| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Freier Festplattenspeicher wird immer wenigerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.03.2015, 18:51
| #1 |
 |  Freier Festplattenspeicher wird immer weniger Hey =) Weiß vor Schreck erstmal nicht wohin und hoffe, ich bin hier richtig. Meine Festplatte verliert langsam immer mehr Speicher und ich finde als Laie einfach keine Antwort darauf. Mir ist vor einiger Zeit aufgefallen, das plötzlich zu viel Speicher fehlte (Von 149GB waren sonst immer minimal 60GB frei, jetzt sind es bald nur noch 20GB). Die letzten beiden Defragmentierungen machten das nicht besser. Die Datenträgerbereinigung bringt auch nichts, weil theoretisch meist nur um die 1GB frei wird, aber Dateien wie z.B. die Debug Dump Files verschwinden einfach nicht. Mit "TreeSize" wollte ich wissen, was so viel Speicher frisst, aber ich bekam nur belegte 76GB, auf den Rest wurde der Zufriff verweigert. Als ich heute gesehen habe, dass mein Antivirenprogramm deaktiviert war, wurde mir der Zugriff verweigert, als ich den Echtzeitscan und die Updates wieder aktivieren wollte. Nach einer erneuten Installation und nach dem ändern der Einstellungen in der Konfiguration ging beides aber wieder. Ich weiß eben nicht wie ich das ganze angehen soll, aber es würde schon helfen zu wissen, ob sich dahinter irgendein Schädling verbirgt oder nicht. Hoffentlich kann mir jemand weiterhelfen, vorab schonmal ein fettes Danke =) |
|
04.03.2015, 18:58
| #2 |
| /// the machine /// TB-Ausbilder    | Freier Festplattenspeicher wird immer weniger hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
04.03.2015, 19:17
| #3 |
| | Freier Festplattenspeicher wird immer weniger FRST.txt:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015
Ran by sandy (administrator) on SANDY-TOSHI on 04-03-2015 19:10:50
Running from C:\Users\sandy\Desktop
Loaded Profiles: sandy (Available profiles: sandy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Tablet Driver) C:\Windows\SysWOW64\WTClient.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505768 2010-05-25] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-15] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [WTClient] => C:\Windows\SysWOW64\WTClient.exe [32768 2009-08-20] (Tablet Driver)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe [61440 2006-09-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-02-25] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\...\Run: [Google Update] => C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-03] (Google Inc.)
HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM -> {56D29AEA-DB7C-466D-86B2-25EE7D0A7D65} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {BB9BF943-36AC-46D3-B526-CAB3C8E8FBA2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000 -> DefaultScope {56D29AEA-DB7C-466D-86B2-25EE7D0A7D65} URL =
SearchScopes: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000 -> {0E61CED6-8623-48AC-8FF6-B73BA19BAEE7} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000 -> {56D29AEA-DB7C-466D-86B2-25EE7D0A7D65} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
DPF: HKLM-x32 {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx
DPF: HKLM-x32 {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx
DPF: HKLM-x32 {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\sandy\AppData\Roaming\Mozilla\Firefox\Profiles\j8twzhfc.default-1394097801468
FF DefaultSearchEngine: LEO Eng-Deu
FF SelectedSearchEngine: LEO Eng-Deu
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2990021915-2304927789-3911982604-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\sandy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-2990021915-2304927789-3911982604-1000: @tools.google.com/Google Update;version=3 -> C:\Users\sandy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2990021915-2304927789-3911982604-1000: @tools.google.com/Google Update;version=9 -> C:\Users\sandy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: YouTube™ Flash® Player - C:\Users\sandy\AppData\Roaming\Mozilla\Firefox\Profiles\j8twzhfc.default-1394097801468\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2015-02-02]
FF Extension: Photobucket Uploader - C:\Users\sandy\AppData\Roaming\Mozilla\Firefox\Profiles\j8twzhfc.default-1394097801468\Extensions\pbupload@photobucket.com.xpi [2014-06-03]
FF Extension: YesScript - C:\Users\sandy\AppData\Roaming\Mozilla\Firefox\Profiles\j8twzhfc.default-1394097801468\Extensions\yesscript@userstyles.org.xpi [2014-06-06]
FF Extension: NoScript - C:\Users\sandy\AppData\Roaming\Mozilla\Firefox\Profiles\j8twzhfc.default-1394097801468\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-08]
FF Extension: Adblock Plus - C:\Users\sandy\AppData\Roaming\Mozilla\Firefox\Profiles\j8twzhfc.default-1394097801468\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-08]
Chrome:
=======
CHR Profile: C:\Users\sandy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-22]
CHR Extension: (Avira Browser Safety) - C:\Users\sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-09]
CHR Extension: (Google Wallet) - C:\Users\sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22]
CHR Extension: (Minecraft Diamond Block) - C:\Users\sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgcgodlpmjclfncgiejflbkjigfhhkp [2014-12-03]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-02-25] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-02-25] (Avira Operations GmbH & Co. KG)
S3 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2008-06-13] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2723840 2008-06-13] (Firebird Project) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)
S4 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [73728 2009-09-23] (Tablet Driver) [File not signed]
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [277904 2014-01-09] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [228000 2014-01-09] (Protect Software GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-02-25] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-07] (Emsisoft GmbH)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-04] (Malwarebytes Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 ALSysIO; \??\C:\Users\sandy\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-04 19:10 - 2015-03-04 19:12 - 00019080 _____ () C:\Users\sandy\Desktop\FRST.txt
2015-03-04 19:10 - 2015-03-04 19:10 - 00000000 ____D () C:\FRST
2015-03-04 19:03 - 2015-03-04 19:03 - 02093056 _____ (Farbar) C:\Users\sandy\Desktop\FRST64.exe
2015-03-04 19:02 - 2015-03-04 19:03 - 00000000 ____D () C:\Users\sandy\Desktop\MÖP
2015-03-04 17:45 - 2015-03-04 17:45 - 00003544 ____N () C:\bootsqm.dat
