| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win 7 - Maleware Meldung von Avira und sehr langsames System direkt nach dem HochfahrenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.12.2014, 12:30
| #1 |
 |  Win 7 - Maleware Meldung von Avira und sehr langsames System direkt nach dem Hochfahren Hallo und vielen Dank, dass ich mit meinem Problem hier um Hilfe ersuchen kann. Das Problem betrifft eine Laptop mit Windows 7 Home Premium (32bit) mit Service Pack 1. Was passiert ist, bevor ich mich der Probleme an genommen habe, ist mir nur durch Erzählungen meiner Frau bekannt. Ihr ist ein träges System nach dem hochfahren des Rechners aufgefallen, dass Firefox und Office-Programme ungewöhnlich lange benötigen, um zu starten. Nach einiger Zeit sei die Reaktionszeit vom System aber wieder normal gewesen. Es sind kurz Office Anwendungen und der Browser genutzt worden, als Avira eine Warnmeldung angezeigt hat. Dem Protokoll von Avira entnehme ich, dass es dieser Hinweis war. Code:
ATTFilter In der Datei 'C:\Program Files\Samsung\Kies\Plugins\DeviceHost\DeviceHost.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Downloader.Gen7' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Nachdem ich nun von einer Reise zurückgekehrt bin, konnte ich mich der Sache selbst annehmen und habe ebenfalls bemerkt, dass für mehr als 10 Minuten nach dem Hochfahren keinerlei oder nur sehr verzögerte Tastatur- bzw. Mauseingaben zu beobachten sind. Dementsprechend dauert es unerträglich lange, bis Programme sich öffnen und reagieren. Avira wollte erneut einen kompletten Systemscan durchführen, den ich aber abgebrochen habe, da mir meine Frau von einer Laufzeit des letzten von mehreren Stunden erzählt hatte. Den hier im Forum angegebenen Vorgaben entsprechend, habe ich die Scans durchgeführt und kann sie im Folgenden auflisten. AVIRA Scan Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 4. Dezember 2014 14:07
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : PCName
Versionsinformationen:
BUILD.DAT : 14.0.7.342 92013 Bytes 23.10.2014 14:02:00
AVSCAN.EXE : 14.0.7.312 1015544 Bytes 21.11.2014 19:47:54
AVSCANRC.DLL : 14.0.7.308 64304 Bytes 21.11.2014 19:47:54
LUKE.DLL : 14.0.7.310 60664 Bytes 21.11.2014 19:48:12
AVSCPLR.DLL : 14.0.7.310 93488 Bytes 21.11.2014 19:47:54
REPAIR.DLL : 14.0.7.312 366328 Bytes 21.11.2014 19:47:52
REPAIR.RDF : 1.0.2.30 596694 Bytes 24.10.2014 18:23:57
AVREG.DLL : 14.0.7.310 264952 Bytes 21.11.2014 19:47:52
AVLODE.DLL : 14.0.7.312 563448 Bytes 21.11.2014 19:47:52
AVLODE.RDF : 14.0.4.50 76508 Bytes 11.11.2014 17:02:08
XBV00013.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00014.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00015.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00016.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:40
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:41
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:41
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 17:59:41
XBV00044.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:09
XBV00045.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:09
XBV00046.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:09
XBV00047.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:09
XBV00048.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:09
XBV00049.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:09
XBV00050.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:09
XBV00051.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:09
XBV00052.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:09
XBV00053.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:09
XBV00054.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:09
XBV00055.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:09
XBV00056.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:09
XBV00057.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:09
XBV00058.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:09
XBV00059.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:09
XBV00060.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:09
XBV00061.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00062.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00063.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00064.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00065.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00066.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00067.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00068.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00069.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00070.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00071.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00072.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00073.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00074.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00075.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00076.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00077.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00078.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00079.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00080.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00081.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00082.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00083.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00084.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00085.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00086.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00087.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00088.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00089.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:10
XBV00090.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00091.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00092.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00093.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00094.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00095.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00096.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00097.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00098.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00099.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00100.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00101.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00102.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00103.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00104.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00105.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00106.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00107.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00108.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00109.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00110.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00111.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00112.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00113.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00114.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00115.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00116.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00117.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00118.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00119.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00120.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00121.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00122.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00123.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00124.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:11
XBV00125.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00126.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00127.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00128.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00129.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00130.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00131.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00132.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00133.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00134.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00135.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00136.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00137.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00138.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00139.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00140.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00141.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00142.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00143.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00144.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00145.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00146.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00147.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00148.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00149.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00150.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00151.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00152.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00153.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00154.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00155.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00156.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00157.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00158.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00159.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:12
XBV00160.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00161.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00162.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00163.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00164.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00165.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00166.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00167.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00168.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00169.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00170.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00171.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00172.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00173.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00174.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00175.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00176.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00177.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00178.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00179.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00180.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00181.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00182.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00183.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00184.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00185.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00186.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00187.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00188.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00189.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00190.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00191.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00192.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:13
