Detector 31-08-2014 13:18:53 Windows Update 31-08-2014 13:18:58 Konfiguriert Engine Installer 31-08-2014 13:20:55 Windows-Sicherung 08-09-2014 17:59:10 AA11 08-09-2014 18:23:51 Windows Update 08-09-2014 18:35:24 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2014-09-09 19:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0B967E98-4F4A-40AE-B171-8C85852EEE01} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated) Task: {1BA01909-43F1-46E1-803F-A22ABA4E19D0} - System32\Tasks\{79283F13-2AE4-4C8C-8849-5B6327159300} => C:\Users\ANTJEKRAMER\Downloads\B4A01dex.exe Task: {282F9EC6-53CD-474D-87F6-66F444FAA039} - System32\Tasks\{35B5CFF1-DB37-46C7-84DF-488BAD58EF78} => C:\Program Files\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.) Task: {71291486-D27D-478A-AB82-2D212F8A774B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {71D01C25-F216-4C33-AE59-C4BF3FCC486B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-08] (Google Inc.) Task: {7813C8B8-F101-4F09-A3A0-6F885586596A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-08] (Google Inc.) Task: {8B0E9263-B6FC-47CB-B8E6-73792DE33F3B} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION) Task: {9FBD16D5-860C-432D-B5B1-0CE6296219E8} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2012-05-25] (Lavasoft Limited ) Task: {C572C1CD-B38D-4B0E-B392-093AA0B9818C} - \8e6d0740 No Task File <==== ATTENTION Task: {D63CD7E5-5B48-487C-AF3C-5BE8FDF8028B} - System32\Tasks\{3BE50B50-EFD9-4B8C-954D-6292082461B3} => C:\Users\ANTJEKRAMER\Downloads\4200fvst8611a_xpen(1).exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-10-11 22:56 - 2012-10-11 22:56 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2012-10-11 22:56 - 2012-10-11 22:56 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-08-27 12:51 - 2014-08-27 12:51 - 00655864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe 2014-08-27 12:55 - 2014-08-27 12:55 - 00087896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_thread-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00022360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_system-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00030040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_chrono-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00048480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_date_time-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00107872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_filesystem-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 09918800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareServiceKernel.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 02423600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\RCF.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00638296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_regex-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00580424 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareActivation.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 01643352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareApplicationUpdater.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00642376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareGamingMode.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00087360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareReset.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00105280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTime.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00747352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdater.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00693096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdaterScheduler.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00865608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIgnoreList.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00206664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareQuarantine.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00779096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiMalwareEngine.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00174936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiRootkitEngine.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00870736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerHistory.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 01000256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScanner.dll 2014-08-27 12:56 - 2014-08-27 12:56 - 00030552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_timer-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00768344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerScheduler.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00868184 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareRealTimeProtection.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00190800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIncompatibles.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00703304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiSpam.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00666448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiPhishing.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 02359632 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareParentalControl.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 02411344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareWebProtection.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00834384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareEmailProtection.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00999256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNetworkProtection.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00796992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePromo.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00286536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareFeedback.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 02124120 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareThreatWorkAlliance.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00977216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePinCode.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00796992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNotice.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00739656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAvcEngine.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00123712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\SecurityCenter.dll 2009-09-28 15:42 - 2009-09-28 15:42 - 00525688 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll 2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll 2011-01-05 20:59 - 2009-10-02 14:18 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2009-05-04 11:45 - 2009-05-04 11:45 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll 2011-01-05 21:02 - 2011-01-05 21:02 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2009-10-18 16:20 - 2009-10-18 16:20 - 07980344 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2009-11-03 14:26 - 2009-11-03 14:26 - 00058680 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll 2009-12-07 11:56 - 2009-06-22 15:38 - 00015160 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll 2009-03-12 20:08 - 2009-03-12 20:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll 2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll 2009-07-29 16:35 - 2009-07-29 16:35 - 00014648 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 07642432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe 2014-08-27 12:55 - 2014-08-27 12:55 - 00405848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_locale-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 01597248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\HtmlFramework.