2015-03-04 10:05 - 2015-03-04 10:02 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-04 10:01 - 2015-03-04 10:01 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\Avira
2015-03-04 09:59 - 2015-03-04 09:59 - 00002077 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-03-04 09:59 - 2015-03-04 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-04 09:58 - 2015-03-04 09:58 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-04 09:58 - 2015-02-25 17:53 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-04 09:58 - 2015-02-25 17:53 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-04 09:58 - 2015-02-25 17:53 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-04 09:07 - 2015-03-04 09:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-04 09:07 - 2015-03-04 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-03-04 09:07 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-04 09:07 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-04 09:07 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-03 22:15 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 22:15 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 22:15 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 22:15 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-02 14:49 - 2015-03-02 14:50 - 00000000 ___RD () C:\Users\sandy\Desktop\Bewerbung
2015-03-01 20:35 - 2015-03-01 20:35 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\JAM Software
2015-02-28 18:54 - 2015-02-28 18:54 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\Opera
2015-02-27 13:22 - 2015-03-02 21:58 - 00000000 ___RD () C:\Users\sandy\Desktop\Portfolio
2015-02-26 13:26 - 2015-03-02 17:18 - 00000000 ___RD () C:\Users\sandy\Desktop\Scan
2015-02-26 13:10 - 2015-03-03 13:57 - 00000000 ___RD () C:\Users\sandy\Desktop\Project
2015-02-26 13:10 - 2015-02-26 13:10 - 00000000 ___RD () C:\Users\sandy\Desktop\Literature
2015-02-26 12:57 - 2015-03-02 21:57 - 00000000 ___RD () C:\Users\sandy\Desktop\ART
2015-02-26 12:45 - 2015-03-01 19:01 - 00000000 ___RD () C:\Users\sandy\Desktop\Fundus
2015-02-25 18:39 - 2015-02-25 21:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-25 10:00 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 10:00 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-16 20:18 - 2015-02-27 14:24 - 00000000 ___RD () C:\Users\sandy\Desktop\Musik
2015-02-12 10:57 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 10:57 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 10:57 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 10:57 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 09:49 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 09:49 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 09:49 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:49 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:49 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 09:49 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 09:49 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:49 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:49 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 09:49 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 09:49 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:49 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 09:49 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:49 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:49 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 09:49 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 09:49 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 09:49 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 09:49 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:49 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 09:49 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 09:49 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 09:49 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:49 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 09:49 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 09:49 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 09:49 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:49 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 09:49 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 09:49 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 09:49 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 09:49 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 09:49 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:49 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 09:49 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:49 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 09:49 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 09:49 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:49 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 09:49 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 09:49 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 09:49 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 09:49 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:49 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 09:49 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 09:49 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 09:49 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 09:49 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:49 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 09:49 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 09:49 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 09:49 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 09:45 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 09:45 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 09:45 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 09:45 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 09:45 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 09:45 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 09:45 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 09:45 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 09:45 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 09:45 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 09:45 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 09:45 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 09:45 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 09:45 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 09:45 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 09:44 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 