XBV00193.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00194.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00195.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00196.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00197.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00198.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00199.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00200.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00201.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00202.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00203.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00204.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00205.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00206.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00207.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00208.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00209.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00210.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00211.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00212.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00213.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00214.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00215.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00216.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00217.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00218.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00219.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00220.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00221.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00222.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00223.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00224.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00225.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00226.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00227.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:14
XBV00228.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00229.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00230.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00231.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00232.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00233.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00234.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00235.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00236.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00237.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00238.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00239.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00240.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00241.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00242.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00243.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00244.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00245.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00246.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00247.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00248.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00249.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00250.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00251.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00252.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00253.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00254.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00255.VDF : 8.11.190.32 2048 Bytes 03.12.2014 18:39:15
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 10:01:57
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 15:48:25
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 18:21:33
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 10:41:54
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 18:35:44
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 19:28:17
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 17:15:49
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 17:43:02
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 17:59:39
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 15:56:47
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 17:08:02
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 17:02:10
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 18:39:09
XBV00042.VDF : 8.11.190.56 35840 Bytes 03.12.2014 18:39:09
XBV00043.VDF : 8.11.192.58 2048 Bytes 03.12.2014 18:39:09
LOCAL000.VDF : 8.11.192.58 115661824 Bytes 03.12.2014 18:39:39
Engineversion : 8.3.26.28
AEVDF.DLL : 8.3.1.6 133992 Bytes 23.08.2014 17:53:26
AESCRIPT.DLL : 8.2.2.32 539504 Bytes 02.12.2014 17:09:55
AESCN.DLL : 8.3.2.2 139456 Bytes 24.07.2014 16:37:46
AESBX.DLL : 8.2.20.24 1409224 Bytes 08.05.2014 15:59:04
AERDL.DLL : 8.2.1.16 743328 Bytes 02.11.2014 19:19:15
AEPACK.DLL : 8.4.0.56 789360 Bytes 28.11.2014 18:57:26
AEOFFICE.DLL : 8.3.1.8 350120 Bytes 28.11.2014 18:57:26
AEHEUR.DLL : 8.1.4.1418 7863152 Bytes 28.11.2014 18:57:26
AEHELP.DLL : 8.3.1.0 278728 Bytes 03.06.2014 17:42:40
AEGEN.DLL : 8.1.7.36 457576 Bytes 28.11.2014 18:57:22
AEEXP.DLL : 8.4.2.48 252776 Bytes 26.11.2014 18:49:38
AEEMU.DLL : 8.1.3.4 399264 Bytes 07.08.2014 17:59:31
AEDROID.DLL : 8.4.2.248 812968 Bytes 21.11.2014 19:47:49
AECORE.DLL : 8.3.3.0 244592 Bytes 26.11.2014 18:49:37
AEBB.DLL : 8.1.2.0 60448 Bytes 07.08.2014 17:59:31
AVWINLL.DLL : 14.0.7.308 25904 Bytes 21.11.2014 19:47:44
AVPREF.DLL : 14.0.7.308 52016 Bytes 21.11.2014 19:47:52
AVREP.DLL : 14.0.7.308 220976 Bytes 21.11.2014 19:47:52
AVARKT.DLL : 14.0.7.308 227632 Bytes 21.11.2014 19:47:49
AVEVTLOG.DLL : 14.0.7.310 184112 Bytes 21.11.2014 19:47:51
SQLITE3.DLL : 14.0.7.308 453936 Bytes 21.11.2014 19:48:14
AVSMTP.DLL : 14.0.7.308 79096 Bytes 21.11.2014 19:47:54
NETNT.DLL : 14.0.7.308 15152 Bytes 21.11.2014 19:48:12
RCIMAGE.DLL : 14.0.7.308 4865328 Bytes 21.11.2014 19:47:44
RCTEXT.DLL : 14.0.7.318 77048 Bytes 21.11.2014 19:47:44
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Beginn des Suchlaufs: Donnerstag, 4. Dezember 2014 14:07
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, E:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '127' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '185' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosBtMng.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesTrayAgent.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apntex.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'HidFind.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'TCrdMain.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'SmoothView.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPwrMain.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosSENotify.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'KeNotify.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApMsgFwd.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPCHSrv.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosSmartSrv.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'TecoService.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosBtSrv.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosCoSrv.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'TODDSrv.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'TMachInfo.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'ConversionService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNMNSUT.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apoint.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'HelperService.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSvcs.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFIWmxSvcs.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'TWebCameraSrv.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '143' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '137' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2264' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Windows7>
[0] Archivtyp: Runtime Packed
--> C:\Users\Username\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
[1] Archivtyp: Runtime Packed
--> C:\Users\Username\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
[2] Archivtyp: Runtime Packed
--> C:\Users\Username\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
[3] Archivtyp: Runtime Packed
--> C:\Users\Username\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
[4] Archivtyp: Runtime Packed
--> C:\Users\Username\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
[5] Archivtyp: Runtime Packed
--> C:\Users\Username\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
[6] Archivtyp: Runtime Packed
--> C:\Users\Username\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
[7] Archivtyp: Runtime Packed
--> C:\Users\Username\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
[8] Archivtyp: Runtime Packed
--> C:\Users\Username\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\15cb8b68-20cbc9fb
[9] Archivtyp: ZIP
--> Ajax.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Username\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\15cb8b68-20cbc9fb
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
--> C:\Users\Username\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\611e0a7d-4400a02b
[9] Archivtyp: ZIP
--> ta/tb.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/11-3544.EW
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> ta/ta.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> ta/tc.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Username\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\611e0a7d-4400a02b
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
--> C:\Users\Username\Downloads\jre-7u5-windows-i586-iftw.exe
[9] Archivtyp: Runtime Packed
--> C:\Users\Username\Downloads\PDFCreator-1_5_1_setup.exe
[10] Archivtyp: Inno Setup
--> {tmp}\avg.exe
[11] Archivtyp: RSRC
--> C:\Users\Username\Downloads\Anwendungen\MyPhoneExplorer_Setup_v1.7.4.exe
[12] Archivtyp: NSIS
--> ProgramFilesDir/[PluginsDir]/eBay_shortcuts_1025_EPE.exe
[13] Archivtyp: NSIS
--> ProgramFilesDir/eBayShortcuts.exe
[FUND] Enthält Erkennungsmuster der Anwendung APPL/Yabector.Gen5
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Username\Downloads\Anwendungen\MyPhoneExplorer_Setup_v1.7.4.exe
[FUND] Enthält Erkennungsmuster der Anwendung APPL/Yabector.Gen5
Beginne mit der Suche in 'E:\' <Data>
Beginne mit der Desinfektion:
C:\Users\Username\Downloads\Anwendungen\MyPhoneExplorer_Setup_v1.7.4.exe
[FUND] Enthält Erkennungsmuster der Anwendung APPL/Yabector.Gen5
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '500429ca.qua' verschoben!
C:\Users\Username\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\611e0a7d-4400a02b
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48f206b5.qua' verschoben!
C:\Users\Username\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\15cb8b68-20cbc9fb
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1aff5c59.qua' verschoben!
Ende des Suchlaufs: Donnerstag, 4. Dezember 2014 17:34
Benötigte Zeit: 2:18:38 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
33182 Verzeichnisse wurden überprüft
728675 Dateien wurden geprüft
8 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
3 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
728667 Dateien ohne Befall
7271 Archive wurden durchsucht
5 Warnungen
3 Hinweise
791793 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:43 on 11/12/2014 (Username)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2014
Ran by Username (administrator) on PCName on 11-12-2014 10:46:35
Running from C:\Users\Username\Desktop
Loaded Profile: Username (Available profiles: Username)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