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00056632 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\DllStorage.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00833360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTrayDefaultSkin.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00641344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\Localization.dll 2014-05-09 17:31 - 2014-05-08 19:26 - 03145536 _____ () C:\Users\ANTJEKRAMER\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe 2014-08-27 12:55 - 2014-08-27 12:55 - 02555216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareShellExtension.dll 2011-01-05 22:05 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll 2009-11-05 10:14 - 2009-11-05 10:14 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: GamesAppService => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk => C:\Windows\pss\Nikon Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^ANTJEKRAMER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: Creative Detector => "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R MSCONFIG\startupreg: CTZDetec.exe => C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SoftAuto.exe => "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe ==================== Faulty Device Manager Devices ============= Name: SBRE Description: SBRE Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: SBRE Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= Error: (06/16/2011 09:36:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1183 seconds with 600 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz Percentage of memory in use: 43% Total physical RAM: 3061.61 MB Available physical RAM: 1716.09 MB Total Pagefile: 6121.5 MB Available Pagefile: 4388.91 MB Total Virtual: 2047.88 MB Available Virtual: 1915.55 MB ==================== Drives ================================ Drive c: (WINDOWS) (Fixed) (Total:232.42 GB) (Free:165.04 GB) NTFS Drive d: (Data) (Fixed) (Total:232.95 GB) (Free:88.38 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 76D98D76) Partition 1: (Active) - (Size=400 MB) - (Type=27) Partition 2: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Ich hoffe, das passt so.... Danke auf jeden Fall! |
11.09.2014, 10:46 | #8 |
/// TB-Ausbilder | TR/Patched.Ren.Gen - Überfordert! Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start CloseProcesses: HKU\.DEFAULT\...\Winlogon: [Userinit] [[%%INSTALLTIME%%]] HKU\.DEFAULT\...\Winlogon: [Shell] [[%%INSTALLTIME%%]] <==== ATTENTION HKU\S-1-5-19\...\Winlogon: [Userinit] [[%%INSTALLTIME%%]] HKU\S-1-5-19\...\Winlogon: [Shell] [[%%INSTALLTIME%%]] <==== ATTENTION HKU\S-1-5-20\...\Winlogon: [Userinit] [[%%INSTALLTIME%%]] HKU\S-1-5-20\...\Winlogon: [Shell] [[%%INSTALLTIME%%]] <==== ATTENTION BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{4D72E5BC-BC7C-11E0-83CA-10424824019B}\InprocServer32 -> C:\Users\ANTJEK~1\AppData\Local\ASKTOO~1\DOWNLO~1\AviraIDW.dll No File CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{595EF3BD-A186-454A-810C-02015139ACDC}\InprocServer32 -> C:\Users\ANTJEK~1\AppData\Local\ASKTOO~1\DOWNLO~1\Avira.dll No File CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{5CAA6074-C368-4FAD-A0D6-2F348355C324}\InprocServer32 -> C:\Users\ANTJEK~1\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAI~2.DLL No File CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{7F902AD4-FC6A-4B2F-8B8D-B6DD4E329B76}\InprocServer32 -> C:\Users\ANTJEK~1\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No File CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{DF846759-BE0F-4451-B9D3-4BEFF765A1FD}\InprocServer32 -> C:\Users\ANTJEK~1\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAT~1.DLL No File CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{FBE88A10-FF53-11E0-AB2A-AE904824019B}\InprocServer32 -> C:\Users\ANTJEK~1\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAI~1.DLL No File Task: {C572C1CD-B38D-4B0E-B392-093AA0B9818C} - \8e6d0740 No Task File <==== ATTENTION Task: {1BA01909-43F1-46E1-803F-A22ABA4E19D0} - System32\Tasks\{79283F13-2AE4-4C8C-8849-5B6327159300} => C:\Users\ANTJEKRAMER\Downloads\B4A01dex.exe Task: {D63CD7E5-5B48-487C-AF3C-5BE8FDF8028B} - System32\Tasks\{3BE50B50-EFD9-4B8C-954D-6292082461B3} => C:\Users\ANTJEKRAMER\Downloads\4200fvst8611a_xpen(1).exe EmptyTemp: end Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte SecurityCheck und:
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
11.09.2014, 20:48 | #9 |
| TR/Patched.Ren.Gen - Überfordert! hey matthias, anbei meine "ergebnisse": FRST-Fix Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014 Ran by ANTJEKRAMER at 2014-09-11 18:12:52 Run:1 Running from C:\Users\ANTJEKRAMER\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start CloseProcesses: HKU\.DEFAULT\...\Winlogon: [Userinit] [[%%INSTALLTIME%%]] HKU\.DEFAULT\...\Winlogon: [Shell] [[%%INSTALLTIME%%]] <==== ATTENTION HKU\S-1-5-19\...\Winlogon: [Userinit] [[%%INSTALLTIME%%]] HKU\S-1-5-19\...\Winlogon: [Shell] [[%%INSTALLTIME%%]] <==== ATTENTION HKU\S-1-5-20\...\Winlogon: [Userinit] [[%%INSTALLTIME%%]] HKU\S-1-5-20\...\Winlogon: [Shell] [[%%INSTALLTIME%%]] <==== ATTENTION BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{4D72E5BC-BC7C-11E0-83CA-10424824019B}\InprocServer32 -> C:\Users\ANTJEK~1\AppData\Local\ASKTOO~1\DOWNLO~1\AviraIDW.dll No File CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{595EF3BD-A186-454A-810C-02015139ACDC}\InprocServer32 -> C:\Users\ANTJEK~1\AppData\Local\ASKTOO~1\DOWNLO~1\Avira.dll No File CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{5CAA6074-C368-4FAD-A0D6-2F348355C324}\InprocServer32 -> C:\Users\ANTJEK~1\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAI~2.DLL No File CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{7F902AD4-FC6A-4B2F-8B8D-B6DD4E329B76}\InprocServer32 -> C:\Users\ANTJEK~1\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No File CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{DF846759-BE0F-4451-B9D3-4BEFF765A1FD}\InprocServer32 -> C:\Users\ANTJEK~1\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAT~1.DLL No File CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{FBE88A10-FF53-11E0-AB2A-AE904824019B}\InprocServer32 -> C:\Users\ANTJEK~1\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAI~1.DLL No File Task: {C572C1CD-B38D-4B0E-B392-093AA0B9818C} - \8e6d0740 No Task File <==== ATTENTION Task: {1BA01909-43F1-46E1-803F-A22ABA4E19D0} - System32\Tasks\{79283F13-2AE4-4C8C-8849-5B6327159300} => C:\Users\ANTJEKRAMER\Downloads\B4A01dex.exe Task: {D63CD7E5-5B48-487C-AF3C-5BE8FDF8028B} - System32\Tasks\{3BE50B50-EFD9-4B8C-954D-6292082461B3} => C:\Users\ANTJEKRAMER\Downloads\4200fvst8611a_xpen(1).exe EmptyTemp: end ***************** Processes closed successfully. HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully. HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value deleted successfully. HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully. HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value deleted successfully. HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully. "HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found. "HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{4D72E5BC-BC7C-11E0-83CA-10424824019B}" => Key deleted successfully. "HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{595EF3BD-A186-454A-810C-02015139ACDC}" => Key deleted successfully. "HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{5CAA6074-C368-4FAD-A0D6-2F348355C324}" => Key deleted successfully. "HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{7F902AD4-FC6A-4B2F-8B8D-B6DD4E329B76}" => Key