09:44 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 09:44 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 09:44 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 09:44 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 09:44 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 09:44 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 09:41 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 09:41 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 09:40 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 09:40 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 09:40 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 09:40 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 09:40 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 09:40 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 09:40 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 09:40 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 09:40 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 09:40 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 09:40 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 09:40 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 09:40 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 09:40 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 09:40 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 09:40 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 09:40 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 09:40 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 09:40 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 09:40 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 09:40 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 09:40 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 09:40 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 09:40 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 09:39 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 09:39 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 09:39 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 09:39 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 09:39 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 09:37 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 09:37 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 09:37 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 09:37 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 09:37 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 09:37 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 09:37 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 09:37 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 09:37 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 09:36 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 11:53 - 2015-02-10 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG MAKER VX Ace Lite
2015-02-09 10:58 - 2015-02-09 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CountdownTimer
2015-02-03 20:04 - 2015-02-03 20:04 - 00002096 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2015-02-03 20:00 - 2015-02-03 20:00 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 5.0.lnk
2015-02-03 17:45 - 2015-02-03 17:45 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\Thunderbird
2015-02-03 17:45 - 2015-02-03 17:45 - 00000000 ____D () C:\Users\sandy\AppData\Local\Thunderbird
2015-02-03 11:50 - 2015-03-03 10:03 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\TIPP10
2015-02-03 11:50 - 2015-02-03 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIPP10
2015-02-03 11:50 - 2015-02-03 11:50 - 00000000 ____D () C:\Program Files (x86)\Tipp10
2015-02-03 08:49 - 2015-02-03 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-03 08:48 - 2015-02-03 08:49 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-02-03 08:48 - 2015-02-03 08:48 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-02-02 22:18 - 2015-02-11 23:35 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-02 11:01 - 2015-03-04 19:10 - 00000000 ____D () C:\Users\sandy\Desktop\temp
2015-02-02 10:01 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-02 10:01 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-02-02 10:01 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-02 10:01 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-02-02 10:01 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-02-02 10:01 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-02-02 10:01 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-02-02 10:01 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-02-02 10:01 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-02-02 10:01 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-04 19:09 - 2014-04-28 09:12 - 00000000 ___RD () C:\Users\sandy\Desktop\Download
2015-03-04 19:02 - 2014-11-08 18:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-04 18:52 - 2010-10-18 16:02 - 02030125 _____ () C:\Windows\WindowsUpdate.log
2015-03-04 18:51 - 2014-06-25 11:23 - 00000000 ___RD () C:\Users\sandy\Desktop\Potpourri
2015-03-04 18:15 - 2014-07-03 08:12 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA.job
2015-03-04 17:55 - 2009-07-14 05:45 - 00019024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 17:55 - 2009-07-14 05:45 - 00019024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 17:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-04 17:46 - 2009-07-14 05:51 - 00207444 _____ () C:\Windows\setupact.log
2015-03-04 16:03 - 2010-12-31 20:35 - 41389568 ___SH () C:\Users\sandy\Desktop\Thumbs.db
2015-03-04 16:00 - 2010-10-18 16:13 - 00889862 _____ () C:\Windows\PFRO.log
2015-03-04 14:37 - 2012-06-14 19:26 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA.job
2015-03-04 11:31 - 2014-05-26 15:23 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1295CCAB-3554-4985-B317-5FB7B1201FBA}
2015-03-04 09:58 - 2013-08-01 09:48 - 00000000 ____D () C:\ProgramData\Avira
2015-03-04 09:15 - 2014-07-03 08:12 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core.job
2015-03-04 05:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-03-03 17:37 - 2012-06-14 19:26 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core.job
2015-03-03 15:12 - 2010-12-24 20:05 - 00000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2015-03-03 15:12 - 2010-12-24 20:05 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\CorelHomeOffice
2015-03-03 14:45 - 2013-02-08 23:45 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\Skype
2015-03-02 14:37 - 2009-07-14 18:58 - 00788626 _____ () C:\Windows\system32\perfh007.dat
2015-03-02 14:37 - 2009-07-14 18:58 - 00182438 _____ () C:\Windows\system32\perfc007.dat
2015-03-02 14:37 - 2009-07-14 06:13 - 01846800 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-02 10:19 - 2012-12-26 13:53 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-03-01 15:52 - 2011-01-04 19:03 - 00000000 ____D () C:\Users\sandy\AppData\Local\Paint.NET
2015-03-01 11:29 - 2013-10-25 16:30 - 00000000 ___RD () C:\Users\sandy\Desktop\Programme
2015-02-28 18:54 - 2010-12-24 19:33 - 00000000 ____D () C:\Users\sandy\AppData\Local\VirtualStore
2015-02-26 06:39 - 2012-10-07 18:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-25 20:17 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-24 11:01 - 2012-01-08 15:15 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\.minecraft
2015-02-24 10:09 - 2014-03-03 00:22 - 00000000 ____D () C:\Users\Public\Documents\My DAZ 3D Library
2015-02-21 21:38 - 2014-02-04 19:02 - 00000000 ___RD () C:\Users\sandy\Dropbox
2015-02-12 08:51 - 2009-07-14 05:45 - 00299472 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 23:35 - 2014-05-06 23:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 10:18 - 2014-04-08 23:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 10:03 - 2014-04-08 23:12 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 11:56 - 2014-11-08 19:20 - 00003011 _____ () C:\Windows\SecuniaPackage.log
2015-02-05 10:02 - 2014-11-08 18:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 10:02 - 2014-11-08 18:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 10:02 - 2014-11-08 18:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 09:10 - 2014-07-03 08:12 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA
2015-02-05 09:10 - 2014-07-03 08:12 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core
2015-02-04 13:46 - 2010-12-27 13:39 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\xVideoServiceThief
2015-02-03 22:44 - 2014-11-11 09:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-03 22:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-03 20:04 - 2010-12-24 19:34 - 00071736 _____ () C:\Users\sandy\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-03 20:04 - 2010-08-31 17:38 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-03 19:57 - 2010-12-24 22:59 - 00000209 _____ () C:\Windows\ODBCINST.INI
2015-02-03 08:49 - 2012-06-03 13:05 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\DVDVideoSoft
2015-02-03 08:04 - 2012-10-07 18:36 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-02 22:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-02 19:16 - 2011-05-21 20:40 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\SoftGrid Client
==================== Files in the root of some directories =======
2013-01-06 10:38 - 2013-01-06 10:38 - 0036035 _____ () C:\Users\sandy\AppData\Roaming\fotobuch-cache7.xml
2013-01-06 10:38 - 2013-01-06 10:38 - 0389336 _____ () C:\Users\sandy\AppData\Roaming\fotobuch-tcache.xml
2013-01-06 10:38 - 2013-01-06 10:39 - 0001410 _____ () C:\Users\sandy\AppData\Roaming\fotobuch.xml
2013-07-27 23:23 - 2014-11-06 11:47 - 0000129 _____ () C:\Users\sandy\AppData\Roaming\WB.CFG
2013-06-16 11:24 - 2013-06-16 11:24 - 0000005 _____ () C:\Users\sandy\AppData\Roaming\WBPU-Q-TTL.DAT
2013-06-17 07:23 - 2013-06-22 09:31 - 0000005 _____ () C:\Users\sandy\AppData\Roaming\WBPU-Q2-TTL.DAT
2013-06-16 11:24 - 2014-01-26 08:31 - 0000005 _____ () C:\Users\sandy\AppData\Roaming\WBPU-TTL.DAT
2013-03-26 19:37 - 2013-03-26 19:37 - 0003584 _____ () C:\Users\sandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-12-27 23:14 - 2010-12-27 23:14 - 0007605 _____ () C:\Users\sandy\AppData\Local\Resmon.ResmonCfg
2008-05-23 16:48 - 2008-05-23 16:48 - 0020270 _____ () C:\ProgramData\DeviceInstaller.xml
2008-06-23 12:02 - 2008-06-23 12:02 - 0097410 ____R () C:\ProgramData\DeviceManager.xml.rc4
2010-12-28 14:50 - 2010-12-30 11:27 - 0000541 _____ () C:\ProgramData\hpzinstall.log
2010-12-24 20:05 - 2015-03-03 15:12 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
Some content of TEMP:
====================
C:\Users\sandy\AppData\Local\Temp\avgnt.exe
C:\Users\sandy\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-31 18:05
==================== End Of Log ============================
--- --- --- Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015
Ran by sandy at 2015-03-04 19:13:13
Running from C:\Users\sandy\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AGEIA PhysX v7.11.13 (HKLM-x32\...\{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}) (Version: 7.11.13 - AGEIA Technologies, Inc.)
Alice Madness Returns (HKLM-x32\...\{93A3AB24-36E8-41BA-80C6-CCEC237836DC}) (Version: 1.0.0.0 - Electronic Arts)
ATI Catalyst Install Manager (HKLM\...\{B6DB58D2-E7E8-5B0F-65F8-B76713C0AF75}) (Version: 3.0.786.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.650 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version: - )
ccc-core-static (x32 Version: 2010.0727.2126.36625 - Ihr Firmenname) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
CLIP STUDIO PAINT (HKLM-x32\...\{E4F184C1-E62E-44F0-B142-AB6197490834}) (Version: 1.3.8 - CELSYS)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Home Office - IPM (x32 Version: 5.4 - Corel Corporation) Hidden
Corel Home Office - Launcher (x32 Version: 5.4 - Corel Corporation) Hidden
Corel Home Office - Templates1 (x32 Version: 5.4 - Your Company Name) Hidden
Corel Home Office (HKLM-x32\...\_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}) (Version: - Corel Corporation)
Corel Home Office (x32 Version: 5.4 - Corel Corporation) Hidden
CountdownTimer (HKLM-x32\...\{9F6FD613-2AE7-4C66-88E8-C54223367573}) (Version: 1.0.5 - Engineforce)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.0.1.115) (Version: 1.0.1.115 - DAZ 3D)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
Firebird 2.1.1.17910 (Win32) (HKLM-x32\...\FBDBServer_2_1_is1) (Version: 2.1.1.17910 - Firebird Project)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
Google Chrome (HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
hp deskjet 5550 series (nur entfernen) (HKLM-x32\...\hp deskjet 5550 series) (Version: - )
hp print screen utility (HKLM-x32\...\hp print screen utility) (Version: - )
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Jewel Quest II (x32 Version: 2.2.0.82 - WildTangent) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.2 - LG Electronics)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Might and Magic® VI (HKLM-x32\...\Might and Magic® VI) (Version: - )
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyTube BigPack Internet Recorder 3 (HKLM-x32\...\{E37AC1FF-03EE-4AE3-0001-E55B0BCCABE0}) (Version: 3.0.9.903 - S.A.D.)
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Paint.NET v3.5.6 (HKLM\...\{639673E9-D53F-44F4-A046-485C8A6ADA16}) (Version: 3.56.0 - dotPDN LLC)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
ProtectDisc Helper Driver 10 (HKLM-x32\...\ProtectDisc Driver 10) (Version: 10.0.0.3 - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
RPG MAKER VX Ace Lite (HKLM-x32\...\RPGVXAceLite_E_is1) (Version: 1.01b - Enterbrain)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
StuntRally (HKLM-x32\...\StuntRally) (Version: 1.1 - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions)
Tomb Raider: Anniversary 1.0 (HKLM-x32\...\Tomb Raider: Anniversary) (Version: - )
Tomb Raider: Legend 1.0 (HKLM-x32\...\Tomb Raider: Legend) (Version: - )
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{E0FAA369-B0E3-48B8-9447-4873103B0012}) (Version: 8.0.33 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.10C - Ihr Firmenname)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.27C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.11 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.09.0001 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
Toshiba TEMPRO (HKLM-x32\...\{DBB7021A-3437-446F-ACE5-7261644A972C}) (Version: 3.33 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.14.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
upapp (HKLM-x32\...\{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}) (Version: 0.20.0000 - Hewlett-Packard)
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
Vodafone Mobile Connect Lite (HKLM-x32\...\{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}) (Version: 9.3.3.10523 - Vodafone)
WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
yWriter5 (HKLM-x32\...\yWriter5_is1) (Version: - Spacejock Software)
Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\sandy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\sandy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\sandy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
08-11-2014 18:46:45 Ende der Bereinigung
08-11-2014 20:01:47 avast! antivirus system restore point
08-11-2014 21:03:39 avast! antivirus system restore point
08-11-2014 21:51:30 Removed Jables Adventure.
13-11-2014 10:00:23 Windows Update
20-11-2014 10:00:20 Windows Update
03-12-2014 11:15:48 Installed CLIP STUDIO PAINT
03-12-2014 14:21:48 Adobe Photoshop Elements 5.0 wird installiert
31-01-2015 18:13:05 Geplanter Prüfpunkt
01-02-2015 10:00:21 Windows Update
02-02-2015 10:00:26 Windows Update
03-02-2015 10:00:19 Windows Update
03-02-2015 19:56:56 Adobe Photoshop Elements 5.0 wird installiert
04-02-2015 10:00:18 Windows Update
09-02-2015 10:57:23 Installed CountdownTimer
11-02-2015 10:00:36 Windows Update
12-02-2015 22:56:01 Windows Update
25-02-2015 10:00:22 Windows Update
01-03-2015 11:27:46 Removed xVideoServiceThief
03-03-2015 23:13:42 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-11-05 16:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02878DEA-46AA-42FA-A5BB-5A62089A3615} - System32\Tasks\{0EB315D0-ACB5-4115-9F00-DAF2DE266E5F} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
Task: {143498AB-4AAF-4D75-ADE4-B119DDE5B97D} - System32\Tasks\{60948FDD-FF8B-4A1A-9862-58745CDA102A} => D:\Vampire - The Masquerade Bloodlines\vampire.exe
Task: {15E172F0-C203-4191-910C-97D5D00D97AA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core => C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-03] (Google Inc.)
Task: {19DD82D1-3259-4E43-878B-25AF9D0DF632} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-06-03] (TOSHIBA CORPORATION)
Task: {1EE63007-6720-440B-B709-AA3DAE08E5DD} - System32\Tasks\{CB2921A1-7AA3-476F-A89C-6A556BBD567C} => pcalua.exe -a C:\Users\sandy\Desktop\Programme\OpenOfficePortable\OpenOfficeWriterPortable.exe -d C:\Users\sandy\Desktop\Programme\OpenOfficePortable
Task: {20B677DB-1A9D-43BC-9F81-375098987377} - System32\Tasks\{6E444F10-3212-45B4-8FB9-51352589F805} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
Task: {23A95DAA-AA68-4AFE-90CA-A9919EF02C38} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core => C:\Users\sandy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {3843AAC9-C990-4D1E-8DA1-BF0AE1CB2F58} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {414B773E-17B3-4568-BDF0-1CDE12FA4DC8} - System32\Tasks\{085C1A24-7BDF-4249-964E-5311A1988616} => E:\Support\AutoRun\AutoRun.exe
Task: {419C01D0-8721-4BFC-A3C6-22FA6103C99A} - System32\Tasks\{8DBF4F57-4509-42F1-868F-09BC8C3B7CC0} => D:\Vampire - The Masquerade Bloodlines\vampire.exe
Task: {4BE7C574-8626-46EB-83BC-31373DD16CD1} - System32\Tasks\{FE765164-514A-4DDE-89B2-CE92A2FFED6B} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
Task: {50390407-81D3-4AE7-A7F1-E546FC3C037E} - System32\Tasks\{A053FF43-97E0-45CB-A291-BA48E29D7870} => Firefox.exe hxxp://ui.skype.com/ui/0/6.21.0.104/de/abandoninstall?page=tsProgressBar
Task: {50897587-2D3C-4460-BF2A-1321A7233EE0} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {5FC924F4-9561-46FA-B32C-B62EFAEAEE2E} - System32\Tasks\{F5E0BD3C-E951-40C8-BADA-C37072759FD4} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}\setup.exe" -d "C:\Program Files (x86)\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}"
Task: {77AEA1FD-14A8-4AD5-BCF6-EB869F742516} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA => C:\Users\sandy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {7947ADEF-3239-46E2-9148-23C6AD88BCC8} - System32\Tasks\{1CA0A19C-0578-4CC3-B3A6-F65048112E3E} => pcalua.exe -a C:\Users\sandy\Desktop\Programme\OpenOfficePortable\OpenOfficeCalcPortable.exe -d C:\Users\sandy\Desktop\Programme\OpenOfficePortable
Task: {7952071B-D277-4E12-8A50-F106B91F5D9B} - System32\Tasks\Tomb Raider - Underworld => C:\Program Files (x86)\Eidos\Tomb Raider - Underworld\TRU.exe
Task: {7B10BED2-E3A5-48D8-A8EA-4ECF989CE4E9} - System32\Tasks\{F54398D5-7EBA-4516-A009-97E3BB0F60B5} => C:\Program Files (x86)\Activision\Vampire - Bloodlines\vampire.exe
Task: {7FA4C4DD-C221-4B36-A83F-E7A4DF74335E} - System32\Tasks\{45C8487D-074A-42F5-8A1B-5B9882F60799} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.1.0.129.272&LastError=12002
Task: {9077F692-060B-42D0-BAAC-EA0526F726B2} - System32\Tasks\{151C426D-286B-3F19-3471-A60076084118} => C:\Users\sandy\AppData\Roaming\adobe\acrobat\9.0\collab\rvystmw.exe
Task: {9A65F8B5-DDAA-4615-9334-B99CF0C990D0} - System32\Tasks\{912ED8E0-2B36-4EAE-958C-0D89A02DC18F} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2.exe
Task: {9C7F1901-57CD-47C0-807C-8D3BB1F5802A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA => C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-03] (Google Inc.)
Task: {A51265C1-4C7B-4F2D-9980-DC8627211BD6} - System32\Tasks\{5A86E3CE-0782-411A-87AB-A4A4AD3D4C06} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
Task: {A8A210BA-B958-47FF-BD8F-C07CA32658E1} - System32\Tasks\{16E8E79F-514A-4585-BB09-4787CFCC0BBD} => Firefox.exe hxxp://ui.skype.com/ui/0/6.18.60.106/de/abandoninstall?page=tsMain
Task: {BB592FE7-09E8-4821-9556-C2737EB0F66D} - System32\Tasks\{FA25E002-9A37-4A7C-A03E-1304619F0EA4} => pcalua.exe -a E:\Autorun.exe -d E:\
Task: {C868513B-4C2C-4AD4-902B-685A0E8C6678} - System32\Tasks\{80748112-1ED5-45D3-A7AF-17DA2207CAAA} => pcalua.exe -a "D:\Fotopuzzle\Mein Foto-Puzzle.exe" -d D:\Fotopuzzle
Task: {E56CCA65-6B73-45CE-AD13-F44A900CFE95} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {E976C66F-634D-4E2E-ABB3-40465F3E2D27} - System32\Tasks\{5A7A36FD-FF41-41A2-AEEC-A53AD2D7C8C1} => pcalua.exe -a "C:\Users\sandy\Desktop\Programme ^-^\OpenOfficePortable\OpenOfficeBasePortable.exe" -d "C:\Users\sandy\Desktop\Programme ^-^\OpenOfficePortable"
Task: {F253352F-30D6-4174-A96B-8792580909A1} - System32\Tasks\{260E29CD-D312-414C-8752-8C24BF06633F} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
Task: {F75E59C6-7854-4E16-90B6-23DD5BDC6F59} - System32\Tasks\{62253F11-B7C4-40FF-9B51-07C2B4C5C9DD} => pcalua.exe -a E:\setup.exe -d E:\
Task: {F7F548A4-8125-401E-B8FA-6142C4EB4A47} - System32\Tasks\{CB67930E-5AF4-472C-B754-B80A828A6F13} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core.job => C:\Users\sandy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA.job => C:\Users\sandy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core.job => C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA.job => C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2006-09-14 07:56 - 2006-09-14 07:56 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2012-12-26 13:53 - 2010-04-05 20:55 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2010-04-07 15:07 - 2010-04-07 15:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 12:26 - 2009-11-03 12:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 13:15 - 2010-03-03 13:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 13:15 - 2010-03-03 13:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-08-31 17:31 - 2010-08-31 14:21 - 00017272 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 15:38 - 2009-07-25 15:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-10-13 09:00 - 2009-10-13 09:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-07-27 20:25 - 2010-07-27 20:25 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-02-05 16:44 - 2010-02-05 16:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2009-09-11 18:10 - 2009-09-11 18:10 - 00266752 _____ () C:\Windows\system32\WinTab32.DLL
2009-09-11 18:10 - 2009-09-11 18:10 - 00200704 _____ () C:\Windows\SysWOW64\WinTab32.DLL
2015-02-03 08:04 - 2015-01-23 11:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\sandy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^sandy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: Facebook Update => "C:\Users\sandy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: WidgetAlarm => C:\Program Files (x86)\e-load\Tiefpreisalarm\Tiefpreisalarm.exe
==================== Accounts: =============================
Administrator (S-1-5-21-2990021915-2304927789-3911982604-500 - Administrator - Disabled)
Gast (S-1-5-21-2990021915-2304927789-3911982604-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2990021915-2304927789-3911982604-1002 - Limited - Enabled)
sandy (S-1-5-21-2990021915-2304927789-3911982604-1000 - Administrator - Enabled) => C:\Users\sandy
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/04/2015 05:39:43 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.Ser...
Error: (03/03/2015 05:40:41 PM) (Source: Google Update) (EventID: 20) (User: sandy-toshi)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (03/02/2015 08:15:39 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (03/01/2015 08:28:15 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (02/28/2015 08:39:20 PM) (Source: Google Update) (EventID: 20) (User: sandy-toshi)
Description: Network Request Error.
Error: 0x80040880. Http status code: 200.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request ret
Error: (02/26/2015 06:41:52 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.Ser...
Error: (02/23/2015 07:50:14 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Das Zeitlimit für den Vorgang wurde erreicht.
Error: (02/22/2015 11:40:14 AM) (Source: Google Update) (EventID: 20) (User: sandy-toshi)
Description: Network Request Error.
Error: 0x80040880. Http status code: 200.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request ret
Error: (02/22/2015 08:39:14 AM) (Source: Google Update) (EventID: 20) (User: sandy-toshi)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (02/22/2015 08:11:11 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
System errors:
=============
Error: (03/04/2015 04:07:35 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "WINDOWS" den Befehl "chkdsk" aus.
Error: (03/04/2015 04:07:29 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "WINDOWS" den Befehl "chkdsk" aus.
Error: (03/04/2015 04:07:21 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "WINDOWS" den Befehl "chkdsk" aus.
Error: (03/04/2015 04:02:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (03/04/2015 04:02:07 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{87690C63-67B0-4F14-AD02-05A74B7892BF}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/04/2015 03:12:30 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{87690C63-67B0-4F14-AD02-05A74B7892BF}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/04/2015 09:33:31 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%303.
Error: (03/04/2015 09:04:56 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%303.
Error: (03/04/2015 09:03:12 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%303.
Error: (03/04/2015 09:02:41 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%303.
Microsoft Office Sessions:
=========================
Error: (03/04/2015 05:39:43 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.Ser...
Error: (03/03/2015 05:40:41 PM) (Source: Google Update) (EventID: 20) (User: sandy-toshi)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (03/02/2015 08:15:39 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (03/01/2015 08:28:15 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (02/28/2015 08:39:20 PM) (Source: Google Update) (EventID: 20) (User: sandy-toshi)
Description: Network Request Error.
Error: 0x80040880. Http status code: 200.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request ret
Error: (02/26/2015 06:41:52 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.Ser...
Error: (02/23/2015 07:50:14 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Das Zeitlimit für den Vorgang wurde erreicht.
Error: (02/22/2015 11:40:14 AM) (Source: Google Update) (EventID: 20) (User: sandy-toshi)
Description: Network Request Error.
Error: 0x80040880. Http status code: 200.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request ret
Error: (02/22/2015 08:39:14 AM) (Source: Google Update) (EventID: 20) (User: sandy-toshi)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (02/22/2015 08:11:11 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
CodeIntegrity Errors:
===================================
Date: 2014-11-05 16:13:41.087
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-05 16:13:39.948
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II P340 Dual-Core Processor
Percentage of memory in use: 49%
Total physical RAM: 3835.69 MB
Available physical RAM: 1950.34 MB
Total Pagefile: 7669.57 MB
Available Pagefile: 5425.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:149.04 GB) (Free:23.15 GB) NTFS
Drive d: (Data) (Fixed) (Total:148.65 GB) (Free:120.76 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 40FECE23)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=148.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
05.03.2015, 07:14
| #4 |
| /// the machine /// TB-Ausbilder | Freier Festplattenspeicher wird immer weniger TreeSize Free - Download - Filepony Laden und laufen lassen, wenn die Analyse der Platte fertig ist bitte einen Screenshot machen und hier anhängen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.03.2015, 08:28
| #5 |
| | Freier Festplattenspeicher wird immer weniger Check  |
|
05.03.2015, 10:49
| #6 |
| /// the machine /// TB-Ausbilder | Freier Festplattenspeicher wird immer weniger Nochmal öffnen, vor dem User Ordner auf den Pfeil drücken, also aufklappen. Dann immer weiter den Bereich aufklappen der viel Speicher braucht, bis zum letzten Punkt, davon nochmal nen Screenshot.
__________________ --> Freier Festplattenspeicher wird immer weniger |
|
05.03.2015, 16:39
| #7 |
| | Freier Festplattenspeicher wird immer weniger So hier? |
|
06.03.2015, 10:12
| #8 |
| /// the machine /// TB-Ausbilder | Freier Festplattenspeicher wird immer weniger Räum mal deinen Desktop auf 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.03.2015, 13:38
| #9 |
| | Freier Festplattenspeicher wird immer weniger Ich hab jetzt den Großteil vom Desktop auf D:\ verschoben (wenn das so besser ist?) Danach waren aber immer nur noch ca. 40GB frei. Keine Ahnung warum ich dachte, eine Defragmentierung würde helfen, jetzt sind es wieder nur rund 24GB. Ich steig da echt nicht dahinter. Es scheint ja nichts schwerwiegendes zu sein, da möchte ich ungern deine freie Zeit weiter beanspruchen  |
|
07.03.2015, 18:47
| #10 |
| /// the machine /// TB-Ausbilder | Freier Festplattenspeicher wird immer weniger Zeig bitte nochmal nen neuen Screenshot mit Treesize.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.03.2015, 22:58
| #11 |
| | Freier Festplattenspeicher wird immer weniger Hab gleich mal zwei gemacht. |
|
08.03.2015, 15:48
| #12 |
| /// the machine /// TB-Ausbilder | Freier Festplattenspeicher wird immer weniger Gibt es unterhalb vom WIndows Ordner noch einen anderen Ordner ausser User der viel Platz braucht?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.03.2015, 17:39
| #13 |
| | Freier Festplattenspeicher wird immer weniger Nicht das ich wüsste, eben nur ProgramData und diverse Files, aber das scheint sich ja im Rahmen zu halten. Könnten schwebende Sektoren die Ursache sein? Ich hab erst CrystalDiskInfo installiert und lese davon zum ersten Mal. |
|
08.03.2015, 19:27
| #14 |
| /// the machine /// TB-Ausbilder | Freier Festplattenspeicher wird immer weniger Du hast auf dem Screen den User ORdner aufgeklappt. der WIndows Ordner hat aber 35 GB. KLapp den mal auf und mach nochmal nen Screen, damit ich sehe was unterhalb von Windows so viel Platz braucht.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.03.2015, 21:07
| #15 |
| | Freier Festplattenspeicher wird immer weniger Ups, tut mir Leid. |
|
| Themen zu Freier Festplattenspeicher wird immer weniger |
| aktivieren, antivirenprogramm, dateien, daten, deaktiviert, einfach, einstellungen, festplatte, festplattenspeicher, files, gen, installation, konfiguration, langsam, nichts, platte, plötzlich, programm, scan, schädling, speicher, treesize, updates, zugriff, zugriff verweigert, ändern |
Linear-Darstellung