() C:\Users\Username\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [425984 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [136544 2009-05-19] (CANON INC.)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2008-11-21] (TOSHIBA)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1011712 2009-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-08-09] (InstallShield Software Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-21] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2525799251-1302831337-2617014307-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-08-09] (InstallShield Software Corporation)
HKU\S-1-5-21-2525799251-1302831337-2617014307-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-2525799251-1302831337-2617014307-1000\...\RunOnce: [DeleteMarkAny] => C:\Windows\system32\MASetupCleaner.exe [24576 2013-06-14] ((주)마크애니)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
ShortcutTarget: MLB.TV NexDef Plug-in.lnk -> C:\Users\Username\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe ()
Startup: C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2525799251-1302831337-2617014307-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;
HKU\S-1-5-21-2525799251-1302831337-2617014307-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {8291C4DA-AE2C-490E-95D5-570278247243} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
SearchScopes: HKLM -> {8291C4DA-AE2C-490E-95D5-570278247243} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
SearchScopes: HKU\S-1-5-21-2525799251-1302831337-2617014307-1000 -> DefaultScope {8291C4DA-AE2C-490E-95D5-570278247243} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
SearchScopes: HKU\S-1-5-21-2525799251-1302831337-2617014307-1000 -> {8291C4DA-AE2C-490E-95D5-570278247243} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Winsock: Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 28 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 29 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 30 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default
FF DefaultSearchEngine: Ecosia
FF SelectedSearchEngine: Ecosia
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\searchplugins\leo-deu-ita.xml
FF Extension: Avira Browser Safety - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: German Dictionary - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-08]
FF Extension: dp Launcher Plugin - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\dplauncher@digitalpublishing.de [2013-10-19]
FF Extension: United States English Spellchecker - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-03-26]
FF Extension: Print pages to PDF - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\printPages2Pdf@reinhold.ripper [2013-10-28]
FF Extension: ProxTube - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: QrCodeR - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\jid0-4deOYiOeBrYfBB9hS3xTnGoKZC4@jetpack.xpi [2012-04-10]
FF Extension: Image Zoom - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-04-16]
FF Extension: Pearl Crescent Page Saver Basic - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi [2013-10-28]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2011-05-27]
FF Extension: Adblock Plus - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-14]
FF Extension: BetterPrivacy - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-04-22]
FF Extension: Download Statusbar - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-10-29]
FF Extension: Tab Mix Plus - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-10]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-08-25]
FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2014-11-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-21] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [62776 2009-04-01] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-24] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation) [File not signed]
R2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [656752 2009-04-15] (TOSHIBA Corporation)
S3 WiselinkPro; C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [3007488 2010-02-17] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-30] (COMPAL ELECTRONIC INC.)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [157536 2009-05-20] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-20] (TOSHIBA Corporation)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [485920 2008-11-11] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [45344 2008-11-11] (eMPIA Technology, Inc.)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-11 10:46 - 2014-12-11 10:48 - 00023868 _____ () C:\Users\Username\Desktop\FRST.txt
2014-12-11 10:46 - 2014-12-11 10:46 - 00000000 ____D () C:\FRST
2014-12-11 10:43 - 2014-12-11 10:45 - 00000478 _____ () C:\Users\Username\Desktop\defogger_disable.log
2014-12-11 10:43 - 2014-12-11 10:43 - 00000000 _____ () C:\Users\Username\defogger_reenable
2014-12-11 10:37 - 2014-12-11 10:37 - 00380416 _____ () C:\Users\Username\Desktop\Gmer-19357.exe
2014-12-11 10:36 - 2014-12-11 10:36 - 01111040 _____ (Farbar) C:\Users\Username\Desktop\FRST.exe
2014-12-11 10:30 - 2014-12-11 10:34 - 00050477 _____ () C:\Users\Username\Desktop\Defogger.exe
2014-12-04 17:36 - 2014-12-04 17:39 - 00031691 _____ () C:\Users\Username\Desktop\Neues Textdokument.txt
2014-11-21 21:12 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-21 21:12 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-21 21:11 - 2014-11-21 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-21 21:11 - 2014-11-21 21:11 - 00000000 ____D () C:\Program Files\QuickTime
2014-11-21 21:08 - 2014-11-21 21:08 - 00001761 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-21 21:08 - 2014-11-21 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-21 21:07 - 2014-11-21 21:08 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-21 21:07 - 2014-11-21 21:08 - 00000000 ____D () C:\Program Files\iTunes
2014-11-21 21:07 - 2014-11-21 21:07 - 00000000 ____D () C:\Program Files\iPod
2014-11-16 10:30 - 2014-11-16 10:30 - 00001002 _____ () C:\Users\Public\Desktop\Photographerbook.lnk
2014-11-16 10:30 - 2014-11-16 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photographerbook
2014-11-16 10:29 - 2014-11-16 10:29 - 00000000 ____D () C:\ProgramData\Photographerbook
2014-11-14 19:12 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-14 19:12 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-14 19:12 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-14 19:12 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-14 19:12 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-14 19:12 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-14 19:12 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-14 19:12 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-14 19:12 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-14 19:12 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-14 19:12 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-14 19:11 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-14 19:11 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-14 19:11 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-14 19:11 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-14 19:11 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-14 19:11 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-14 19:11 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-14 19:10 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-14 19:10 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-14 19:10 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-14 19:10 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-14 19:10 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-14 19:10 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-14 19:10 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-14 19:10 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-14 19:10 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-14 19:10 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-14 19:10 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-14 19:10 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-14 19:10 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-14 19:10 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-14 19:10 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-14 19:10 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-14 19:10 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-14 19:10 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-14 19:10 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-14 19:10 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-14 19:10 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-14 19:10 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-14 19:10 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-14 19:10 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-14 19:10 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-14 19:10 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-14 19:10 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-14 19:10 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-14 19:10 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-14 19:10 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-14 19:10 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-14 19:10 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-14 19:10 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-14 19:10 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-14 19:10 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 18:28 - 2014-11-11 18:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-11 10:43 - 2010-05-05 09:31 - 00000000 ____D () C:\Users\Username
2014-12-11 10:40 - 2013-07-24 21:30 - 00000000 ____D () C:\Users\Username\AppData\Roaming\Samsung
2014-12-11 10:40 - 2013-07-24 21:30 - 00000000 ____D () C:\Users\Username\AppData\Local\Samsung
2014-12-11 10:40 - 2013-07-24 21:08 - 00000000 ____D () C:\ProgramData\Samsung
2014-12-11 10:40 - 2011-01-13 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG
2014-12-11 10:40 - 2010-05-10 11:36 - 00000000 ____D () C:\Program Files\Samsung
2014-12-11 10:40 - 2009-06-09 09:47 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-11 10:39 - 2010-05-05 10:10 - 01237597 _____ () C:\Windows\WindowsUpdate.log
2014-12-11 10:28 - 2010-05-05 09:30 - 00016496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-11 10:27 - 2010-05-05 09:30 - 00016496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-11 10:22 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-11 10:21 - 2013-07-12 20:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 10:10 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-11 10:10 - 2009-07-14 05:39 - 11544169 _____ () C:\Windows\setupact.log
2014-12-04 18:02 - 2012-03-30 06:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-02 19:32 - 2013-11-12 20:33 - 00074882 _____ () C:\Users\Username\Documents\EinnahmeAusgabe2014.xlsx
2014-11-28 21:55 - 2010-05-05 12:36 - 00000000 ____D () C:\Users\Username\AppData\Roaming\vlc
2014-11-28 20:02 - 2012-03-30 06:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-28 20:02 - 2012-03-30 06:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-22 13:19 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-21 21:07 - 2014-10-12 16:18 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-11-21 21:07 - 2013-06-14 20:18 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-16 11:47 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-11-16 10:29 - 2012-04-09 15:36 - 00000000 ____D () C:\Program Files\Photographerbook
2014-11-16 10:29 - 2010-05-05 10:21 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-16 10:24 - 2009-07-14 05:33 - 00415080 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-15 20:47 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-11-15 17:29 - 2009-06-09 10:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-14 19:19 - 2013-08-15 21:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-14 19:14 - 2010-05-16 10:47 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-14 18:56 - 2012-04-24 20:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