deleted successfully. "HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{DF846759-BE0F-4451-B9D3-4BEFF765A1FD}" => Key deleted successfully. "HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{FBE88A10-FF53-11E0-AB2A-AE904824019B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C572C1CD-B38D-4B0E-B392-093AA0B9818C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C572C1CD-B38D-4B0E-B392-093AA0B9818C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\8e6d0740" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BA01909-43F1-46E1-803F-A22ABA4E19D0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BA01909-43F1-46E1-803F-A22ABA4E19D0}" => Key deleted successfully. C:\Windows\System32\Tasks\{79283F13-2AE4-4C8C-8849-5B6327159300} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{79283F13-2AE4-4C8C-8849-5B6327159300}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D63CD7E5-5B48-487C-AF3C-5BE8FDF8028B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D63CD7E5-5B48-487C-AF3C-5BE8FDF8028B}" => Key deleted successfully. C:\Windows\System32\Tasks\{3BE50B50-EFD9-4B8C-954D-6292082461B3} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3BE50B50-EFD9-4B8C-954D-6292082461B3}" => Key deleted successfully. EmptyTemp: => Removed 367.8 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=27242cf76c478c49a3c13d686ecd8c5a # engine=20109 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-09-11 07:32:02 # local_time=2014-09-11 09:32:02 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 103560 162095113 0 0 # scanned=225183 # found=32 # cleaned=0 # scan_time=11135 sh=1CF888606297FFC6F2DC0D9BA54B93197328C760 ft=1 fh=fa718a4416fb98e3 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\adawaretb\adawareDx.dll.vir" sh=5FB6C6C4BC61EC715AF2FF71E0C4A503218461DA ft=1 fh=08f50736f4ad2a00 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\adawaretb\adawaretb.dll.vir" sh=5578D96020FF5660E3EF230DDEA75E6A72ECAA32 ft=1 fh=c71c001169491fb0 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\adawaretb\dtUser.exe.vir" sh=060B186815EE45577877137FFB1AAC4CD95884C0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Plus-HD-2.2\33036.crx.vir" sh=51FCB9E08E84FECF929EFF239B7490F511D96752 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Plus-HD-2.2\33036.xpi.vir" sh=714D4E30D9D4066DEC1BA2C91625D7B685B990CF ft=1 fh=300c30ab444f1480 vn="Win32/Toolbar.CrossRider.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Plus-HD-2.2\utils.exe.vir" sh=FF28E21E32CAD198B64852130ACA1C19A05067DC ft=1 fh=cd51d5272c5878fb vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\LocalLow\adawaretb\adawareDx.dll.vir" sh=32D60DAEFF549FDAD23B2F9D5D311708B130C322 ft=1 fh=1b9f47df6137f750 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\LocalLow\adawaretb\adawaretb.dll.vir" sh=13140FCCCBAA29328B0A85FA4025587A41592E86 ft=1 fh=35424f93784fbad1 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\LocalLow\adawaretb\dtUser.exe.vir" sh=46D2B5A35BCFAAE17B5F3BEC5206579F201B3B60 ft=0 fh=0000000000000000 vn="JS/Agent.NNS Trojaner" ac=I fn="C:\Users\Gast\AppData\Local\Mozilla\Firefox\Profiles\96gqb7pq.default\Cache\0\00\3CD53d01" sh=5578D96020FF5660E3EF230DDEA75E6A72ECAA32 ft=1 fh=c71c001169491fb0 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\96gqb7pq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe" sh=99B6C5FC1035F69E768E768AC7AAD1E691C2F236 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="D:\ANTJE\Backup Set 2011-04-30 192804\Backup Files 2011-06-05 102207\Backup files 1.zip" sh=90ABA3F4AFC5CAFAE681A290B2047F87EB670A36 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="D:\ANTJE\Backup Set 2011-08-01 114420\Backup Files 2011-09-01 190914\Backup files 7.zip" sh=185E0C68F199DEFA4FEF5A03B490B25D159F6C00 ft=0 fh=0000000000000000 vn="HTML/Fraud.BD.Gen Trojaner" ac=I fn="D:\ANTJE\Backup Set 2011-08-01 114420\Backup Files 2011-11-30 201445\Backup files 2.zip" sh=3D2F345BAEC43C86FF3BB14B0B8A0EEC4DF389C9 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="D:\ANTJE\Backup Set 2011-08-01 114420\Backup Files 2011-11-30 201445\Backup files 3.zip" sh=9CF207255F8C447A4E3E8829B3FE1D7DC770264C ft=0 fh=0000000000000000 vn="HTML/Fraud.BD.Gen Trojaner" ac=I fn="D:\ANTJE\Backup Set 2011-08-01 114420\Backup Files 2011-11-30 201445\Backup files 5.zip" sh=BCC895AF032C6843BB33F5467080DF64CDA9CED3 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="D:\ANTJE\Backup Set 2012-03-01 183659\Backup Files 2012-03-01 183659\Backup files 1.zip" sh=C333F0A5B389C3813B36A3B37A37C3438F3117A9 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="D:\ANTJE\Backup Set 2012-03-01 183659\Backup Files 2012-03-01 183659\Backup files 15.zip" sh=91AAE1B23888014631494FC1502343768010FD0C ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="D:\ANTJE\Backup Set 2012-03-01 183659\Backup Files 2012-10-10 120010\Backup files 3.zip" sh=A398CC1EBEAAE8C0D1D2EA52240F0D423732E0F5 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="D:\ANTJE\Backup Set 2012-03-01 183659\Backup Files 2012-10-10 120010\Backup files 5.zip" sh=9C623BCF3704471A59C7C3BCD15A9C8E3A6F3D73 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="D:\ANTJE\Backup Set 2012-10-31 120005\Backup Files 2012-10-31 120005\Backup files 1.zip" sh=872D5D0FE1795B0346F40E1F7631A2656208AEAD ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="D:\ANTJE\Backup Set 2012-10-31 120005\Backup Files 2012-10-31 120005\Backup files 3.zip" sh=6E541A118AB7FA972DE5D223840174C8A2D34C2D ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="D:\ANTJE\Backup Set 2012-10-31 120005\Backup Files 2012-10-31 120005\Backup files 8.zip" sh=FD7DA947FC849EC9891EF12C9540A8D6DB900D6B ft=0 fh=0000000000000000 vn="JS/Agent.NNS Trojaner" ac=I fn="D:\ANTJE\Backup Set 2012-10-31 120005\Backup Files 2012-11-30 142740\Backup files 2.zip" sh=CBB1893AD3123D0197A3EC19E99EB73AF8DC90E7 ft=0 fh=0000000000000000 vn="JS/Agent.NNS Trojaner" ac=I fn="D:\ANTJE\Backup Set 2012-10-31 120005\Backup Files 2012-11-30 142740\Backup files 3.zip" sh=F1E5090C669FE19B830D3FB4A11CC9D7529E9236 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="D:\ANTJE\Backup Set 2012-10-31 120005\Backup Files 2012-11-30 142740\Backup files 9.zip" sh=E01210228EA29CEA1DE01141152B7F7DEB061D4F ft=0 fh=0000000000000000 vn="JS/Agent.NNS Trojaner" ac=I fn="D:\ANTJE\Backup Set 2012-10-31 120005\Backup Files 2013-01-31 130640\Backup files 11.zip" sh=5AD3679735042805E7BBD152CA158FB210160147 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="D:\ANTJE\Backup Set 2013-02-28 190132\Backup Files 2013-02-28 190132\Backup files 1.zip" sh=E663AB377C346C6681FA0BDC9ED54A0C28026822 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="D:\ANTJE\Backup Set 2013-02-28 190132\Backup Files 2013-02-28 190132\Backup files 17.zip" sh=C082852948270F69DACED1CEFF48F183D9804D0B ft=0 fh=0000000000000000 vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="D:\ANTJE\Backup Set 2013-02-28 190132\Backup Files 2013-12-31 202021\Backup files 1.zip" sh=2C1CAF0F0E5BC6AC00A8FE03F0D6ECAB6FB6F183 ft=0 fh=0000000000000000 vn="Win32/AdWare.1ClickDownload.AT Anwendung" ac=I fn="D:\ANTJE\Backup Set 2013-02-28 190132\Backup Files 2013-12-31 202021\Backup files 3.zip" sh=793037866030B585B16948FB8555A55594BAC6D4 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="D:\ANTJE\Backup Set 2014-03-31 171633\Backup Files 2014-03-31 171633\Backup files 1.zip" SecurityCheck Code:
ATTFilter Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Ad-Aware Antivirus Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Ad-Aware Java(TM) 6 Update 14 Java version out of Date! Adobe Flash Player 15.0.0.152 Adobe Reader XI Mozilla Firefox (31.0) ````````Process Check: objlist.exe by Laurent```````` Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.3.6321.0\AdAwareService.exe Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.3.6321.0\AdAwareTray.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014 Ran by ANTJEKRAMER (administrator) on ANTJE on 11-09-2014 21:42:03 Running from C:\Users\ANTJEKRAMER\Desktop Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Creative Technology Ltd) C:\Windows\System32\CTSVCCDA.EXE (Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe (Creative Technology Ltd.) C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe () C:\Users\ANTJEKRAMER\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1050000 2009-10-15] (Toshiba Europe GmbH) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-08] (Advanced Micro Devices, Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7858720 2009-10-21] (Realtek Semiconductor) HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-08-12] (TOSHIBA) HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [425984 2009-06-02] (TOSHIBA Electronics, Inc.) HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [480608 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-11-10] (TOSHIBA Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1586472 2009-10-15] (Synaptics Incorporated) HKLM\...\Run: [TWebCamera] => C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-11-21] (TOSHIBA CORPORATION.) HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1328480 2009-09-28] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-11-10] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [29528 2009-11-30] (TOSHIBA Corporation) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH) HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe [7642432 2014-08-27] () HKLM\...\Run: [avgnt] => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKU\S-1-5-21-2254722259-2390501912-3981444591-1000\...\Run: [CTZDetec.exe] => C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe [368640 2008-04-24] (Creative Technology Ltd.) HKU\S-1-5-21-2254722259-2390501912-3981444591-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.) HKU\S-1-5-21-2254722259-2390501912-3981444591-1000\...\Run: [Amazon Cloud Player] => C:\Users\ANTJEKRAMER\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] () Startup: C:\Users\ANTJEKRAMER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.lnk ShortcutTarget: firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKCU - {067F90BA-8380-42AD-A44C-56320425566A} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 SearchScopes: HKCU - {E7F8E38E-F304-4B3D-A235-CD13DC20EAA9} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\ANTJEKRAMER\AppData\Roaming\Mozilla\Firefox\Profiles\clcl7imp.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: 20-20 3D Viewer - IKEA - C:\Users\ANTJEKRAMER\AppData\Roaming\Mozilla\Firefox\Profiles\clcl7imp.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-03-26] FF Extension: Avira Browser Safety - C:\Users\ANTJEKRAMER\AppData\Roaming\Mozilla\Firefox\Profiles\clcl7imp.default\Extensions\abs@avira.com [2014-08-31] FF Extension: Garmin Communicator - C:\Users\ANTJEKRAMER\AppData\Roaming\Mozilla\Firefox\Profiles\clcl7imp.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-03-08] FF Extension: YouTube Unblocker - C:\Users\ANTJEKRAMER\AppData\Roaming\Mozilla\Firefox\Profiles\clcl7imp.default\Extensions\youtubeunblocker@unblocker.yt.xpi [2013-06-01] Chrome: ======= CHR CustomProfile: C:\Users\ANTJEKRAMER\AppData\Local\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-10-27] (TOSHIBA CORPORATION) R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION) R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd) [File not signed] R2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed] R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [655864 2014-08-27] () R2 LMS; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-10-15] (Toshiba Europe GmbH) R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-06] (TOSHIBA Corporation) R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-09-28] (TOSHIBA Corporation) R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-11-05] (TOSHIBA Corporation) R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [677232 2009-11-10] (TOSHIBA Corporation) R2 UNS; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-03-02] (Samsung Electronics Co., Ltd.) [File not signed] S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.) R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [165744 2014-04-22] (BitDefender LLC) S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation) S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2012-06-17] () R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-30] (COMPAL ELECTRONIC INC.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-11] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R2 PfModNT; C:\Windows\system32\drivers\PfModNT.sys [71596 2004-06-03] (Creative Technology Ltd.) [File not signed] R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation) R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [157536 2009-05-20] (Realtek Semiconductor Corp.) R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-03-02] (Samsung Electronics) [File not signed] S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.) R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\ANTJEK~1\AppData\Local\Temp\catchme.sys [X] S3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [X] S0 Lbd; system32\DRIVERS\Lbd.sys [X] S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-11 21:42 - 2014-09-11 21:42 - 00020022 _____ () C:\Users\ANTJEKRAMER\Desktop\FRST.txt 2014-09-11 21:41 - 2014-09-11 21:41 - 00001227 _____ () C:\Users\ANTJEKRAMER\Desktop\checkup.txt 2014-09-11 21:37 - 2014-09-11 21:37 - 00854417 _____ () C:\Users\ANTJEKRAMER\Desktop\SecurityCheck.exe 2014-09-11 18:19 - 2014-09-11 18:19 - 02347384 _____ (ESET) C:\Users\ANTJEKRAMER\Desktop\esetsmartinstaller_deu.exe 2014-09-11 18:12 - 2014-09-11 18:12 - 00002151 _____ () C:\Users\ANTJEKRAMER\Documents\fixlist.txt 2014-09-10 17:49 - 2014-09-10 17:49 - 00000000 ____D () C:\Users\ANTJEKRAMER\AppData\Local\Apps\2.0 2014-09-10 16:54 - 2014-09-10 16:54 - 00000000 ____D () C:\Windows\ERUNT 2014-09-10 16:53 - 2014-09-10 16:53 - 01016261 _____ (Thisisu) C:\Users\ANTJEKRAMER\Desktop\JRT.exe 2014-09-10 16:49 - 2014-09-11 18:48 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-10 16:49 - 2014-09-10 16:49 - 00001031 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-10 16:49 - 2014-09-10 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-10 16:49 - 2014-09-10 16:49 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-10 16:49 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-10 16:49 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-10 16:49 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-10 16:06 - 2014-09-10 16:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-10 15:48 - 2014-09-10 15:59 - 00000000 ____D () C:\AdwCleaner 2014-09-10 15:48 - 2014-09-10 15:48 - 01370483 _____ () C:\Users\ANTJEKRAMER\Desktop\adwcleaner_3.309.exe 2014-09-09 19:09 - 2014-09-09 19:09 - 00022457 _____ () C:\ComboFix.txt 2014-09-09 18:45 - 2014-09-09 19:09 - 00000000 ____D () C:\Qoobox 2014-09-09 18:45 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-09 18:45 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-09 18:45 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-09-09 18:45 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-09 18:45 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-09 18:45 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-09 18:45 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-09 18:45 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-09 18:44 - 2014-09-09 19:08 - 00000000 ____D () C:\Windows\erdnt 2014-09-09 18:41 - 2014-09-09 18:41 - 05576885 ____R (Swearware) C:\Users\ANTJEKRAMER\Desktop\ComboFix.exe 2014-09-09 18:20 - 2014-09-11 21:42 - 00000000 ____D () C:\FRST 2014-09-09 18:19 - 2014-09-09 18:19 - 01097728 _____ (Farbar) C:\Users\ANTJEKRAMER\Desktop\FRST.exe 2014-09-08 21:05 - 2014-09-08 21:05 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-09-08 20:44 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-09-08 20:44 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-09-08 20:44 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-09-08 20:44 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-09-08 20:33 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-08 20:33 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-08 20:33 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-08 20:33 - 2014-07-25 15:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-08 20:33 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-08 20:33 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-08 20:33 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-08 20:33 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-08 20:33 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-08 20:33 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-08 20:33 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-08 20:33 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-08 20:33 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-08 20:33 - 2014-07-25 14:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-08 20:33 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-08 20:33 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-08 20:33 - 2014-07-25 13:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-08 20:33 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-08 20:33 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-08 20:33 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-08 20:33 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-08 20:33 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-08 20:33 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-08 20:33 - 2014-07-25 13:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-08 20:33 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-08 20:33 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-08 20:33 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-08 20:33 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-08 20:33 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-08 20:33 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-08 20:33 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-09-08 20:33 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-09-08 20:33 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2014-09-08 20:33 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-09-08 20:32 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-09-08 20:32 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-09-08 20:31 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-08 20:31 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-09-08 20:31 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-09-08 20:31 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-09-08 20:31 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-09-08 20:29 - 2014-08-07 03:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-08 20:29 - 2014-08-07 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-08 20:29 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-09-08 20:12 - 2014-09-08 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2014-09-08 20:09 - 2014-09-08 20:09 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-09-08 19:57 - 2014-09-08 19:57 - 02806920 _____ () C:\Users\ANTJEKRAMER\Downloads\Adaware_Installer(1).exe 2014-08-31 15:21 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-31 15:21 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-31 15:21 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-31 15:21 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-31 15:20 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-31 15:20 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-31 15:20 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-31 15:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-31 15:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-11 21:42 - 2014-09-11 21:42 - 00020022 _____ () C:\Users\ANTJEKRAMER\Desktop\FRST.txt 2014-09-11 21:42 - 2014-09-09 18:20 - 00000000 ____D () C:\FRST 2014-09-11 21:41 - 2014-09-11 21:41 - 00001227 _____ () C:\Users\ANTJEKRAMER\Desktop\checkup.txt 2014-09-11 21:37 - 2014-09-11 21:37 - 00854417 _____ () C:\Users\ANTJEKRAMER\Desktop\SecurityCheck.exe 2014-09-11 21:17 - 2012-10-19 17:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-11 20:14 - 2011-01-05 21:06 - 01541536 _____ () C:\Windows\WindowsUpdate.log 2014-09-11 18:48 - 2014-09-10 16:49 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-11 18:22 - 2009-07-14 06:34 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-11 18:22 - 2009-07-14 06:34 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-11 18:19 - 2014-09-11 18:19 - 02347384 _____ (ESET) C:\Users\ANTJEKRAMER\Desktop\esetsmartinstaller_deu.exe 2014-09-11 18:16 - 2011-02-13 18:01 - 00000000 ____D () C:\Users\ANTJEKRAMER\AppData\Roaming\Skype 2014-09-11 18:15 - 2009-12-07 12:02 - 00718644 _____ () C:\Windows\PFRO.log 2014-09-11 18:15 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-11 18:15 - 2009-07-14 06:39 - 00164574 _____ () C:\Windows\setupact.log 2014-09-11 18:12 - 2014-09-11 18:12 - 00002151 _____ () C:\Users\ANTJEKRAMER\Documents\fixlist.txt 2014-09-10 17:49 - 2014-09-10 17:49 - 00000000 ____D () C:\Users\ANTJEKRAMER\AppData\Local\Apps\2.0 2014-09-10 17:46 - 2011-01-05 21:46 - 00000000 ____D () C:\Users\ANTJEKRAMER\AppData\Local\Adobe 2014-09-10 17:43 - 2013-04-17 12:50 - 00000000 ____D () C:\Program Files\Avira 2014-09-10 17:43 - 2013-03-08 19:53 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-10 17:43 - 2012-03-09 19:59 - 00000000 ____D () C:\ProgramData\Avira 2014-09-10 17:18 - 2012-10-19 17:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-10 17:18 - 2011-05-15 18:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-09-10 16:54 - 2014-09-10 16:54 - 00000000 ____D () C:\Windows\ERUNT 2014-09-10 16:53 - 2014-09-10 16:53 - 01016261 _____ (Thisisu) C:\Users\ANTJEKRAMER\Desktop\JRT.exe 2014-09-10 16:49 - 2014-09-10 16:49 - 00001031 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-10 16:49 - 2014-09-10 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-10 16:49 - 2014-09-10 16:49 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-10 16:06 - 2014-09-10 16:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-10 15:59 - 2014-09-10 15:48 - 00000000 ____D () C:\AdwCleaner 2014-09-10 15:48 - 2014-09-10 15:48 - 01370483 _____ () C:\Users\ANTJEKRAMER\Desktop\adwcleaner_3.309.exe 2014-09-09 19:09 - 2014-09-09 19:09 - 00022457 _____ () C:\ComboFix.txt 2014-09-09 19:09 - 2014-09-09 18:45 - 00000000 ____D () C:\Qoobox 2014-09-09 19:09 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default 2014-09-09 19:09 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-09-09 19:08 - 2014-09-09 18:44 - 00000000 ____D () C:\Windows\erdnt 2014-09-09 19:03 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini 2014-09-09 19:01 - 2009-07-14 04:03 - 63700992 _____ () C:\Windows\system32\config\software.bak 2014-09-09 19:01 - 2009-07-14 04:03 - 21757952 _____ () C:\Windows\system32\config\system.bak 2014-09-09 19:01 - 2009-07-14 04:03 - 00524288 _____ () C:\Windows\system32\config\default.bak 2014-09-09 19:01 - 2009-07-14 04:03 - 00061440 _____ () C:\Windows\system32\config\sam.bak 2014-09-09 19:01 - 2009-07-14 04:03 - 00028672 _____ () C:\Windows\system32\config\security.bak 2014-09-09 18:41 - 2014-09-09 18:41 - 05576885 ____R (Swearware) C:\Users\ANTJEKRAMER\Desktop\ComboFix.exe 2014-09-09 18:19 - 2014-09-09 18:19 - 01097728 _____ (Farbar) C:\Users\ANTJEKRAMER\Desktop\FRST.exe 2014-09-09 10:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-09-08 21:58 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-08 21:13 - 2012-05-08 11:50 - 00000000 ____D () C:\Program Files\Google 2014-09-08 21:05 - 2014-09-08 21:05 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-09-08 21:05 - 2011-02-13 18:01 - 00000000 ____D () C:\ProgramData\Skype 2014-09-08 20:58 - 2011-01-05 21:25 - 00000000 ___RD () C:\Users\ANTJEKRAMER\Eigene Musik 2014-09-08 20:56 - 2009-07-14 06:33 - 00420584 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-08 20:53 - 2014-05-06 18:49 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-08 20:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-09-08 20:52 - 2009-12-07 12:12 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-08 20:50 - 2013-08-26 21:20 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-08 20:47 - 2011-01-14 21:40 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-08 20:12 - 2014-09-08 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2014-09-08 20:09 - 2014-09-08 20:09 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-09-08 20:01 - 2011-01-05 21:25 - 00000000 ____D () C:\Users\ANTJEKRAMER 2014-09-08 19:57 - 2014-09-08 19:57 - 02806920 _____ () C:\Users\ANTJEKRAMER\Downloads\Adaware_Installer(1).exe 2014-08-25 06:53 - 2011-01-06 19:26 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-08-23 03:46 - 2014-09-08 20:32 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 02:42 - 2014-09-08 20:32 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-09 10:02 ==================== End Of Log ============================ Additional Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-09-2014 Ran by ANTJEKRAMER at 2014-09-11 21:42:52 Running from C:\Users\ANTJEKRAMER\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996} AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) Ad-Aware Antivirus (HKLM\...\{30EA2BAC-C89C-4EAE-BDCF-8C7C8DDB79B1}_AdAwareUpdater) (Version: 11.3.6321.0 - Lavasoft) Ad-Aware Browsing Protection (HKLM\...\Ad-Aware Browsing Protection) (Version: 0.9.0.2 - Lavasoft) AdAwareInstaller (Version: 11.3.6321.0 - Lavasoft) Hidden AdAwareUpdater (Version: 11.3.6321.0 - Lavasoft) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.) Adobe AIR (Version: 1.5.2.8870 - Adobe Systems Inc.) Hidden Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC) Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC) AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{327302DA-42B3-CF80-A242-E7E16FB6BB91}) (Version: 3.0.741.0 - ATI Technologies, Inc.) Audible Download Manager (HKLM\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.) AudibleManager (HKLM\...\AudibleManager) (Version: 2000050912.48.56.27725034 - Audible, Inc.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) CanoScan Toolbox Ver4.6 (HKLM\...\{088A077A-8028-408C-AE7B-4512AE2A65A0}) (Version: - ) Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (Version: 2009.0908.2225.38429 - ATI) Hidden Catalyst Control Center Graphics Full Existing (Version: 2009.0908.2225.38429 - ATI) Hidden Catalyst Control Center Graphics Full New (Version: 2009.0908.2225.38429 - ATI) Hidden Catalyst Control Center Graphics Light (Version: 2009.0908.2225.38429 - ATI) Hidden Catalyst Control Center Graphics Previews Common (Version: 2009.0908.2225.38429 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (Version: 2009.0908.2225.38429 - ATI) Hidden Catalyst Control Center InstallProxy (Version: 2009.0908.2225.38429 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (Version: 2009.0908.2225.38429 - ATI) Hidden CCC Help Chinese Standard (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Chinese Traditional (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Czech (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Danish (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Dutch (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help English (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Finnish (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help French (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help German (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Greek (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Hungarian (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Italian (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Japanese (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Korean (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Norwegian (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Polish (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Portuguese (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Russian (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Spanish (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Swedish (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Thai (Version: 2009.0908.2224.38429 - ATI) Hidden CCC Help Turkish (Version: 2009.0908.2224.38429 - ATI) Hidden ccc-core-static (Version: 2009.0908.2225.38429 - Ihr Firmenname) Hidden ccc-utility (Version: 2009.0908.2225.38429 - ATI) Hidden Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Creative Jukebox Driver (HKLM\...\Creative Jukebox Driver) (Version: - ) Creative Media Lite (HKLM\...\Creative Media Lite) (Version: - ) Creative MediaSource (HKLM\...\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}) (Version: 2.00 - ) Creative Software Update (Version: 1.00.14 - Creative Technology Ltd.) Hidden Creative ZEN Stone-Benutzerhandbuch (HKLM\...\ZENStoneUG) (Version: - Creative Tech) Creative Zen Touch (HKLM\...\{1103112B-513D-4DEF-96B4-9889774E0118}) (Version: 1.0 - ) Creative-Systeminformationen (HKLM\...\SysInfo) (Version: - ) DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC) Elevated Installer (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden FOTOParadies (HKLM\...\{FD838798-E2CB-45FA-AF79-6011519031E2}}_is1) (Version: 3.5.7.5 - Foto Online Service GmbH) Garmin Express (HKLM\...\{9471d6bd-67a9-40f6-a420-2ae4f08ef003}) (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Garmin Express (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation) iTunes (HKLM\...\{C8EBB0DE-5655-4D32-99E1-9447E702A89F}) (Version: 11.1.2.32 - Apple Inc.) Java(TM) 6 Update 14 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.) Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.1 - F.J. Wechselberger) Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon) Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.1.1 - Nikon) PDF24 Creator 5.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.2 - Nikon) PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.) Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5964 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.) Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.4.0 - SAMSUNG Electronics Co., Ltd.) Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.0 - Synaptics Incorporated) TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.12 - TOSHIBA) TOSHIBA Bulletin Board (HKLM\...