Some content of TEMP:
====================
C:\Users\Username\AppData\Local\Temp\AskSLib.dll
C:\Users\Username\AppData\Local\Temp\avgnt.exe
C:\Users\Username\AppData\Local\Temp\DivXSetup.exe
C:\Users\Username\AppData\Local\Temp\install_7.exe
C:\Users\Username\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Username\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Username\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Username\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Username\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Username\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Username\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Username\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Username\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Username\AppData\Local\Temp\photographerbook.exe
C:\Users\Username\AppData\Local\Temp\ready.exe
C:\Users\Username\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Username\AppData\Local\Temp\secuniasi1344266709273678357.dll
C:\Users\Username\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Username\AppData\Local\Temp\starter.exe
C:\Users\Username\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Username\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Username\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Username\AppData\Local\Temp\vlc-2.1.5-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-28 21:50
==================== End Of Log ============================
--- --- --- Additions.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-12-2014
Ran by Username at 2014-12-11 10:48:28
Running from C:\Users\Username\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
ACDSee Pro 2 (HKLM\...\{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}) (Version: 2.0.238 - ACD Systems International)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.5.303.117 - ALPS ELECTRIC CO., LTD.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{601E6234-EC57-0948-6E33-7F2339EC5AA1}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Audiograbber 1.83 SE (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
Audiograbber Lame-MP3-Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG)
Avira (HKLM\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.00.10(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version: - )
Canon MP640 series Benutzerregistrierung (HKLM\...\Canon MP640 series Benutzerregistrierung) (Version: - )
Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version: - )
ccc-core-static (Version: 2009.0729.2238.38827 - Ihr Firmenname) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2971 - CDBurnerXP)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version: - )
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
ElsterFormular-Upgrade (HKLM\...\ElsterFormular für Privatanwender 12.1.0.6164p) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
GIMP 2.6.6 (HKLM\...\WinGimp-2.0_is1) (Version: - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Media Player Classic - Home Cinema v. 1.3.1249.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox (3.5.3) (HKLM\...\Mozilla Firefox (3.5.3)) (Version: 3.5.3 (de) - Mozilla)
Mozilla Firefox 33.1 (x86 de) (HKLM\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.7.4 - F.J. Wechselberger)
Notepad++ (HKLM\...\Notepad++) (Version: - )
OpenOffice.org 3.1 (HKLM\...\{D765F1CE-5AE5-4C47-B134-AE58AC474740}) (Version: 3.1.9420 - OpenOffice.org)
Opera 12.14 (HKLM\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)
PDF Architect (HKLM\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Photographerbook 3.0.5 (HKLM\...\Photographerbook_is1) (Version: 3.0.5 - FRIEDMANN PRINT DATA SOLUTIONS)
PlayReady PC runtime (HKLM\...\{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}) (Version: 1 - Microsoft Corporation)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
SAMSUNG PC Share Manager (HKLM\...\InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}) (Version: 2.3.0 - SAMSUNG)
SAMSUNG PC Share Manager (Version: 2.3.0 - SAMSUNG) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.10 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM\...\{1C971EE3-B4C4-4367-9676-57549919C6CE}) (Version: 7.40 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.23 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.0.3.0 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.0.5.32 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.0.0.1 - TOSHIBA Corporation)
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.06.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 - TOSHIBA)
TOSHIBA Recovery Disk Creator Reminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0017 - TOSHIBA)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.6 - TOSHIBA)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.0.26 - TOSHIBA)
TOSHIBA Supervisorkennwort (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.28 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.0.1.8 - TOSHIBA Corporation)
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.6 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.6 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Utility Common Driver (Version: 1.0.50.27C - TOSHIBA) Hidden
Utility support driver (Version: 1.0.25.5 - TOSHIBA) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2525799251-1302831337-2617014307-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2525799251-1302831337-2617014307-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2525799251-1302831337-2617014307-1000_Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2525799251-1302831337-2617014307-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2525799251-1302831337-2617014307-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2525799251-1302831337-2617014307-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2525799251-1302831337-2617014307-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2525799251-1302831337-2617014307-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2525799251-1302831337-2617014307-1000_Classes\CLSID\{936252b0-613b-4df2-9012-3c99c0bd83e9}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2525799251-1302831337-2617014307-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2525799251-1302831337-2617014307-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2525799251-1302831337-2617014307-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2525799251-1302831337-2617014307-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path
==================== Restore Points =========================
21-11-2014 20:20:55 Windows Update
04-12-2014 16:22:26 Geplanter Prüfpunkt
11-12-2014 09:31:57 Removed Samsung Kies
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {10046459-E63E-4384-9BA6-22C5C4C29612} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1D4681D1-C7C2-4F8A-A249-6BFBABE1A853} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-28] (Adobe Systems Incorporated)
Task: {53DC2863-FEE1-4C63-8AD8-486CFE619149} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {A9539CE1-1345-4937-8242-65927739D424} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Username => C:\Program Files\Windows Calendar\WinCal.exe
Task: {CC9719D2-D487-4A30-A962-629ABA343BE8} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-09-03] (TOSHIBA CORPORATION)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-04-24 10:39 - 2009-04-24 10:39 - 00516096 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2009-01-30 21:11 - 2009-01-30 21:11 - 00073728 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2009-07-16 14:27 - 2009-07-16 14:27 - 07263544 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-07-16 14:27 - 2009-07-16 14:27 - 00052536 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-06-09 10:13 - 2006-10-10 11:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 18:08 - 2009-03-12 18:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 11:57 - 2006-10-07 11:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-07-29 14:35 - 2009-07-29 14:35 - 00014648 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2011-10-07 10:41 - 2011-10-07 10:41 - 00879896 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2009-04-01 22:51 - 2009-04-01 22:51 - 00801032 _____ () C:\Users\Username\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
2009-04-01 22:51 - 2009-04-01 22:51 - 16907016 _____ () C:\Users\Username\AppData\Local\Autobahn\bin\4.2.17.MLB_09_58\swarmcast.dll
2010-05-05 10:20 - 2010-05-05 10:20 - 00065536 _____ () C:\Users\Username\AppData\Roaming\Microsoft\Windows\.autobahn\libwin32proxyconfig.dll
2014-11-11 18:28 - 2014-11-11 18:28 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
HKU\S-1-5-21-2525799251-1302831337-2617014307-1000\Software\Classes\.exe: => <===== ATTENTION!
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: NDSTray.exe => "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files\Toshiba TEMPRO\TemproTray.exe
MSCONFIG\startupreg: TPCHWMsg => %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
MSCONFIG\startupreg: TWebCamera => "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
========================= Accounts: ==========================
Administrator (S-1-5-21-2525799251-1302831337-2617014307-500 - Administrator - Disabled)
Username (S-1-5-21-2525799251-1302831337-2617014307-1000 - Administrator - Enabled) => C:\Users\Username
Gast (S-1-5-21-2525799251-1302831337-2617014307-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2525799251-1302831337-2617014307-1006 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/11/2014 10:19:00 AM) (Source: MsiInstaller) (EventID: 1024) (User: bd-mobile)
Description: Produkt: Adobe Reader XI (11.0.09) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011010}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (12/11/2014 10:17:14 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ToolkitPro1331vc90U.dll" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm KiesPDLR wurde wegen dieses Fehlers geschlossen.
Programm: KiesPDLR
Datei: C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ToolkitPro1331vc90U.dll
Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
- diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.
Zusätzliche Daten
Fehlerwert: C0000185
Datenträgertyp: 3
Error: (12/11/2014 10:17:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KiesPDLR.exe, Version: 1.0.0.1, Zeitstempel: 0x51dbc648
Name des fehlerhaften Moduls: ToolkitPro1331vc90U.dll, Version: 13.3.1.0, Zeitstempel: 0x504da5a4
Ausnahmecode: 0xc0000006
Fehleroffset: 0x006d84f9
ID des fehlerhaften Prozesses: 0x11e0
Startzeit der fehlerhaften Anwendung: 0xKiesPDLR.exe0
Pfad der fehlerhaften Anwendung: KiesPDLR.exe1
Pfad des fehlerhaften Moduls: KiesPDLR.exe2
Berichtskennung: KiesPDLR.exe3
Error: (12/11/2014 10:16:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/04/2014 05:32:26 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x81000101).
Error: (12/04/2014 05:32:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x81000101).
Error: (12/04/2014 02:02:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8556109
Error: (12/04/2014 02:02:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8556109
Error: (12/04/2014 02:02:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/04/2014 02:02:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8540493
System errors:
=============
Error: (12/11/2014 10:19:03 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (12/11/2014 10:15:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Software Protection" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/11/2014 10:15:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Software Protection erreicht.
Error: (12/11/2014 10:13:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.
Error: (12/11/2014 10:13:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error: (12/11/2014 10:09:49 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (12/11/2014 10:09:49 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (12/04/2014 02:00:11 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (12/04/2014 11:31:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/04/2014 11:31:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz
Percentage of memory in use: 47%
Total physical RAM: 3036.87 MB
Available physical RAM: 1586.25 MB
Total Pagefile: 6072.03 MB
Available Pagefile: 4321.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.78 MB
==================== Drives ================================
Drive c: (Windows7) (Fixed) (Total:232.88 GB) (Free:48.92 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:231.42 GB) (Free:217.38 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7878FC96)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=231.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-11 11:27:19
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG00 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Bettina\AppData\Local\Temp\uwtiypob.sys
---- System - GMER 2.1 ----
SSDT 93A53466 ZwCreateSection
SSDT 93A53470 ZwRequestWaitReplyPort
SSDT 93A5346B ZwSetContextThread
SSDT 93A53475 ZwSetSecurityObject
SSDT 93A5347A ZwSystemDebugControl
SSDT 93A53407 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83492A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834CC212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 834D358C 4 Bytes [66, 34, A5, 93] {XOR AL, 0xa5; XCHG EBX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 834D38E8 4 Bytes [70, 34, A5, 93] {JO 0x36; MOVSD ; XCHG EBX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 834D392C 4 Bytes [6B, 34, A5, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 834D39A8 4 Bytes [75, 34, A5, 93] {JNZ 0x36; MOVSD ; XCHG EBX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 834D39FC 4 Bytes [7A, 34, A5, 93] {JP 0x36; MOVSD ; XCHG EBX, EAX}
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92003000, 0x2D5526, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[4100] ntdll.dll!NtCreateFile 77475608 5 Bytes JMP 5190C6E0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4100] ntdll.dll!NtFlushBuffersFile 77475998 5 Bytes JMP 5160D3A3 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4100] ntdll.dll!NtQueryFullAttributesFile 77476028 5 Bytes JMP 5160D620 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4100] ntdll.dll!NtReadFile 774762F8 5 Bytes JMP 5160D400 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4100] ntdll.dll!NtReadFileScatter 77476308 5 Bytes JMP 52236F6A C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4100] ntdll.dll!NtWriteFile 77476AA8 5 Bytes JMP 5190D5B0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4100] ntdll.dll!NtWriteFileGather 77476AB8 5 Bytes JMP 52236F19 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4100] ntdll.dll!LdrLoadDll 774922AE 5 Bytes JMP 629C1F43 C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4100] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 76EB94E6 7 Bytes JMP 5219EAD2 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4100] kernel32.dll!QueryPerformanceCounter + 13 76EBC4E5 7 Bytes JMP 5219EAF5 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4100] kernel32.dll!LoadAppInitDlls + 355 76EBF5A6 7 Bytes JMP 5190913E C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4100] USER32.dll!GetWindowInfo 76564B5E 5 Bytes JMP 520A5F20 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4100] GDI32.dll!GetViewportOrgEx + 26C 7673884B 7 Bytes JMP 5219EA53 C:\Program Files\Mozilla Firefox\xul.dll
---- EOF - GMER 2.1 ----
1. Worum handelt es sich genau, bei diesem Befall? 2. Wie ist das weitere Vorgehen? 3. Das System möchte Updates installieren incl. herunterfahren des Rechners. Kann ich das problemlos machen oder sollten "Bereinigungsmaßnahmen" davor erfolgen? Bis auf weiteres, werde ich den Laptop nicht herunterfahren. Vielen Dank für die Hilfe Romtom Geändert von Romtom (11.12.2014 um 12:34 Uhr) Grund: Orthogrphie |
|
11.12.2014, 13:22
| #2 |
| /// the machine /// TB-Ausbilder    | Win 7 - Maleware Meldung von Avira und sehr langsames System direkt nach dem Hochfahren hi,
__________________Updates kannste machen. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
11.12.2014, 15:55
| #3 |
| | Win 7 - Maleware Meldung von Avira und sehr langsames System direkt nach dem Hochfahren Die Updates habe ich ausgeführt und danach die Scans laufen lassen.
__________________mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 11.12.2014 Suchlauf-Zeit: 14:18:31 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.11.02 Rootkit Datenbank: v2014.12.08.03 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Username Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 317717 Verstrichene Zeit: 34 Min, 41 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 1 PUP.Optional.Conduit.A, C:\Users\Username\AppData\Local\Temp\ct3297265\ism.exe, In Quarantäne, [a4ea79e895e7ca6ca26d1f86ab56e21e], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.105 - Bericht erstellt am 11/12/2014 um 15:24:26
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-08.2 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Username - PCName
# Gestartet von : C:\Users\Username\Desktop\AdwCleaner_4.105.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Username\AppData\Roaming\pdfforge
Datei Gelöscht : C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\jid0-4deOYiOeBrYfBB9hS3xTnGoKZC4@jetpack.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\foxydeal.sqlite
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v33.1 (x86 de)
*************************
AdwCleaner[R0].txt - [1747 octets] - [11/12/2014 15:10:23]
AdwCleaner[S0].txt - [1668 octets] - [11/12/2014 15:24:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1728 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x86
Ran by Username on 11.12.2014 at 15:37:33,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Username\AppData\Roaming\mozilla\firefox\profiles\e7knolbl.default\minidumps [96 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.12.2014 at 15:39:32,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2014
Ran by Username (administrator) on PCName on 11-12-2014 15:44:12
Running from C:\Users\Username\Desktop
Loaded Profile: Username (Available profiles: Username)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
() C:\Users\Username\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [425984 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [136544 2009-05-19] (CANON INC.)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2008-11-21] (TOSHIBA)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1011712 2009-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-08-09] (InstallShield Software Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-21] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2525799251-1302831337-2617014307-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-08-09] (InstallShield Software Corporation)
HKU\S-1-5-21-2525799251-1302831337-2617014307-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
ShortcutTarget: MLB.TV NexDef Plug-in.lnk -> C:\Users\Username\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe ()
Startup: C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2525799251-1302831337-2617014307-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;
HKU\S-1-5-21-2525799251-1302831337-2617014307-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {8291C4DA-AE2C-490E-95D5-570278247243} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2525799251-1302831337-2617014307-1000 -> {8291C4DA-AE2C-490E-95D5-570278247243} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Winsock: Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 28 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 29 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 30 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 31 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 32 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default
FF DefaultSearchEngine: Ecosia
FF SelectedSearchEngine: Ecosia
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\searchplugins\leo-deu-ita.xml
FF Extension: Avira Browser Safety - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: German Dictionary - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-08]
FF Extension: dp Launcher Plugin - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\dplauncher@digitalpublishing.de [2013-10-19]
FF Extension: United States English Spellchecker - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-03-26]
FF Extension: Print pages to PDF - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\printPages2Pdf@reinhold.ripper [2013-10-28]
FF Extension: ProxTube - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: Image Zoom - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-04-16]
FF Extension: Pearl Crescent Page Saver Basic - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi [2013-10-28]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2011-05-27]
FF Extension: Adblock Plus - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-14]
FF Extension: BetterPrivacy - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-04-22]
FF Extension: Download Statusbar - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-10-29]
FF Extension: Tab Mix Plus - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-10]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-08-25]
FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2014-11-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-21] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [62776 2009-04-01] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-24] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation) [File not signed]
R2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [656752 2009-04-15] (TOSHIBA Corporation)
S3 WiselinkPro; C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [3007488 2010-02-17] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-30] (COMPAL ELECTRONIC INC.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [157536 2009-05-20] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-20] (TOSHIBA Corporation)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [485920 2008-11-11] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [45344 2008-11-11] (eMPIA Technology, Inc.)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-11 15:39 - 2014-12-11 15:42 - 00000763 _____ () C:\Users\Username\Desktop\JRT.txt
2014-12-11 15:37 - 2014-12-11 15:37 - 00000000 ____D () C:\Windows\ERUNT
2014-12-11 15:36 - 2014-12-11 15:43 - 00001810 _____ () C:\Users\Username\Desktop\AdwCleaner[S0].txt
2014-12-11 15:10 - 2014-12-11 15:24 - 00000000 ____D () C:\AdwCleaner
2014-12-11 15:09 - 2014-12-11 15:09 - 00001300 _____ () C:\Users\Username\Desktop\mbam.txt
2014-12-11 14:17 - 2014-12-11 15:28 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-11 14:16 - 2014-12-11 14:16 - 00001072 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-11 14:16 - 2014-12-11 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-11 14:16 - 2014-12-11 14:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-11 14:16 - 2014-12-11 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-12-11 14:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-11 14:16 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-11 14:16 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-11 14:14 - 2014-12-11 14:15 - 01707646 _____ (Thisisu) C:\Users\Username\Desktop\JRT.exe
2014-12-11 14:14 - 2014-12-11 14:14 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Username\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-11 14:14 - 2014-12-11 14:14 - 02166272 _____ () C:\Users\Username\Desktop\AdwCleaner_4.105.exe
2014-12-11 13:57 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 13:57 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 13:57 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 13:57 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 13:57 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 11:29 - 2014-12-11 11:31 - 00063416 _____ () C:\Users\Username\Desktop\AVSCAN-20141204-140728-C4428478.LOG
2014-12-11 11:27 - 2014-12-11 11:27 - 00004984 _____ () C:\Users\Username\Desktop\Gmer.txt
2014-12-11 10:48 - 2014-12-11 11:04 - 00028449 _____ () C:\Users\Username\Desktop\Addition.txt
2014-12-11 10:46 - 2014-12-11 15:44 - 00023479 _____ () C:\Users\Username\Desktop\FRST.txt
2014-12-11 10:46 - 2014-12-11 15:44 - 00000000 ____D () C:\FRST
2014-12-11 10:43 - 2014-12-11 10:54 - 00000480 _____ () C:\Users\Username\Desktop\defogger_disable.log
2014-12-11 10:43 - 2014-12-11 10:43 - 00000000 _____ () C:\Users\Username\defogger_reenable
2014-12-11 10:39 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 10:39 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 10:39 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 10:39 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 10:39 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 10:39 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 10:39 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 10:39 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 10:39 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 10:39 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 10:39 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 10:39 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 10:39 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-11 10:39 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 10:39 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 10:39 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 10:39 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 10:39 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 10:39 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 10:39 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 10:39 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 10:39 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 10:39 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 10:39 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 10:39 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 10:39 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 10:39 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 10:39 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 10:39 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 10:39 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 10:39 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 10:39 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 10:38 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 10:38 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 10:38 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 10:38 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 10:38 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 10:38 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 10:38 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 10:37 - 2014-12-11 10:37 - 00380416 _____ () C:\Users\Username\Desktop\Gmer-19357.exe
2014-12-11 10:36 - 2014-12-11 10:36 - 01111040 _____ (Farbar) C:\Users\Username\Desktop\FRST.exe
2014-12-11 10:30 - 2014-12-11 10:34 - 00050477 _____ () C:\Users\Username\Desktop\Defogger.exe
2014-12-04 17:36 - 2014-12-04 17:39 - 00031691 _____ () C:\Users\Username\Desktop\Neues Textdokument.txt
2014-11-21 21:12 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-21 21:12 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-21 21:11 - 2014-11-21 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-21 21:11 - 2014-11-21 21:11 - 00000000 ____D () C:\Program Files\QuickTime
2014-11-21 21:08 - 2014-11-21 21:08 - 00001761 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-21 21:08 - 2014-11-21 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-21 21:07 - 2014-11-21 21:08 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-21 21:07 - 2014-11-21 21:08 - 00000000 ____D () C:\Program Files\iTunes
2014-11-21 21:07 - 2014-11-21 21:07 - 00000000 ____D () C:\Program Files\iPod
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
2014-11-16 10:30 - 2014-11-16 10:30 - 00001002 _____ () C:\Users\Public\Desktop\Photographerbook.lnk
2014-11-16 10:30 - 2014-11-16 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photographerbook
2014-11-16 10:29 - 2014-11-16 10:29 - 00000000 ____D () C:\ProgramData\Photographerbook
2014-11-14 19:12 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-14 19:12 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-14 19:12 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-14 19:12 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-14 19:12 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-14 19:12 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-14 19:12 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-14 19:12 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-14 19:12 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-14 19:12 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-14 19:12 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-14 19:11 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-14 19:11 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-14 19:11 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-14 19:11 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-14 19:11 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-14 19:11 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-14 19:11 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-14 19:10 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-14 19:10 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-14 19:10 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-14 19:10 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-14 19:10 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 18:28 - 2014-11-11 18:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-11 15:34 - 2010-05-05 09:30 - 00016496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-11 15:34 - 2010-05-05 09:30 - 00016496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-11 15:25 - 2010-05-05 09:56 - 00318734 _____ () C:\Windows\PFRO.log
2014-12-11 15:25 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-11 15:25 - 2009-07-14 05:39 - 11571793 _____ () C:\Windows\setupact.log
2014-12-11 15:24 - 2010-05-05 10:10 - 01398856 _____ () C:\Windows\WindowsUpdate.log
2014-12-11 15:02 - 2012-03-30 06:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-11 14:04 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-11 13:58 - 2009-06-09 10:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 13:56 - 2013-08-15 21:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 13:50 - 2010-05-16 10:47 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 12:02 - 2012-03-30 06:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-11 12:02 - 2012-03-30 06:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-11 10:43 - 2010-05-05 09:31 - 00000000 ____D () C:\Users\Username
2014-12-11 10:40 - 2013-07-24 21:30 - 00000000 ____D () C:\Users\Username\AppData\Roaming\Samsung
2014-12-11 10:40 - 2013-07-24 21:30 - 00000000 ____D () C:\Users\Username\AppData\Local\Samsung
2014-12-11 10:40 - 2013-07-24 21:08 - 00000000 ____D () C:\ProgramData\Samsung
2014-12-11 10:40 - 2011-01-13 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG
2014-12-11 10:40 - 2010-05-10 11:36 - 00000000 ____D () C:\Program Files\Samsung
2014-12-11 10:40 - 2009-06-09 09:47 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-11 10:22 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-11 10:21 - 2013-07-12 20:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-02 19:32 - 2013-11-12 20:33 - 00074882 _____ () C:\Users\Username\Documents\EinnahmeAusgabe2014.xlsx
2014-11-28 21:55 - 2010-05-05 12:36 - 00000000 ____D () C:\Users\Username\AppData\Roaming\vlc
2014-11-22 13:19 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-21 21:07 - 2014-10-12 16:18 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-11-21 21:07 - 2013-06-14 20:18 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-16 11:47 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-11-16 10:29 - 2012-04-09 15:36 - 00000000 ____D () C:\Program Files\Photographerbook
2014-11-16 10:29 - 2010-05-05 10:21 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-16 10:24 - 2009-07-14 05:33 - 00415080 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 18:56 - 2012-04-24 20:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
Some content of TEMP:
====================
C:\Users\Username\AppData\Local\Temp\AskSLib.dll
C:\Users\Username\AppData\Local\Temp\avgnt.exe
C:\Users\Username\AppData\Local\Temp\DivXSetup.exe
C:\Users\Username\AppData\Local\Temp\install_7.exe
C:\Users\Username\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Username\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Username\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Username\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Username\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Username\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Username\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Username\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Username\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Username\AppData\Local\Temp\photographerbook.exe
C:\Users\Username\AppData\Local\Temp\Quarantine.exe
C:\Users\Username\AppData\Local\Temp\ready.exe
C:\Users\Username\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Username\AppData\Local\Temp\secuniasi1344266709273678357.dll
C:\Users\Username\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Username\AppData\Local\Temp\sqlite3.dll
C:\Users\Username\AppData\Local\Temp\starter.exe
C:\Users\Username\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Username\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Username\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Username\AppData\Local\Temp\vlc-2.1.5-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-11 13:00
==================== End Of Log ============================
--- --- --- |
|
12.12.2014, 10:19
| #4 |
| /// the machine /// TB-Ausbilder | Win 7 - Maleware Meldung von Avira und sehr langsames System direkt nach dem HochfahrenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.12.2014, 17:32
| #5 |
| | Win 7 - Maleware Meldung von Avira und sehr langsames System direkt nach dem Hochfahren ESET log.txt Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=159f92255584b840a0719c4d74694b22
# engine=21524
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-12 03:42:34
# local_time=2014-12-12 04:42:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 7108 283822244 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 44742745 170030145 0 0
# scanned=240042
# found=2
# cleaned=0
# scan_time=6208
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Username\Downloads\PDFCreator-1_7_1_setup.exe"
sh=FBBE31F08E493A8B0702FE72F3ABA6DF996E20C6 ft=1 fh=1055b3d0ea15ac02 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Username\Downloads\PDFCreator-1_7_2_setup.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.91 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 15.0.0.246 Adobe Reader XI Mozilla Firefox (33.1) Mozilla Thunderbird (24.6.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2014 Ran by Username (administrator) on PCName on 12-12-2014 17:09:34 Running from C:\Users\Username\Desktop Loaded Profile: Username (Available profiles: Username) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe () C:\Users\Username\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Don HO don.h@free.fr) C:\Program Files\Notepad++\notepad++.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor) HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [425984 2009-06-02] (TOSHIBA Electronics, Inc.) HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [136544 2009-05-19] (CANON INC.) HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION) HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION) HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2008-11-21] (TOSHIBA) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1011712 2009-04-23] (TOSHIBA Corporation) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-21] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.) HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-08-09] (InstallShield Software Corporation) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-21] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC) HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] () HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-2525799251-1302831337-2617014307-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-08-09] (InstallShield Software Corporation) HKU\S-1-5-21-2525799251-1302831337-2617014307-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) Startup: C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk ShortcutTarget: MLB.TV NexDef Plug-in.lnk -> C:\Users\Username\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe () Startup: C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2525799251-1302831337-2617014307-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG; HKU\S-1-5-21-2525799251-1302831337-2617014307-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> {8291C4DA-AE2C-490E-95D5-570278247243} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2525799251-1302831337-2617014307-1000 -> {8291C4DA-AE2C-490E-95D5-570278247243} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Winsock: Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation) Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation) Winsock: Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation) Winsock: Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation) Winsock: Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 28 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 29 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 30 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 31 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Winsock: Catalog9 32 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default FF DefaultSearchEngine: Ecosia FF SelectedSearchEngine: Ecosia FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\searchplugins\ecosia.xml FF SearchPlugin: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\searchplugins\imdb.xml FF SearchPlugin: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\searchplugins\leo-deu-ita.xml FF Extension: Avira Browser Safety - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\abs@avira.com [2014-12-11] FF Extension: German Dictionary - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-08] FF Extension: dp Launcher Plugin - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\dplauncher@digitalpublishing.de [2013-10-19] FF Extension: United States English Spellchecker - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-03-26] FF Extension: Print pages to PDF - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\printPages2Pdf@reinhold.ripper [2013-10-28] FF Extension: ProxTube - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11] FF Extension: Image Zoom - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-04-16] FF Extension: Pearl Crescent Page Saver Basic - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi [2013-10-28] FF Extension: Ecosia — The search engine that plants trees! - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2011-05-27] FF Extension: Adblock Plus - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-14] FF Extension: BetterPrivacy - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-04-22] FF Extension: Download Statusbar - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-10-29] FF Extension: Tab Mix Plus - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\e7knolbl.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-11] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-10] FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-08-25] FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2014-11-21] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-21] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) R2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA) R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION) R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [62776 2009-04-01] (TOSHIBA Corporation) R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-24] (TOSHIBA Corporation) [File not signed] R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation) [File not signed] R2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [656752 2009-04-15] (TOSHIBA Corporation) S3 WiselinkPro; C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [3007488 2010-02-17] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG) R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-30] (COMPAL ELECTRONIC INC.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation) R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [157536 2009-05-20] (Realtek Semiconductor Corp.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-20] (TOSHIBA Corporation) S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [485920 2008-11-11] (eMPIA Technology, Inc.) S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [45344 2008-11-11] (eMPIA Technology, Inc.) S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-12 17:08 - 2014-12-12 17:08 - 00000867 _____ () C:\Users\Username\Desktop\checkup.txt 2014-12-12 14:56 - 2014-12-12 14:56 - 00000000 ____D () C:\Program Files\ESET 2014-12-12 14:53 - 2014-12-12 14:53 - 02347384 _____ (ESET) C:\Users\Username\Desktop\esetsmartinstaller_deu.exe 2014-12-12 14:53 - 2014-12-12 14:53 - 00852490 _____ () C:\Users\Username\Desktop\SecurityCheck.exe 2014-12-11 15:39 - 2014-12-11 15:42 - 00000763 _____ () C:\Users\Username\Desktop\JRT.txt 2014-12-11 15:37 - 2014-12-11 15:37 - 00000000 ____D () C:\Windows\ERUNT 2014-12-11 15:36 - 2014-12-11 15:43 - 00001810 _____ () C:\Users\Username\Desktop\AdwCleaner[S0].txt 2014-12-11 15:10 - 2014-12-11 15:24 - 00000000 ____D () C:\AdwCleaner 2014-12-11 15:09 - 2014-12-11 15:09 - 00001300 _____ () C:\Users\Username\Desktop\mbam.txt 2014-12-11 14:17 - 2014-12-12 15:34 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-11 14:16 - 2014-12-11 14:16 - 00001072 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-11 14:16 - 2014-12-11 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-11 14:16 - 2014-12-11 14:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-11 14:16 - 2014-12-11 14:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-12-11 14:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-11 14:16 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-11 14:16 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-11 14:14 - 2014-12-11 14:15 - 01707646 _____ (Thisisu) C:\Users\Username\Desktop\JRT.exe 2014-12-11 14:14 - 2014-12-11 14:14 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Username\Desktop\mbam-setup-2.0.4.1028.exe 2014-12-11 14:14 - 2014-12-11 14:14 - 02166272 _____ () C:\Users\Username\Desktop\AdwCleaner_4.105.exe 2014-12-11 13:57 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-11 13:57 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-12-11 13:57 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-12-11 13:57 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-12-11 13:57 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-12-11 11:29 - 2014-12-11 11:31 - 00063416 _____ () C:\Users\Username\Desktop\AVSCAN-20141204-140728-C4428478.LOG 2014-12-11 11:27 - 2014-12-11 11:27 - 00004984 _____ () C:\Users\Username\Desktop\Gmer.txt 2014-12-11 10:48 - 2014-12-11 11:04 - 00028449 _____ () C:\Users\Username\Desktop\Addition.txt 2014-12-11 10:46 - 2014-12-12 17:09 - 00024273 _____ () C:\Users\Username\Desktop\FRST.txt 2014-12-11 10:46 - 2014-12-12 17:09 - 00000000 ____D () C:\FRST 2014-12-11 10:43 - 2014-12-11 10:54 - 00000480 _____ () C:\Users\Username\Desktop\defogger_disable.log 2014-12-11 10:43 - 2014-12-11 10:43 - 00000000 _____ () C:\Users\Username\defogger_reenable 2014-12-11 10:39 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-11 10:39 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-11 10:39 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-11 10:39 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-11 10:39 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-11 10:39 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-11 10:39 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-11 10:39 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-11 10:39 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-11 10:39 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-11 10:39 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-11 10:39 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-11 10:39 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-11 10:39 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-11 10:39 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-11 10:39 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-11 10:39 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-11 10:39 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-11 10:39 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-11 10:39 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-11 10:39 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-11 10:39 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-11 10:39 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-11 10:39 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-11 10:39 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-11 10:39 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-11 10:39 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-11 10:39 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-11 10:39 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-11 10:39 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-11 10:39 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-11 10:39 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-11 10:38 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-11 10:38 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-11 10:38 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-11 10:38 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-11 10:38 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-11 10:38 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-11 10:38 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-11 10:37 - 2014-12-11 10:37 - 00380416 _____ () C:\Users\Username\Desktop\Gmer-19357.exe 2014-12-11 10:36 - 2014-12-11 10:36 - 01111040 _____ (Farbar) C:\Users\Username\Desktop\FRST.exe 2014-12-11 10:30 - 2014-12-11 10:34 - 00050477 _____ () C:\Users\Username\Desktop\Defogger.exe 2014-12-04 17:36 - 2014-12-04 17:39 - 00031691 _____ () C:\Users\Username\Desktop\Neues Textdokument.txt 2014-11-21 21:12 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-21 21:12 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-21 21:11 - 2014-11-21 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-11-21 21:11 - 2014-11-21 21:11 - 00000000 ____D () C:\Program Files\QuickTime 2014-11-21 21:08 - 2014-11-21 21:08 - 00001761 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-11-21 21:08 - 2014-11-21 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-11-21 21:07 - 2014-11-21 21:08 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB 2014-11-21 21:07 - 2014-11-21 21:08 - 00000000 ____D () C:\Program Files\iTunes 2014-11-21 21:07 - 2014-11-21 21:07 - 00000000 ____D () C:\Program Files\iPod 2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL 2014-11-16 10:30 - 2014-11-16 10:30 - 00001002 _____ () C:\Users\Public\Desktop\Photographerbook.lnk 2014-11-16 10:30 - 2014-11-16 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photographerbook 2014-11-16 10:29 - 2014-11-16 10:29 - 00000000 ____D () C:\ProgramData\Photographerbook 2014-11-14 19:12 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-14 19:12 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-14 19:12 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-14 19:12 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-14 19:12 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-14 19:12 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-14 19:12 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-14 19:12 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-14 19:12 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-14 19:12 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-14 19:12 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-14 19:11 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-14 19:11 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-14 19:11 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-14 19:11 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-14 19:11 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-14 19:11 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-14 19:11 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-14 19:10 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-14 19:10 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-14 19:10 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-14 19:10 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-14 19:10 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-12 17:02 - 2012-03-30 06:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-12 14:45 - 2010-05-05 09:30 - 00016496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-12 14:45 - 2010-05-05 09:30 - 00016496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-12 14:42 - 2010-05-05 10:10 - 01421188 _____ () C:\Windows\WindowsUpdate.log 2014-12-12 14:37 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-12 14:37 - 2009-07-14 05:39 - 11578699 _____ () C:\Windows\setupact.log 2014-12-11 16:21 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2014-12-11 15:25 - 2010-05-05 09:56 - 00318734 _____ () C:\Windows\PFRO.log 2014-12-11 14:04 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-12-11 13:58 - 2009-06-09 10:35 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-11 13:56 - 2013-08-15 21:19 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-11 13:50 - 2010-05-16 10:47 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-11 12:02 - 2012-03-30 06:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-12-11 12:02 - 2012-03-30 06:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-12-11 10:43 - 2010-05-05 09:31 - 00000000 ____D () C:\Users\Username 2014-12-11 10:40 - 2013-07-24 21:30 - 00000000 ____D () C:\Users\Username\AppData\Roaming\Samsung 2014-12-11 10:40 - 2013-07-24 21:30 - 00000000 ____D () C:\Users\Username\AppData\Local\Samsung 2014-12-11 10:40 - 2013-07-24 21:08 - 00000000 ____D () C:\ProgramData\Samsung 2014-12-11 10:40 - 2011-01-13 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG 2014-12-11 10:40 - 2010-05-10 11:36 - 00000000 ____D () C:\Program Files\Samsung 2014-12-11 10:40 - 2009-06-09 09:47 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-12-11 10:22 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-12-11 10:21 - 2013-07-12 20:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-02 19:32 - 2013-11-12 20:33 - 00074882 _____ () C:\Users\Username\Documents\EinnahmeAusgabe2014.xlsx 2014-11-28 21:55 - 2010-05-05 12:36 - 00000000 ____D () C:\Users\Username\AppData\Roaming\vlc 2014-11-22 13:19 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-11-21 21:07 - 2014-10-12 16:18 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-11-21 21:07 - 2013-06-14 20:18 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-11-16 10:29 - 2012-04-09 15:36 - 00000000 ____D () C:\Program Files\Photographerbook 2014-11-16 10:29 - 2010-05-05 10:21 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-16 10:24 - 2009-07-14 05:33 - 00415080 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-14 18:56 - 2012-04-24 20:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service Some content of TEMP: ==================== C:\Users\Username\AppData\Local\Temp\AskSLib.dll C:\Users\Username\AppData\Local\Temp\avgnt.exe C:\Users\Username\AppData\Local\Temp\DivXSetup.exe C:\Users\Username\AppData\Local\Temp\install_7.exe C:\Users\Username\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe C:\Users\Username\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe C:\Users\Username\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe C:\Users\Username\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe C:\Users\Username\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\Username\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Users\Username\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Users\Username\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe C:\Users\Username\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe C:\Users\Username\AppData\Local\Temp\photographerbook.exe C:\Users\Username\AppData\Local\Temp\Quarantine.exe C:\Users\Username\AppData\Local\Temp\ready.exe C:\Users\Username\AppData\Local\Temp\RSPUpgradeInstaller.exe C:\Users\Username\AppData\Local\Temp\secuniasi1344266709273678357.dll C:\Users\Username\AppData\Local\Temp\SkypeSetup.exe C:\Users\Username\AppData\Local\Temp\sqlite3.dll C:\Users\Username\AppData\Local\Temp\starter.exe C:\Users\Username\AppData\Local\Temp\vlc-2.0.5-win32.exe C:\Users\Username\AppData\Local\Temp\vlc-2.0.8-win32.exe C:\Users\Username\AppData\Local\Temp\vlc-2.1.3-win32.exe C:\Users\Username\AppData\Local\Temp\vlc-2.1.5-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-11 13:00 ==================== End Of Log ============================ Das System scheint so wieder wie gewohnt zu starten und Programme lassen sich in gewohnter "Geschwindigkeit" öffnen. Sollte meinerseits nun noch irgendwas gelöscht werden, irgendwelche Quarantänen 'ausgeräuchert' werden; gerade im Hinblick auf die zwei Funde von ESET? Stehen noch weitere Therapien an oder gilt der Patientt als geheilt entlassen? Geändert von Romtom (12.12.2014 um 17:41 Uhr) |
|
13.12.2014, 15:33
| #6 |
| /// the machine /// TB-Ausbilder | Win 7 - Maleware Meldung von Avira und sehr langsames System direkt nach dem Hochfahren Download Ordner leeren. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Win 7 - Maleware Meldung von Avira und sehr langsames System direkt nach dem Hochfahren |
|
14.12.2014, 17:54
| #7 |
| | Win 7 - Maleware Meldung von Avira und sehr langsames System direkt nach dem Hochfahren Vielen Dank für die Hilfe. Ich habe die zuletzt genannten Schritte getan und es sieht so aus, als wenn das System wieder wie gewohnt reagiert. Ich denke damit ist meinerseits alles unklare geklärt. |
|
14.12.2014, 23:46
| #8 |
| /// the machine /// TB-Ausbilder | Win 7 - Maleware Meldung von Avira und sehr langsames System direkt nach dem Hochfahren Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Win 7 - Maleware Meldung von Avira und sehr langsames System direkt nach dem Hochfahren |
| appl/yabector.gen5, canon, converter, exp/11-3544.ew, exp/java.ternub.gen, fehlercode 0xc0000006, fehlercode windows, flash player, hdd0(c:, programfilesdir/ebayshortcuts.exe, pup.optional.conduit.a, security, svchost.exe, tr/downloader.gen7, win32/installmonetizer.aq |
Linear-Darstellung