\InstallShield_{6B81F4D9-A640-4081-A01D-7CB37F5DF4A4}) (Version: 1.5.06.32 - TOSHIBA Corporation) TOSHIBA Bulletin Board (Version: 1.5.06.32 - TOSHIBA Corporation) Hidden TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 - TOSHIBA Corporation) TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.06-A - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.1.12.0 - TOSHIBA Corporation) TOSHIBA eco Utility (Version: 1.1.12.0 - TOSHIBA Corporation) Hidden TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba) TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - Toshiba) Hidden TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.3.32 - TOSHIBA Corporation) TOSHIBA Face Recognition (Version: 3.1.3.32 - TOSHIBA Corporation) Hidden TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION) TOSHIBA Flash Cards Support Utility (Version: 1.63.0.4C - TOSHIBA CORPORATION) Hidden TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.16C - TOSHIBA CORPORATION) TOSHIBA Hardware Setup (Version: 1.63.0.16C - TOSHIBA CORPORATION) Hidden TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.4 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (Version: 3.1.0.4 - TOSHIBA Corporation) Hidden Toshiba Manuals (HKLM\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.00 - TOSHIBA) Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.08.0001 - TOSHIBA) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.1.0 - TOSHIBA Corporation) TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 - TOSHIBA Corporation) TOSHIBA ReelTime (HKLM\...\InstallShield_{921F22A4-290B-4B6C-9E8E-B50B58F18ED0}) (Version: 1.5.08.32 - TOSHIBA Corporation) TOSHIBA ReelTime (Version: 1.5.08.32 - TOSHIBA Corporation) Hidden TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA) TOSHIBA Supervisor Password (Version: 1.63.0.7C - TOSHIBA CORPORATION) Hidden TOSHIBA Supervisorkennwort (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION) Toshiba TEMPRO (HKLM\...\{14555947-6F14-421F-8F61-6489E0FDFAE5}) (Version: 3.08 - Toshiba Europe GmbH) TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.34 - TOSHIBA Corporation) TOSHIBA Value Added Package (Version: 1.2.34 - TOSHIBA Corporation) Hidden TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.9 - TOSHIBA Corporation) TRORMCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.9 - TOSHIBA) TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 (KB974631) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{052CA271-6C3E-4B8F-9EEE-CEA84BC901DC}) (Version: - Microsoft) Update for Microsoft Office Word 2007 (KB974631) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CA2F3DF8-C8AE-4933-92F1-FE482442F6E6}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Utility Common Driver (Version: 1.0.50.27C - TOSHIBA) Hidden VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden ViewNX (HKLM\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.1.1 - Nikon) Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation) VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN) WildTangent-Spiele (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent) Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media) CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-2254722259-2390501912-3981444591-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media) ==================== Restore Points ========================= 01-08-2014 20:06:23 Windows Update 01-08-2014 20:25:51 Windows Update 10-08-2014 17:52:08 Windows Update 31-08-2014 13:16:31 Entfernt Creative MediaSource Detector 31-08-2014 13:18:53 Windows Update 31-08-2014 13:18:58 Konfiguriert Engine Installer 31-08-2014 13:20:55 Windows-Sicherung 08-09-2014 17:59:10 AA11 08-09-2014 18:23:51 Windows Update 08-09-2014 18:35:24 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2014-09-09 19:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0B967E98-4F4A-40AE-B171-8C85852EEE01} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated) Task: {282F9EC6-53CD-474D-87F6-66F444FAA039} - System32\Tasks\{35B5CFF1-DB37-46C7-84DF-488BAD58EF78} => C:\Program Files\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.) Task: {71291486-D27D-478A-AB82-2D212F8A774B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {71D01C25-F216-4C33-AE59-C4BF3FCC486B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-08] (Google Inc.) Task: {7813C8B8-F101-4F09-A3A0-6F885586596A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-08] (Google Inc.) Task: {8B0E9263-B6FC-47CB-B8E6-73792DE33F3B} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION) Task: {9FBD16D5-860C-432D-B5B1-0CE6296219E8} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2012-05-25] (Lavasoft Limited ) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-10-11 22:56 - 2012-10-11 22:56 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2012-10-11 22:56 - 2012-10-11 22:56 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-08-27 12:51 - 2014-08-27 12:51 - 00655864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe 2014-08-27 12:55 - 2014-08-27 12:55 - 00087896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_thread-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00022360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_system-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00030040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_chrono-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00048480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_date_time-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00107872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_filesystem-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 09918800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareServiceKernel.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 02423600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\RCF.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00638296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_regex-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00580424 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareActivation.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 01643352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareApplicationUpdater.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00642376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareGamingMode.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00087360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareReset.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00105280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTime.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00747352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdater.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00693096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdaterScheduler.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00865608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIgnoreList.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00206664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareQuarantine.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00779096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiMalwareEngine.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00174936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiRootkitEngine.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00870736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerHistory.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 01000256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScanner.dll 2014-08-27 12:56 - 2014-08-27 12:56 - 00030552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_timer-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00768344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerScheduler.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00868184 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareRealTimeProtection.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00190800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIncompatibles.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00703304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiSpam.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00666448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiPhishing.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 02359632 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareParentalControl.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 02411344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareWebProtection.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00834384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareEmailProtection.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00999256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNetworkProtection.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00796992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePromo.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00286536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareFeedback.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 02124120 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareThreatWorkAlliance.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00977216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePinCode.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00796992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNotice.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00739656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAvcEngine.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00123712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\SecurityCenter.dll 2009-09-28 15:42 - 2009-09-28 15:42 - 00525688 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll 2011-01-05 20:59 - 2009-10-02 14:18 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 02555216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareShellExtension.dll 2011-01-05 22:05 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll 2009-05-04 11:45 - 2009-05-04 11:45 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll 2011-01-05 21:02 - 2011-01-05 21:02 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2009-10-18 16:20 - 2009-10-18 16:20 - 07980344 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2009-11-03 14:26 - 2009-11-03 14:26 - 00058680 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll 2009-12-07 11:56 - 2009-06-22 15:38 - 00015160 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll 2009-03-12 20:08 - 2009-03-12 20:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll 2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll 2009-07-29 16:35 - 2009-07-29 16:35 - 00014648 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 07642432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe 2014-08-27 12:55 - 2014-08-27 12:55 - 00405848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_locale-vc100-mt-1_55.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 01597248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\HtmlFramework.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00056632 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\DllStorage.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00833360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTrayDefaultSkin.dll 2014-08-27 12:55 - 2014-08-27 12:55 - 00641344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\Localization.dll 2014-05-09 17:31 - 2014-05-08 19:26 - 03145536 _____ () C:\Users\ANTJEKRAMER\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe 2009-11-05 10:14 - 2009-11-05 10:14 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll 2014-07-31 20:24 - 2014-07-31 20:24 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-09-10 17:18 - 2014-09-10 17:18 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: GamesAppService => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk => C:\Windows\pss\Nikon Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^ANTJEKRAMER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: Creative Detector => "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R MSCONFIG\startupreg: CTZDetec.exe => C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SoftAuto.exe => "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe ==================== Faulty Device Manager Devices ============= Name: SBRE Description: SBRE Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: SBRE Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (09/11/2014 07:16:08 PM) (Source: iaStor) (EventID: 9) (User: ) Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error: (09/11/2014 06:17:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (09/11/2014 06:17:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht. Error: (09/11/2014 06:15:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error: (09/11/2014 06:15:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error: (09/11/2014 06:14:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Software Protection" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (09/11/2014 06:14:52 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "sppsvc" konnte sich nicht als "NT AUTHORITY\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (09/11/2014 06:13:22 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (09/11/2014 06:12:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (09/11/2014 06:12:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Management & Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= Error: (06/16/2011 09:36:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1183 seconds with 600 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz Percentage of memory in use: 57% Total physical RAM: 3061.61 MB Available physical RAM: 1304.13 MB Total Pagefile: 6121.5 MB Available Pagefile: 4080.34 MB Total Virtual: 2047.88 MB Available Virtual: 1915.57 MB ==================== Drives ================================ Drive c: (WINDOWS) (Fixed) (Total:232.42 GB) (Free:163.67 GB) NTFS Drive d: (Data) (Fixed) (Total:232.95 GB) (Free:88.38 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 76D98D76) Partition 1: (Active) - (Size=400 MB) - (Type=27) Partition 2: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ antje |
12.09.2014, 10:13 | #10 | |
/// TB-Ausbilder | TR/Patched.Ren.Gen - Überfordert! Mehrere deiner Backup-Dateien sind mit Adware infiziert, ggf. per Hand löschen: Zitat:
Reste entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start CloseProcesses: C:\Users\Gast\AppData\Local\Mozilla\Firefox\Profiles\96gqb7pq.default\Cache\0\00\3CD53d01 C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\96gqb7pq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} EmptyTemp: end Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Ändere regelmäßig alle deine Passwörter, jetzt nach der Bereinigung ist ein idealer Zeitpunkt dafür!
Schritt 1 Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren. Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren. Deinstalliere die folgenden Programme von deinem Rechner:
Downloade und installiere dir bitte nun:Starte deinen Rechner nach der Installation neu auf. Schritt 2 Die Reihenfolge ist hier entscheidend.
Schritt 3 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
12.09.2014, 15:33 | #11 |
| TR/Patched.Ren.Gen - Überfordert! ähm, ich hab alles gemacht, was du gesagt hast, wollte aber erst am ende die fixlog.txt posten. und die ist jetzt weg mit dem programm.... aber ich meine, es stand praktisch nichts mehr drin. hoffentlich ist das ok. vielen, vielen herzlichen dank für die ganze hilfe!!!!! ich habe auch die ganzen ratschläge berücksichtigt und hoffe, in zukunft besser gerüstet zu sein! merci und ein happy weekend! antje |
12.09.2014, 21:19 | #12 |
/// TB-Ausbilder | TR/Patched.Ren.Gen - Überfordert! Ich bin froh, dass wir helfen konnten In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |