Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 7: Wörter gelinkt, führen zu Werbung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.04.2015, 18:12   #1
Sarai
 
Windows 7: Wörter gelinkt, führen zu Werbung - Standard

Windows 7: Wörter gelinkt, führen zu Werbung



Hallo,

ich habe seit gestern einen Virus auf meinem PC, durch den mir plötzlich wahllos Wörter im Browser unterstrichen und als Links angezeigt werden. Wenn ich mit der Maus drüber fuhr, erschien sofort ein Werbefenster. Auch wenn ich im Browser irgendwohin klicke oder eine Seite öffnen möchte, öffnet sich sofort ein Werbefenster.

Ich bitte um Hilfe, alleine kriege ich ihn nicht weg...

Ich habe den Beitrag aufteilen müssen, zu viele Logs. Was ich nacheinander gemacht habe:
- Defogger gestartet und disablen lassen.
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:21 on 02/04/2015 (Toshiba)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
- FRST laufen lassen.
Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Toshiba at 2015-04-03 18:26:40
Running from C:\Users\Toshiba\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-1137706452-944283701-392776631-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon Kindle (HKU\S-1-5-21-1137706452-944283701-392776631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3-Downloader 1.0.15 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.15 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{16EA5479-5CE2-F045-8D65-3F1FC41B90E5}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
Angry Birds (HKLM-x32\...\{DE96EDE7-7D0A-49D7-9C11-121BA91F84E0}) (Version: 3.3.0 - Rovio Entertainment Ltd.)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Avira (HKLM-x32\...\{905d3ded-fe60-432c-b56e-7cd19f2899ac}) (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation)
Bluetooth Monitor 4 (HKLM-x32\...\{61539202-097E-487E-9237-B291AB56D54C}) (Version: 4.07.000 - TOSHIBA)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - ) <==== ATTENTION
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.3.0.0 - Swiss Academic Software)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Declan's Japanese Dictionary v1.5 (HKLM-x32\...\Declan's Japanese Dictionary_is1) (Version: 1.5.3502 - Declan Software, Inc.)
Der verborgene Kontinent (HKLM-x32\...\{0CF48C66-9E3F-4BA1-B879-BE7846633D25}) (Version: 0.2 - )
Desktop Icon für Amazon (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 (de) - CHIP.de)
Die Drachenhüter Saga (HKLM-x32\...\Die Drachenhüter Saga) (Version:  - )
Die Sims Deluxe (HKLM-x32\...\{10798AE3-DCBB-43C3-9C93-C23512427E25}) (Version:  - )
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
DomaIQ Uninstaller (HKLM-x32\...\DomaIQ Uninstaller) (Version:  - Tuguu SLU) <==== ATTENTION
Driver Tool (HKLM-x32\...\{AF142A83-507D-4F0F-92FC-40C7F76C1F87}) (Version: 8.1 - Driver Tool)
Efficient Calendar Free 3.0 (HKLM-x32\...\Efficient Calendar Free_is1) (Version:  - Efficient Software)
Everlight (HKLM-x32\...\{8983409B-E79D-4712-ABDC-665052FF625B}) (Version: 1.00.0000 - The Games Company)
Express Burn (HKLM-x32\...\ExpressBurn) (Version: 4.68 - NCH Software)
FaxRedist (HKLM-x32\...\{2C8CC208-965C-48A1-90A8-DFB484358F1C}) (Version: 1.0.0 -  )
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Free Running (HKLM-x32\...\Free Running_is1) (Version:  - )
Free Studio version 2013 (HKLM-x32\...\Free Studio_is1) (Version: 6.0.0.128 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.43.806 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.43.806 - DVDVideoSoft Ltd.)
Freelang Dictionary (wordlist) (HKLM-x32\...\{6B5E816C-A761-4F5B-BF48-84B794556CAA}_is1) (Version:  - Freelang)
Freelang Dictionary 3.74 beta (HKLM-x32\...\{8A95C2DC-779A-4EA8-9DE3-B118D1411E8B}_is1) (Version:  - Freelang)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
J-Ben version 1.9.7 (HKLM-x32\...\{42681087-31A3-4C49-A2EF-388A3DBF163C}_is1) (Version: 1.9.7 - Paul Goins)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Langenscheidt Vokabeltrainer 6.0 Demoversion (HKLM-x32\...\{B2F9A670-BA19-4B2C-8CB9-97801C488C02}) (Version: 6.0.16 - Langenscheidt)
Lexmark 5400 Series (HKLM\...\Lexmark 5400 Series) (Version:  - Lexmark International, Inc.)
LingoPad 2.5.1 (Build 325) (HKLM-x32\...\LingoPad_is1) (Version: 2.5.1 - Lingo4you GbR)
Luxus Hotel Imperium (HKLM-x32\...\Hotel Imperium) (Version:  - )
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (HKLM-x32\...\MAGIX_{B03055E4-8381-4834-8CD6-602141C8D702}) (Version: 4.3.2.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 (HKLM-x32\...\MX.{CC87429C-BC87-4D90-9D5F-C6D9721A6663}) (Version: 20.0.2.35 - MAGIX AG)
MAGIX Music Maker 2014 (Version: 20.0.2.35 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Trial Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
ManyCam 3.0.91 (remove only) (HKLM-x32\...\ManyCam) (Version: 3.0.91 - ManyCam LLC)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Morphyre (HKLM-x32\...\Morphyre) (Version:  - )
Mozilla Firefox 19.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 19.0.2 (x86 de)) (Version: 19.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10900.8.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.15100.59.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{2063D199-D79F-471A-9019-9E647296394D}) (Version: 10.6.10300 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 23.0.1522.75 (HKLM-x32\...\Opera 23.0.1522.75) (Version: 23.0.1522.75 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PriMus Free 1.1 (Build 10812) (HKLM-x32\...\PriMus Free_is1) (Version: 1.1.0.10812 - Columbus Soft)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ReadWrite Kanji Version 1.6 (HKLM-x32\...\ReadWrite Kanji_is1) (Version: 1.6.2601 - Declan Software, Inc.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.14 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
simplitec simplicheck (HKLM-x32\...\{183D780B-28F9-41BA-A2CB-605F324A5781}) (Version: 1.3.10.0 - simplitec GmbH)
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
SoftSkies (HKLM-x32\...\SoftSkies) (Version: 1.7 - SoundSpectrum)
SpeedBit Video Accelerator (HKLM-x32\...\SpeedBit Video Accelerator) (Version: 3370(build_3043) - SpeedBit Ltd.)
SpellForce (HKLM-x32\...\SpellForce) (Version: SpellForce v1.52 - JoWooD Productions Software AG)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Thief - Deadly Shadows (HKLM-x32\...\{FC123EEA-330A-4685-911C-95B8F5E9DE68}) (Version: 1.0 - )
Thief 2: The Metal Age version 1.18 (HKLM-x32\...\{54B5CB3B-AFD9-49BB-B0C2-CD88A2F4B0EA}_is1) (Version: 1.18 - Square Enix)
Thief Gold version 1.37 (HKLM-x32\...\{43DD5CB5-3CB7-44EC-8A7A-2F300BED7301}_is1) (Version: 1.37 - Square Enix)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}) (Version: 8.0.38 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.9 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{6FF9A012-0254-41E9-81E2-F538C4B53611}) (Version: 1.3.2.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.09.02.00 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.8 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64M - TOSHIBA Corporation)
TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.0.2.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.10010 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.18.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.09.02.00 - TOSHIBA)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.10.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.21 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
Unity Web Player (HKU\S-1-5-21-1137706452-944283701-392776631-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1137706452-944283701-392776631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.47 - NCH Software)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows 7 Codec Pack 4.0.8 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.0.8 - Windows 7 Codec Pack)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinHTTrack Website Copier 3.46-1 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.46.1 - HTTrack)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. )
WolfQuest (HKLM-x32\...\{9E6AD6CF-1EFF-43E4-86C4-5C00254C3D8E}) (Version: 2.5.1 - eduweb)
Zoo Tycoon 2 - Ultimate Collection (HKLM-x32\...\InstallShield_{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}) (Version: 1.00.0000 - Microsoft Game Studios)
Zoo Tycoon 2 - Ultimate Collection (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

15-03-2015 20:58:30 Windows Update
19-03-2015 10:53:58 Windows Update
23-03-2015 11:32:10 Windows Update
26-03-2015 18:37:16 Windows Update
30-03-2015 15:00:50 Windows Update
02-04-2015 20:29:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00C98C99-4D8D-4277-BBBA-11047A27B508} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {0E16E114-0CE3-4DDB-BD92-CB00D4F6EC3A} - System32\Tasks\YD5GqEBHbe6WDK3XrUZoIN6 => C:\Users\Toshiba\AppData\Roaming\YD5GqEBHbe6WDK3XrUZoIN6.exe
Task: {16FC4B4E-917F-49CC-9E61-D67C050D53C5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {182B9E42-AAA5-43D6-9842-CA5729ABF2B9} - System32\Tasks\{94E50012-7F71-4021-A9D6-376C0F8B26AD} => pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\SimCity™ Societies\Support\SimCity Societies_code.exe" -d "C:\Program Files (x86)\Electronic Arts\SimCity™ Societies\Support"
Task: {1A425710-B7B3-41FE-81ED-E68962F8F349} - System32\Tasks\Opera scheduled Autoupdate 1401538979 => C:\Program Files (x86)\Opera\launcher.exe [2014-08-08] (Opera Software)
Task: {1B6A9AF1-486A-49EA-BFA9-39648994FD63} - System32\Tasks\{625E31D8-62C3-4FF0-859D-60F908D5ED4D} => C:\Users\Toshiba\Downloads\cjr5400GE.exe [2013-04-02] ()
Task: {26AE953B-FC99-4F43-9973-6B85D3B24448} - System32\Tasks\{C0E35712-7F17-46E8-8ACA-928C075D25AE} => pcalua.exe -a C:\Users\Toshiba\Downloads\imejpn.exe -d C:\Users\Toshiba\Downloads
Task: {2A9513DC-E8EB-4ACE-B421-821DA9908AB2} - System32\Tasks\{1799B2AD-1C6A-4A9E-947A-DBDC6CA11D30} => C:\Program Files (x86)\Free Running\FRLauncher.exe [2009-04-23] ()
Task: {3365C941-C7E7-4876-886C-D40488C0DACA} - System32\Tasks\{DF9D7BF0-CC72-42F9-9DD4-53D00597049C} => pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\SimCity™ Societies\dotnetfx.exe" -d "C:\Program Files (x86)\Electronic Arts\SimCity™ Societies"
Task: {38031028-ADB8-4D96-97DB-570C06838298} - System32\Tasks\SBWUpdateTask_Time_38fe605d-9CB70D32C8F7 => C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe [2013-01-13] (Speedbit Ltd.) <==== ATTENTION
Task: {3EBDFD7D-E811-424E-AA0E-911B9A0591FD} - System32\Tasks\{E8B116C4-DFB0-4264-ADAD-FA998B0CC927} => C:\Users\Toshiba\Downloads\cjs5400GE.exe [2013-03-22] ()
Task: {5B137CFE-E056-4917-958C-46AEF7FDA801} - System32\Tasks\SBWUpdateTask_Logon_38fe605d-9CB70D32C8F7 => C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe [2013-01-13] (Speedbit Ltd.) <==== ATTENTION
Task: {5FFCB07C-C4F5-4281-AB0E-A61FA4D669D2} - System32\Tasks\{49BF1FEC-1B20-4610-86DE-17F9E650CF1E} => C:\Users\Toshiba\Downloads\cjr5400GE.exe [2013-04-02] ()
Task: {6D75416E-C3AC-4C9B-8A47-5B47BB34760C} - System32\Tasks\{BC700BE7-4354-40BB-8E7D-F4A08AC35987} => pcalua.exe -a "C:\Users\Toshiba\Desktop\SimCity Societies\Setup.exe" -d "C:\Users\Toshiba\Desktop\SimCity Societies"
Task: {6E25049C-FAD2-448C-B400-289F8C75493F} - \BitGuard No Task File <==== ATTENTION
Task: {71E424BD-8980-44ED-BCE5-85B83F6AF58B} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\ProtectedSearch.exe <==== ATTENTION
Task: {7C059C8A-A96E-4354-881E-F994E47A8006} - System32\Tasks\{FCE8465F-2A95-4FDC-9E05-D5FC9C924EE4} => pcalua.exe -a C:\Users\Toshiba\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=tugs -simple=0 <==== ATTENTION
Task: {8D997A58-47BF-447E-9801-1DDC2215E93E} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {91855111-4816-4C89-A0A9-4152692C6BC9} - System32\Tasks\yellow_cabs_updating_service => C:\Program Files (x86)\yellow cabs\yellow_cabs_updating_service.exe
Task: {9B74F0E5-A870-42DE-81B5-1827076D228D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {9BEC5CE0-A0C1-4D50-81AF-3780B0DA288F} - System32\Tasks\{4AE25924-49EE-48F6-BBD4-6CA6C554F9AF} => C:\Users\Toshiba\Downloads\cjr5400GE.exe [2013-04-02] ()
Task: {AF7360BB-F2FE-4A93-8AA0-D7723EB356BA} - System32\Tasks\{E81C461B-7C8A-42C3-8AEE-34AD807A2AFC} => C:\Users\Toshiba\Downloads\cjs5400GE.exe [2013-03-22] ()
Task: {AF74FC51-EEF8-467D-8398-24B121294C58} - System32\Tasks\{9B16D801-387A-4076-8336-F402CB09EF35} => pcalua.exe -a C:\Users\Toshiba\Downloads\dolphin-3.5-x64.exe -d C:\Users\Toshiba\Downloads
Task: {C423D346-36C2-43FA-BE13-F2ADF915158E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {C7922B2F-9147-49AD-9BE6-DE6D7EF6F300} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {C9A84521-14C0-478E-824D-19566C6A0BE4} - System32\Tasks\yellow_cabs_notification_service => C:\Program Files (x86)\yellow cabs\yellow_cabs_notification_service.exe
Task: {D29CE167-A52C-4CA3-BFA2-DE61EBC9414E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1137706452-944283701-392776631-1000
Task: {D58E83C1-FFBA-41B2-BDE7-22C682ED8BC5} - \Browser Updater\Browser Updater No Task File <==== ATTENTION
Task: {DA3281B1-0CCA-44CF-8647-62B1E6B508B5} - System32\Tasks\{D623BB9E-6035-4061-A5CC-7D4D52840758} => pcalua.exe -a C:\Users\Toshiba\Downloads\setup_dictionary_251.exe -d C:\Users\Toshiba\Downloads
Task: {E602A634-B9CE-45BC-B0B7-56051B3C23F1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-10] (AVAST Software)
Task: {F1ADB93E-9FA8-4D02-AB46-A762F8632BA9} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {F466E35F-61D8-49FA-BB3F-875070226DB6} - System32\Tasks\{CC11F165-F305-4529-97B2-06E1FB752260} => C:\Users\Toshiba\Downloads\cjs5400EN.exe [2012-10-19] ()
Task: {F697FDCF-2AF2-4658-B290-81D0B55D90D0} - System32\Tasks\{CE286268-2A1E-4CA3-B284-459CEA3E2A8B} => pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\SimCity™ Societies\PackageInstaller.exe" -d "C:\Program Files (x86)\Electronic Arts\SimCity™ Societies"
Task: {FE89F376-4951-4388-AA93-53C18F3FD677} - System32\Tasks\{DE70D593-945F-4430-BAC3-597C8803F80E} => C:\Users\Toshiba\Downloads\cjs5400GE.exe [2013-03-22] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\YD5GqEBHbe6WDK3XrUZoIN6.job => C:\Users\Toshiba\AppData\Roaming\YD5GqEBHbe6WDK3XrUZoIN6.exe
Task: C:\Windows\Tasks\yellow_cabs_notification_service.job => C:\Program Files (x86)\yellow cabs\yellow_cabs_notification_service.exeç/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='yellow cabs' /appid='73143' /srcid='2913' /bic='81bf2bb273014e89b42a01e33d21ac6a' /verifier='6886a686db333a6cd403fe06e95742f3' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif
Task: C:\Windows\Tasks\yellow_cabs_updating_service.job => C:\Program Files (x86)\yellow cabs\yellow_cabs_updating_service.exe¬ /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=yellow_cabs_updating_service /funurl=http:/stats.buildomserv.com

==================== Loaded Modules (whitelisted) ==============

2012-10-19 21:22 - 2006-10-18 07:24 - 00045056 _____ () C:\Windows\System32\lxctpmon.dll
2013-04-02 18:08 - 2006-10-18 05:32 - 00081408 _____ () C:\Program Files (x86)\Lexmark 5400 Series\ipcmt64.dll
2013-04-02 18:10 - 2006-11-13 04:40 - 00146432 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxctdrpp.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-07 14:59 - 2011-04-07 14:59 - 00592312 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2010-11-18 18:18 - 2010-11-18 18:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2011-04-07 14:59 - 2011-04-07 14:59 - 00592312 _____ () C:\Program Files\Toshiba\TECO\TecoPower.dll
2010-12-15 16:19 - 2010-12-15 16:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2011-03-04 00:21 - 2011-03-04 00:21 - 03420584 _____ () C:\Program Files\Toshiba\BulletinBoard\TosNcUi.dll
2013-04-02 18:08 - 2006-11-22 10:11 - 00291760 _____ () C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
2011-08-10 05:25 - 2011-04-21 10:57 - 00013184 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\de\TosDILangPack.resources.dll
2011-08-10 05:25 - 2011-04-21 10:57 - 00063360 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIInternal.XmlSerializers.dll
2012-09-04 18:05 - 2009-07-07 12:21 - 00025256 _____ () C:\Program Files (x86) (x86)\Lexmark X5400 Series\lxdvamon.exe
2011-11-11 00:24 - 2011-11-11 00:24 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-09 10:55 - 2011-11-09 10:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-12-08 16:42 - 2010-12-08 16:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-08-10 16:22 - 2014-08-10 16:22 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-03-29 14:04 - 2015-03-29 14:04 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15032900\algo.dll
2013-04-02 18:08 - 2006-08-08 15:54 - 00278528 _____ () C:\Program Files (x86)\Lexmark 5400 Series\lxctscw.dll
2013-04-02 18:08 - 2006-06-09 02:39 - 00143360 _____ () C:\Program Files (x86)\Lexmark 5400 Series\lxctdrec.dll
2013-04-02 18:08 - 2006-05-25 16:20 - 00241664 _____ () C:\Program Files (x86)\Lexmark 5400 Series\iptk.dll
2012-09-04 18:05 - 2007-10-08 04:59 - 00028672 _____ () C:\Program Files (x86) (x86)\Lexmark X5400 Series\App4R.Monitor.Common.dll
2012-09-04 18:05 - 2007-10-08 04:59 - 00036864 _____ () C:\Program Files (x86) (x86)\Lexmark X5400 Series\App4R.Monitor.Core.dll
2012-09-04 18:05 - 2007-10-08 04:58 - 00057344 _____ () C:\Program Files (x86) (x86)\Lexmark X5400 Series\app4r.devmons.mcmdevmon.dll
2012-09-04 18:05 - 2007-08-10 02:12 - 00011776 _____ () C:\Program Files (x86) (x86)\Lexmark X5400 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
2014-08-10 16:22 - 2014-08-10 16:22 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-12-05 04:38 - 2010-12-05 04:38 - 01242112 _____ () C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll
2010-12-05 04:38 - 2010-12-05 04:38 - 02010624 _____ () C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll
2015-03-21 21:19 - 2015-03-14 12:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-21 21:19 - 2015-03-14 12:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-21 21:19 - 2015-03-14 12:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-21 21:19 - 2015-03-14 12:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1137706452-944283701-392776631-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1137706452-944283701-392776631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1137706452-944283701-392776631-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1137706452-944283701-392776631-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk => C:\Windows\pss\CodecPackUpdateChecker.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Toshiba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Efficient Calendar Free.lnk => C:\Windows\pss\Efficient Calendar Free.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Toshiba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk => C:\Windows\pss\TRDCReminder.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: ManyCam => "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1137706452-944283701-392776631-500 - Administrator - Disabled)
Gast (S-1-5-21-1137706452-944283701-392776631-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1137706452-944283701-392776631-1002 - Limited - Enabled)
Toshiba (S-1-5-21-1137706452-944283701-392776631-1000 - Administrator - Enabled) => C:\Users\Toshiba

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2015 05:05:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16458963

Error: (04/03/2015 05:05:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16458963

Error: (04/03/2015 05:05:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/03/2015 00:31:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2574

Error: (04/03/2015 00:31:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2574

Error: (04/03/2015 00:31:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/02/2015 08:15:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2015 05:23:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12246

Error: (04/02/2015 05:23:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12246

Error: (04/02/2015 05:23:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (04/03/2015 05:15:31 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "WINDOWS" den Befehl "chkdsk" aus.

Error: (04/02/2015 09:18:01 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "WINDOWS" den Befehl "chkdsk" aus.

Error: (04/02/2015 08:41:42 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "WINDOWS" den Befehl "chkdsk" aus.

Error: (04/02/2015 08:15:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (04/02/2015 08:03:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/02/2015 05:20:47 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "WINDOWS" den Befehl "chkdsk" aus.

Error: (04/01/2015 08:27:00 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "WINDOWS" den Befehl "chkdsk" aus.

Error: (04/01/2015 04:14:10 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "WINDOWS" den Befehl "chkdsk" aus.

Error: (03/31/2015 05:04:33 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "WINDOWS" den Befehl "chkdsk" aus.

Error: (03/31/2015 00:02:49 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "WINDOWS" den Befehl "chkdsk" aus.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-04-02 20:13:58.686
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mcaudrv_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-04-02 20:13:58.608
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mcaudrv_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-04-02 20:13:58.530
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mcvidrv_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-04-02 20:13:58.452
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mcvidrv_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-21 12:02:06.443
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mcaudrv_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-21 12:02:06.365
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mcaudrv_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-21 12:02:06.287
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mcvidrv_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-21 12:02:06.209
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mcvidrv_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-08 22:02:35.224
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mcaudrv_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-08 22:02:35.146
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mcaudrv_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: AMD A8-3500M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 46%
Total physical RAM: 7654.87 MB
Available physical RAM: 4113.27 MB
Total Pagefile: 15307.92 MB
Available Pagefile: 11030.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:297.45 GB) (Free:93.9 GB) NTFS
Drive d: (Data) (Fixed) (Total:298.33 GB) (Free:284.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 12F51B81)
Partition 1: (Active) - (Size=399 MB) - (Type=27)
Partition 2: (Not Active) - (Size=297.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=298.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
FRST.txt:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Toshiba (administrator) on TOSHIBA-TOSH on 03-04-2015 18:25:28
Running from C:\Users\Toshiba\Downloads
Loaded Profiles: Toshiba &  (Available profiles: Toshiba & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\lxctcoms.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Monitor\BtMon2.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Monitor\BtMon64.exe
(Toshiba) C:\Program Files\Toshiba\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86) (x86)\Lexmark X5400 Series\lxdvamon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
(VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2011-03-30] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [967544 2011-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544104 2011-04-07] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-04] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [150992 2011-08-10] (Toshiba Europe GmbH)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [lxctmon.exe] => C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe [291760 2006-11-22] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe [82864 2006-11-22] (Lexmark International Inc.)
HKLM\...\Run: [LXCTCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCTtime.dll,RunDLLEntry
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [lxdvmon.exe] => C:\Program Files (x86) (x86)\Lexmark X5400 Series\lxdvmon.exe [455336 2009-07-07] ()
HKLM-x32\...\Run: [lxdvamon] => C:\Program Files (x86) (x86)\Lexmark X5400 Series\lxdvamon.exe [25256 2009-07-07] ()
HKLM-x32\...\Run: [Lexmark X5400 Series] => C:\Program Files (x86) (x86)\Lexmark X5400 Series\fm3032.exe [307880 2009-07-07] ()
HKLM-x32\...\Run: [Lexmark 5400 Series] => C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe [304048 2006-11-22] ()
HKLM-x32\...\Run: [EfficientCalendarFree] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-10] (AVAST Software)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-1137706452-944283701-392776631-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-1137706452-944283701-392776631-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\STOREC~1.SCR
HKU\S-1-5-21-1137706452-944283701-392776631-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-1137706452-944283701-392776631-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\STOREC~1.SCR
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Monitor.lnk
ShortcutTarget: Bluetooth Monitor.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Monitor\BtMon2.exe (TOSHIBA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk
ShortcutTarget: simplicheck.lnk -> C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe (simplitec)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\Toshiba\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Toshiba\AppData\Roaming\Windows Net Data\net.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53462;https=127.0.0.1:53462
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1137706452-944283701-392776631-1000\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = www.google.de
HKU\S-1-5-21-1137706452-944283701-392776631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1401114694&from=tugs&uid=TOSHIBAXMK6475GSX_123FT3ECTXX123FT3ECT&q={searchTerms}
HKU\S-1-5-21-1137706452-944283701-392776631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://astromenda.com/?f=1&a=ast_aw_14_50_ch&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DtAtB0Czz0FyByCtDyD0DtN0D0Tzu0SzyyDtAtN1L2XzutAtFtDtFtCtDtFtBtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyB0Bzz0E0FtAyEtBtG0AtB0AtCtG0CtD0DyCtGtAyEyB0DtGtCtD0DyBzztB0EtDtByDyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtD0DtD0C0A0BtBtG0AzyyCtDtGyE0AtBzytGzz0FtA0DtG0D0CyB0AtA0CtAyB0F0EyEyC2QtN1B1L1H1Ezu1O2U1M1B&cr=2121822114&ir=
HKU\S-1-5-21-1137706452-944283701-392776631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1401114694&from=tugs&uid=TOSHIBAXMK6475GSX_123FT3ECTXX123FT3ECT
HKU\S-1-5-21-1137706452-944283701-392776631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = www.google.de
HKU\S-1-5-21-1137706452-944283701-392776631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401114694&from=tugs&uid=TOSHIBAXMK6475GSX_123FT3ECTXX123FT3ECT&q={searchTerms}
HKU\S-1-5-21-1137706452-944283701-392776631-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
HKU\S-1-5-21-1137706452-944283701-392776631-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
HKU\S-1-5-21-1137706452-944283701-392776631-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
HKU\S-1-5-21-1137706452-944283701-392776631-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_aw_14_50_ch&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DtAtB0Czz0FyByCtDyD0DtN0D0Tzu0SzyyDtAtN1L2XzutAtFtDtFtCtDtFtBtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyB0Bzz0E0FtAyEtBtG0AtB0AtCtG0CtD0DyCtGtAyEyB0DtGtCtD0DyBzztB0EtDtByDyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtD0DtD0C0A0BtBtG0AzyyCtDtGyE0AtBzytGzz0FtA0DtG0D0CyB0AtA0CtAyB0F0EyEyC2QtN1B1L1H1Ezu1O2U1M1B&cr=2121822114&ir=
SearchScopes: HKU\S-1-5-21-1137706452-944283701-392776631-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_aw_14_50_ch&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DtAtB0Czz0FyByCtDyD0DtN0D0Tzu0SzyyDtAtN1L2XzutAtFtDtFtCtDtFtBtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyB0Bzz0E0FtAyEtBtG0AtB0AtCtG0CtD0DyCtGtAyEyB0DtGtCtD0DyBzztB0EtDtByDyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtD0DtD0C0A0BtBtG0AzyyCtDtGyE0AtBzytGzz0FtA0DtG0D0CyB0AtA0CtAyB0F0EyEyC2QtN1B1L1H1Ezu1O2U1M1B&cr=2121822114&ir=
SearchScopes: HKU\S-1-5-21-1137706452-944283701-392776631-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKU\S-1-5-21-1137706452-944283701-392776631-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_aw_14_50_ch&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DtAtB0Czz0FyByCtDyD0DtN0D0Tzu0SzyyDtAtN1L2XzutAtFtDtFtCtDtFtBtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyB0Bzz0E0FtAyEtBtG0AtB0AtCtG0CtD0DyCtGtAyEyB0DtGtCtD0DyBzztB0EtDtByDyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtD0DtD0C0A0BtBtG0AzyyCtDtGyE0AtBzytGzz0FtA0DtG0D0CyB0AtA0CtAyB0F0EyEyC2QtN1B1L1H1Ezu1O2U1M1B&cr=2121822114&ir=
SearchScopes: HKU\S-1-5-21-1137706452-944283701-392776631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_aw_14_50_ch&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DtAtB0Czz0FyByCtDyD0DtN0D0Tzu0SzyyDtAtN1L2XzutAtFtDtFtCtDtFtBtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyB0Bzz0E0FtAyEtBtG0AtB0AtCtG0CtD0DyCtGtAyEyB0DtGtCtD0DyBzztB0EtDtByDyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtD0DtD0C0A0BtBtG0AzyyCtDtGyE0AtBzytGzz0FtA0DtG0D0CyB0AtA0CtAyB0F0EyEyC2QtN1B1L1H1Ezu1O2U1M1B&cr=2121822114&ir=
SearchScopes: HKU\S-1-5-21-1137706452-944283701-392776631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKU\S-1-5-21-1137706452-944283701-392776631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-1137706452-944283701-392776631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_aw_14_50_ch&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DtAtB0Czz0FyByCtDyD0DtN0D0Tzu0SzyyDtAtN1L2XzutAtFtDtFtCtDtFtBtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyB0Bzz0E0FtAyEtBtG0AtB0AtCtG0CtD0DyCtGtAyEyB0DtGtCtD0DyBzztB0EtDtByDyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtD0DtD0C0A0BtBtG0AzyyCtDtGyE0AtBzytGzz0FtA0DtG0D0CyB0AtA0CtAyB0F0EyEyC2QtN1B1L1H1Ezu1O2U1M1B&cr=2121822114&ir=
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-05-27] (DVDVideoSoft Ltd.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-08-07] (DVDVideoSoft Ltd.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [174832] (SPEEDbit)
Winsock: Catalog9 02 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [174832] (SPEEDbit)
Winsock: Catalog9 03 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [174832] (SPEEDbit)
Winsock: Catalog9 04 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [174832] (SPEEDbit)
Winsock: Catalog9 05 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [174832] (SPEEDbit)
Winsock: Catalog9 06 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [174832] (SPEEDbit)
Winsock: Catalog9 07 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [174832] (SPEEDbit)
Winsock: Catalog9 08 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [174832] (SPEEDbit)
Winsock: Catalog9 09 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [174832] (SPEEDbit)
Winsock: Catalog9 10 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [174832] (SPEEDbit)
Winsock: Catalog9 21 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [174832] (SPEEDbit)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\u99k3oq3.default
FF DefaultSearchUrl: hxxp://search.speedbit.com/search.aspx?s=D1Db105&q=
FF SearchEngineOrder.1: Speedbit Search
FF SelectedSearchEngine: Astromenda
FF Keyword.URL: hxxp://search.speedbit.com/search.aspx?s=D1Db105&q=
FF DefaultSearchEngine: webssearches
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-01-31] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1137706452-944283701-392776631-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Toshiba\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1137706452-944283701-392776631-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll [2012-07-25] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-1137706452-944283701-392776631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Toshiba\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1137706452-944283701-392776631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll [2012-07-25] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-03-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-03-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-03-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-03-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-03-04] (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\webssearches.xml [2014-05-26]
FF Extension: yellow cabs - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\u99k3oq3.default\Extensions\8CROql@gmail.com [2015-04-02]
FF Extension: Rikaichan Japanese-German Dictionary File - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\u99k3oq3.default\Extensions\rikaichan-jpde@polarcloud.com [2013-07-18]
FF Extension: Rikaichan - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\u99k3oq3.default\Extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2012-11-15]
FF Extension: Download videos and MP3s from YouTube - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\u99k3oq3.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-08-15]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-03-15]
FF HKU\S-1-5-21-1137706452-944283701-392776631-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-1137706452-944283701-392776631-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKU\S-1-5-21-1137706452-944283701-392776631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF HKU\S-1-5-21-1137706452-944283701-392776631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR HomePage: Default -> https://olat.server.uni-frankfurt.de/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-07]
CHR Extension: (Google Docs) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-07]
CHR Extension: (Google Drive) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-07]
CHR Extension: (YouTube) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-07]
CHR Extension: (Adblock Plus) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-11]
CHR Extension: (OneTab) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2014-07-30]
CHR Extension: (Google Search) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-07]
CHR Extension: (yellow cabs) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfhphepmmghimompopllneamgdbelkdd [2015-04-02]
CHR Extension: (Google Sheets) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Humble New Tab Page) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfgdmpfihlmdekaclngibpjhdebndhdj [2014-08-02]
CHR Extension: (Google Wallet) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR Extension: (Gmail) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-07]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1137706452-944283701-392776631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-03-15]
CHR HKU\S-1-5-21-1137706452-944283701-392776631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (yellow cabs) - C:\Users\Toshiba\AppData\Roaming\Opera Software\Opera Stable\Extensions\dfhphepmmghimompopllneamgdbelkdd [2015-04-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1004032 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-10] (AVAST Software)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 lxct_device; C:\Windows\system32\lxctcoms.exe [566192 2006-11-22] ( )
R2 lxct_device; C:\Windows\SysWOW64\lxctcoms.exe [537520 2006-11-22] ( )
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-08] (Electronic Arts)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S4 VideoAcceleratorService; C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe [277744 2013-01-13] (SpeedBit Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-10] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-04] (Avira Operations GmbH & Co. KG)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-07-20] (ManyCam LLC) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-07-20] (ManyCam LLC) [File not signed]
U0 mogfhqa; C:\Windows\System32\drivers\scwmdaww.sys [79064 2015-04-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 QIOMem; C:\Windows\system32\drivers\QIOMem.sys [12800 2009-06-15] (TOSHIBA) [File not signed]
U3 pwliypog; \??\C:\Users\Toshiba\AppData\Local\Temp\pwliypog.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-03 18:24 - 2015-04-03 18:24 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\scwmdaww.sys
2015-04-03 17:13 - 2015-04-03 17:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-03 17:12 - 2015-04-03 17:12 - 00001069 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-03 17:12 - 2015-04-03 17:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-03 17:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-03 17:12 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-02 23:11 - 2015-04-02 23:11 - 00023719 _____ () C:\Users\Toshiba\Downloads\gmer.txt
2015-04-02 22:26 - 2015-04-02 22:26 - 00380416 _____ () C:\Users\Toshiba\Downloads\Gmer-19357.exe
2015-04-02 22:21 - 2015-04-02 22:21 - 00000476 _____ () C:\Users\Toshiba\Downloads\defogger_disable.log
2015-04-02 22:21 - 2015-04-02 22:21 - 00000000 _____ () C:\Users\Toshiba\defogger_reenable
2015-04-02 22:04 - 2015-04-02 22:04 - 00050477 _____ () C:\Users\Toshiba\Downloads\Defogger.exe
2015-04-02 21:42 - 2015-04-02 21:42 - 00001231 _____ () C:\Users\Toshiba\Desktop\Revo Uninstaller.lnk
2015-04-02 21:42 - 2015-04-02 21:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-02 21:41 - 2015-04-02 21:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Toshiba\Downloads\revosetup95.exe
2015-04-02 21:34 - 2015-04-03 18:25 - 00038762 _____ () C:\Users\Toshiba\Downloads\FRST.txt
2015-04-02 21:34 - 2015-04-03 18:25 - 00000000 ____D () C:\FRST
2015-04-02 21:32 - 2015-04-02 21:32 - 02095616 _____ (Farbar) C:\Users\Toshiba\Downloads\FRST64.exe
2015-04-02 21:28 - 2015-04-02 21:28 - 00017490 _____ () C:\Users\Toshiba\Downloads\Addition.txt
2015-04-02 21:28 - 2015-04-02 21:28 - 00007895 _____ () C:\Users\Toshiba\Downloads\gmer.log
2015-04-02 17:02 - 2015-04-03 17:05 - 00001026 _____ () C:\Windows\Tasks\YD5GqEBHbe6WDK3XrUZoIN6.job
2015-04-02 17:02 - 2015-04-02 17:02 - 00004064 _____ () C:\Windows\System32\Tasks\YD5GqEBHbe6WDK3XrUZoIN6
2015-04-02 17:00 - 2015-04-03 18:00 - 00001324 _____ () C:\Windows\Tasks\yellow_cabs_notification_service.job
2015-04-02 17:00 - 2015-04-03 17:05 - 00000686 _____ () C:\Windows\Tasks\yellow_cabs_updating_service.job
2015-04-02 17:00 - 2015-04-02 17:00 - 00004358 _____ () C:\Windows\System32\Tasks\yellow_cabs_notification_service
2015-04-02 17:00 - 2015-04-02 17:00 - 00003722 _____ () C:\Windows\System32\Tasks\yellow_cabs_updating_service
2015-04-02 16:59 - 2015-04-03 18:23 - 00000000 ____D () C:\Program Files (x86)\yellow cabs
2015-03-31 10:14 - 2015-03-31 10:14 - 00005655 _____ () C:\Users\Toshiba\AppData\Roaming\RgfT1TLPF7zcedb8SJxD6wOmds
2015-03-31 10:14 - 2015-03-31 10:14 - 00005655 _____ () C:\Users\Toshiba\AppData\Roaming\imSaQindWgweQRpRxz948v6o6ai
2015-03-31 10:14 - 2015-03-31 10:14 - 00004387 _____ () C:\Users\Toshiba\AppData\Roaming\yJj6O4U7EP
2015-03-31 10:14 - 2015-03-31 10:14 - 00004387 _____ () C:\Users\Toshiba\AppData\Roaming\YD5GqEBHbe6WDK3XrUZoIN6
2015-03-26 21:08 - 2015-03-27 19:50 - 00000000 ____D () C:\Users\Toshiba\Documents\Wohnung
2015-03-19 10:47 - 2015-03-30 15:26 - 00000000 ____D () C:\Users\Toshiba\Documents\Jedi
2015-03-08 22:20 - 2015-03-08 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2015-03-08 22:08 - 2015-03-08 22:09 - 29720272 _____ () C:\Users\Toshiba\Downloads\SWTOR_setup.exe
2015-03-04 17:07 - 2015-03-04 17:07 - 00001760 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-04 17:07 - 2015-03-04 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-04 17:04 - 2015-03-04 17:06 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-04 17:04 - 2015-03-04 17:06 - 00000000 ____D () C:\Program Files\iTunes
2015-03-04 17:04 - 2015-03-04 17:04 - 00000000 ____D () C:\Program Files\iPod
2015-03-04 17:04 - 2015-03-04 17:04 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-04 16:52 - 2015-03-04 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-03-04 16:47 - 2015-03-04 16:48 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-03-04 16:47 - 2015-03-04 16:47 - 00001812 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-03-04 16:47 - 2015-03-04 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-03 18:24 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-04-03 18:09 - 2011-08-10 05:13 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-03 17:40 - 2014-08-10 16:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-03 17:12 - 2013-10-01 20:34 - 00000000 ____D () C:\Users\Toshiba\AppData\Roaming\Malwarebytes
2015-04-03 17:12 - 2013-10-01 20:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-03 17:12 - 2013-10-01 20:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-04-03 17:08 - 2011-02-11 10:21 - 00654166 _____ () C:\Windows\system32\perfh007.dat
2015-04-03 17:08 - 2011-02-11 10:21 - 00130006 _____ () C:\Windows\system32\perfc007.dat
2015-04-03 17:08 - 2009-07-14 07:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 17:06 - 2012-01-14 20:20 - 01932181 _____ () C:\Windows\WindowsUpdate.log
2015-04-03 17:05 - 2009-07-14 06:51 - 00251103 _____ () C:\Windows\setupact.log
2015-04-02 22:21 - 2012-08-27 19:57 - 00000000 ____D () C:\Users\Toshiba
2015-04-02 22:19 - 2014-08-10 16:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-02 21:36 - 2009-07-14 06:45 - 00024912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-02 21:36 - 2009-07-14 06:45 - 00024912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-02 20:14 - 2010-11-21 05:47 - 00429522 _____ () C:\Windows\PFRO.log
2015-04-02 20:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-02 19:54 - 2012-12-05 12:26 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DBE0C8B6-986B-4B28-8957-7170B6F418CB}
2015-04-02 17:02 - 2012-09-02 14:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-01 15:57 - 2013-09-26 18:54 - 00000000 ____D () C:\Users\Toshiba\AppData\Roaming\Avira
2015-04-01 15:56 - 2013-09-26 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-01 15:56 - 2013-09-26 18:45 - 00000000 ____D () C:\ProgramData\Avira
2015-03-30 17:45 - 2012-10-19 22:58 - 00000000 ____D () C:\Users\Toshiba\Documents\1 Studium
2015-03-27 19:50 - 2013-04-03 19:57 - 00000000 ____D () C:\Users\Toshiba\Documents\Abrechnung
2015-03-26 22:01 - 2013-09-04 20:58 - 00183296 ___SH () C:\Users\Toshiba\Documents\Thumbs.db
2015-03-21 13:46 - 2014-02-13 23:01 - 00000000 ____D () C:\ProgramData\Origin
2015-03-21 12:47 - 2013-08-05 14:58 - 00000000 ____D () C:\Users\Toshiba\Documents\Bewerbung
2015-03-08 22:22 - 2013-11-20 18:12 - 00016028 _____ () C:\Users\Toshiba\Documents\Install STAR WARS The Old Republic.log
2015-03-08 22:20 - 2014-05-26 16:29 - 00000000 _____ () C:\END
2015-03-08 22:20 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-08 22:19 - 2013-02-02 21:26 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2015-03-08 19:20 - 2014-02-13 23:01 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-07 13:36 - 2012-11-15 22:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-05 13:23 - 2013-10-08 22:20 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-04 18:24 - 2011-08-10 04:47 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-04 18:22 - 2014-09-22 17:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-04 18:22 - 2013-10-08 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-04 17:04 - 2014-10-12 13:48 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-03-04 17:04 - 2013-11-11 22:26 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-04 15:32 - 2013-09-26 18:45 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-04 15:32 - 2013-09-26 18:45 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-04 15:32 - 2013-09-26 18:45 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

==================== Files in the root of some directories =======

2015-03-31 10:14 - 2015-03-31 10:14 - 0005655 _____ () C:\Users\Toshiba\AppData\Roaming\imSaQindWgweQRpRxz948v6o6ai
2015-03-31 10:14 - 2015-03-31 10:14 - 0005655 _____ () C:\Users\Toshiba\AppData\Roaming\RgfT1TLPF7zcedb8SJxD6wOmds
2014-08-24 16:50 - 2014-08-25 05:49 - 0000077 _____ () C:\Users\Toshiba\AppData\Roaming\WB.CFG
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\Toshiba\AppData\Roaming\YD5GqEBHbe6WDK3XrUZoIN6
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\Toshiba\AppData\Roaming\yJj6O4U7EP
2014-06-24 15:07 - 2014-06-24 15:07 - 0006556 _____ () C:\Users\Toshiba\AppData\Local\recently-used.xbel
2013-09-19 11:32 - 2013-09-19 11:32 - 13094889 _____ () C:\ProgramData\SPL8725.tmp

Files to move or delete:
====================
C:\Users\Toshiba\gens.exe
C:\Users\Toshiba\kailleraclient.dll
C:\Users\Toshiba\language.dat


Some content of TEMP:
====================
C:\Users\Toshiba\AppData\Local\Temp\avgnt.exe
C:\Users\Toshiba\AppData\Local\Temp\EAInstall.dll
C:\Users\Toshiba\AppData\Local\Temp\eauninstall.exe
C:\Users\Toshiba\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Toshiba\AppData\Local\Temp\SCS Uninstaller.exe
C:\Users\Toshiba\AppData\Local\Temp\The Sims Life Stories_uninst.exe
C:\Users\Toshiba\AppData\Local\Temp\_is5990.exe
C:\Users\Toshiba\AppData\Local\Temp\_isB568.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 18:37

==================== End Of Log ============================
         
(FRST hab ich heute eben noch mal drübergejagt.)

Alt 03.04.2015, 18:14   #2
Sarai
 
Windows 7: Wörter gelinkt, führen zu Werbung - Standard

Windows 7: Wörter gelinkt, führen zu Werbung



- Gmer gestartet (nach Inet-Abkapseln und Antivirenprogramme deaktivieren)
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-02 23:11:07
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK6475GSX rev.GT001M 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\Toshiba\AppData\Local\Temp\pwliypog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\wininit.exe[592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                            000000007717eecd 1 byte [62]
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                           000000007717eecd 1 byte [62]
.text  C:\Windows\system32\lsass.exe[672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                              000000007717eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                            000000007717eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[884] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                            000000007717eecd 1 byte [62]
.text  C:\Program Files\Microsoft Security Client\MsMpEng.exe[944] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                     000000007717eecd 1 byte [62]
.text  C:\Windows\system32\winlogon.exe[1000] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                          000000007717eecd 1 byte [62]
.text  C:\Windows\system32\atiesrxx.exe[464] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                           000000007717eecd 1 byte [62]
.text  C:\Windows\System32\svchost.exe[500] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                            000000007717eecd 1 byte [62]
.text  C:\Windows\System32\svchost.exe[868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                            000000007717eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                           000000007717eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1068] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                           000000007717eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1160] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                           000000007717eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                           000000007717eecd 1 byte [62]
.text  C:\Windows\system32\atieclxx.exe[1396] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                          000000007717eecd 1 byte [62]
.text  C:\Windows\System32\spoolsv.exe[1688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                           000000007717eecd 1 byte [62]
.text  C:\Windows\system32\taskeng.exe[1708] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                           000000007717eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                           000000007717eecd 1 byte [62]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1900] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                              0000000076cca30a 1 byte [62]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1924] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                  0000000076cca30a 1 byte [62]
.text  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                    000000007717eecd 1 byte [62]
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2008] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                000000007717eecd 1 byte [62]
.text  C:\Windows\system32\lxctcoms.exe[1116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                          000000007717eecd 1 byte [62]
.text  C:\Windows\system32\TODDSrv.exe[1992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                           000000007717eecd 1 byte [62]
.text  C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[1480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                         000000007717eecd 1 byte [62]
.text  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2332] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                   000000007717eecd 1 byte [62]
.text  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2472] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                  000000007717eecd 1 byte [62]
.text  C:\Program Files\TOSHIBA\TECO\TecoService.exe[2956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                             000000007717eecd 1 byte [62]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe[2208] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                 000000007717eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[3108] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                           000000007717eecd 1 byte [62]
.text  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3476] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                000000007717eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                           000000007717eecd 1 byte [62]
.text  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3632] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                      0000000076cca30a 1 byte [62]
.text  C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[3676] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                  0000000076cca30a 1 byte [62]
.text  C:\Windows\system32\SearchIndexer.exe[4032] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                     000000007717eecd 1 byte [62]
.text  C:\Windows\system32\taskhost.exe[3808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                          000000007717eecd 1 byte [62]
.text  C:\Windows\system32\Dwm.exe[1176] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                               000000007717eecd 1 byte [62]
.text  C:\Windows\Explorer.EXE[3596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                   000000007717eecd 1 byte [62]
.text  C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe[904] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                   000000007717eecd 1 byte [62]
.text  C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[3720] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                                      000000007717eecd 1 byte [62]
.text  C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                          000000007717eecd 1 byte [62]
.text  C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                          000000007717eecd 1 byte [62]
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3816] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                             000000007717eecd 1 byte [62]
.text  C:\Program Files\Toshiba\TECO\Teco.exe[952] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                     000000007717eecd 1 byte [62]
.text  C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe[3416] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                      000000007717eecd 1 byte [62]
.text  C:\Program Files\Microsoft Security Client\msseces.exe[4232] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                    000000007717eecd 1 byte [62]
.text  C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe[4248] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                    0000000076cca30a 1 byte [62]
.text  C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe[4264] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                    0000000076cca30a 1 byte [62]
.text  C:\Program Files (x86)\TOSHIBA\Bluetooth Monitor\BtMon2.exe[4428] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                               0000000076cca30a 1 byte [62]
.text  C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[4436] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                             000000007717eecd 1 byte [62]
.text  C:\Program Files (x86)\TOSHIBA\Bluetooth Monitor\BtMon64.exe[4456] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              000000007717eecd 1 byte [62]
.text  C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe[4480] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                     000000007717eecd 1 byte [62]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4532] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                            0000000076cca30a 1 byte [62]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                          0000000075d51465 2 bytes [D5, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                         0000000075d514bb 2 bytes [D5, 75]
.text  ...                                                                                                                                                                                                   * 2
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4532] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                                                                       0000000075c84296 5 bytes JMP 00000001288c7700
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4532] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW                                                                                      0000000075c84889 5 bytes JMP 00000001288c66a0
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4532] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW                                                                                    0000000075c8d1ea 5 bytes JMP 00000001288c6ee0
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4532] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExA                                                                                    0000000075c9469b 5 bytes JMP 00000001288c6bb0
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4532] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                                                     0000000075c97673 5 bytes JMP 00000001288c6a40
.text  C:\Program Files (x86) (x86)\Lexmark X5400 Series\lxdvamon.exe[4664] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                            0000000076cca30a 1 byte [62]
.text  C:\Program Files\AVAST Software\Avast\avastui.exe[4720] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                                                  0000000076ca87b1 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text  C:\Program Files\AVAST Software\Avast\avastui.exe[4720] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                         0000000076cca30a 1 byte [62]
.text  C:\Program Files\AVAST Software\Avast\avastui.exe[4720] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                                                                                    0000000075c84296 5 bytes JMP 00000001288c7700
.text  C:\Program Files\AVAST Software\Avast\avastui.exe[4720] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW                                                                                                   0000000075c84889 5 bytes JMP 00000001288c66a0
.text  C:\Program Files\AVAST Software\Avast\avastui.exe[4720] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW                                                                                                 0000000075c8d1ea 5 bytes JMP 00000001288c6ee0
.text  C:\Program Files\AVAST Software\Avast\avastui.exe[4720] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExA                                                                                                 0000000075c9469b 5 bytes JMP 00000001288c6bb0
.text  C:\Program Files\AVAST Software\Avast\avastui.exe[4720] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                                                                  0000000075c97673 5 bytes JMP 00000001288c6a40
.text  C:\Program Files\AVAST Software\Avast\avastui.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                       0000000075d51465 2 bytes [D5, 75]
.text  C:\Program Files\AVAST Software\Avast\avastui.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                      0000000075d514bb 2 bytes [D5, 75]
.text  ...                                                                                                                                                                                                   * 2
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4740] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                    0000000076cca30a 1 byte [62]
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4984] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                          000000007717eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                           000000007717eecd 1 byte [62]
.text  C:\Windows\System32\svchost.exe[292] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                            000000007717eecd 1 byte [62]
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[4464] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                        000000007717eecd 1 byte [62]
.text  C:\Windows\system32\wuauclt.exe[5256] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                           000000007717eecd 1 byte [62]
.text  C:\Windows\system32\taskeng.exe[4596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                           000000007717eecd 1 byte [62]
.text  C:\Windows\system32\DllHost.exe[6528] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                           000000007717eecd 1 byte [62]
.text  C:\Windows\system32\wbem\unsecapp.exe[6608] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                     000000007717eecd 1 byte [62]
.text  C:\Windows\system32\wbem\wmiprvse.exe[6684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                     000000007717eecd 1 byte [62]
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1308] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                   000000007717eecd 1 byte [62]
.text  C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                            000000007717eecd 1 byte [62]
.text  C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3836] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                            000000007717eecd 1 byte [62]
.text  C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[5304] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                 000000007717eecd 1 byte [62]
.text  C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[6044] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                000000007717eecd 1 byte [62]
.text  C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\revouninstaller.exe[2504] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                 0000000076cca30a 1 byte [62]
.text  C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\revouninstaller.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                               0000000075d51465 2 bytes [D5, 75]
.text  C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\revouninstaller.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                              0000000075d514bb 2 bytes [D5, 75]
.text  ...                                                                                                                                                                                                   * 2
.text  C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe[3424] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                 0000000076cca30a 1 byte [62]
.text  C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe[3424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                               0000000075d51465 2 bytes [D5, 75]
.text  C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe[3424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                              0000000075d514bb 2 bytes [D5, 75]
.text  ...                                                                                                                                                                                                   * 2
.text  C:\Users\Toshiba\Downloads\Gmer-19357.exe[5388] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                 0000000076cca30a 1 byte [62]

---- Registry - GMER 2.1 ----

Reg    HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files (x86)\Electronic Arts\SimCity\x2122 Societies\PackageInstaller.exe                1
Reg    HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files (x86)\Electronic Arts\SimCity\x2122 Societies\dotnetfx.exe                        1
Reg    HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files (x86)\Electronic Arts\SimCity\x2122 Societies\Support\SimCity Societies_code.exe  1

---- EOF - GMER 2.1 ----
         
- Malwarebytes: Die Log ist zu lang, daher im Anhang des nächsten beitrages (kann man bei Änderung eines Beitrag keinen Anhang mehr zusetzen?)
- Avira: Ich komme bei Avira nicht zur Datei, die ich exportieren habe lassen (fehlen die Rechte als Admin?), ich finde sie, kann aber nicht drauf zugreifen. Folgt noch.
Danke im Voraus, und Frohe Ostern!
__________________


Geändert von Sarai (03.04.2015 um 18:21 Uhr) Grund: Malwarebytes Log zu lang.

Alt 03.04.2015, 18:55   #3
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Wörter gelinkt, führen zu Werbung - Standard

Windows 7: Wörter gelinkt, führen zu Werbung



hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Bundled software uninstaller

    DomaIQ Uninstaller


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
__________________

Alt 03.04.2015, 18:57   #4
Sarai
 
Windows 7: Wörter gelinkt, führen zu Werbung - Standard

Windows 7: Wörter gelinkt, führen zu Werbung



Malwarebytes im Anhang.

Alt 03.04.2015, 21:50   #5
Sarai
 
Windows 7: Wörter gelinkt, führen zu Werbung - Standard

Windows 7: Wörter gelinkt, führen zu Werbung



Hallo Schrauber,

vielen Dank, dass Du mir sogar Feiertags hilfst, und so schnell.

Ich habe alles so durchgeführt, wie Du es gesagt hast.

Eine Fehlermeldung kam bei dem Revo für beide Programme:
Deinstallation kann nicht ausgeführt werden. Trotzdem waren danach das Programm aus Revo verschwunden.
Ich hoffe, ich habe damit jetzt nichts verkompliziert.

Combofix gab mir keine Fehlermeldung. Hier die ausgegebene Log:

Code:
ATTFilter
ComboFix 15-04-01.01 - Toshiba 03.04.2015  22:16:35.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.7655.3426 [GMT 2:00]
ausgeführt von:: c:\users\Toshiba\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\SPL8725.tmp
c:\users\Toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\extservices_crp.php
c:\users\Toshiba\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Toshiba\kailleraclient.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-03-03 bis 2015-04-03  ))))))))))))))))))))))))))))))
.
.
2015-04-03 15:13 . 2015-04-03 19:47	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-03 15:12 . 2014-11-21 04:14	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-04-03 15:12 . 2014-11-21 04:14	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-04-03 15:12 . 2015-04-03 15:12	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-04-02 19:42 . 2015-04-02 19:42	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-04-02 19:34 . 2015-04-03 16:27	--------	d-----w-	C:\FRST
2015-04-02 18:29 . 2015-03-14 10:02	12002392	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97580D5A-800F-411F-B9B2-B78EFF26182E}\mpengine.dll
2015-04-02 14:59 . 2015-04-03 16:23	--------	d-----w-	c:\program files (x86)\yellow cabs
2015-04-01 18:15 . 2015-03-14 10:02	12002392	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-31 14:53 . 2015-03-26 16:37	1187344	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E46417E-29C7-4509-896A-AF93F3F8DB86}\gapaengine.dll
2015-03-08 20:19 . 2015-03-08 20:20	--------	d-----w-	c:\program files (x86)\Common Files\BioWare
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-26 16:37 . 2013-04-24 08:11	1187344	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-04 16:22 . 2014-09-22 15:27	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-04 13:32 . 2013-09-26 16:45	44088	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2015-03-04 13:32 . 2013-09-26 16:45	132120	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-03-04 13:32 . 2013-09-26 16:45	128536	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-03-03 13:17 . 2010-11-21 03:27	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-02-05 20:40 . 2012-09-02 12:29	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 20:40 . 2012-09-02 12:29	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 20:40 . 2015-02-05 19:40	18129584	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-08-07 10:51	297128	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-06-29 1409424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-11 343168]
"lxdvmon.exe"="c:\program files (x86) (x86)\Lexmark X5400 Series\lxdvmon.exe" [2009-07-07 455336]
"lxdvamon"="c:\program files (x86) (x86)\Lexmark X5400 Series\lxdvamon.exe" [2009-07-07 25256]
"Lexmark X5400 Series"="c:\program files (x86) (x86)\Lexmark X5400 Series\fm3032.exe" [2009-07-07 307880]
"Lexmark 5400 Series"="c:\program files (x86)\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-10 4085896]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-04-01 726320]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Monitor.lnk - c:\program files (x86)\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2013-4-14 91464]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
simplicheck.lnk - c:\program files (x86)\simplitec\simplicheck\simplicheck.exe -timer [2012-10-22 2936168]
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-8-10 1470848]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys;c:\windows\SYSNATIVE\drivers\QIOMem.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R4 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-21 19:17	1061704	----a-w-	c:\program files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-10 20:40]
.
2015-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10 17:12]
.
2015-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10 17:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-05-27 15:49	357376	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-10 14:22	634872	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2011-08-10 150992]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"lxctmon.exe"="c:\program files (x86)\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760]
"EzPrint"="c:\program files (x86)\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCTtime.dll" [2006-11-21 31744]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
uDefault_Search_URL = www.google.com
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uInternet Settings,ProxyOverride = <-loopback>
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Zu TOSHIBA Bulletin Board hinzufügen - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\u99k3oq3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.speedbit.com/search.aspx?s=D1Db105&q=
FF - prefs.js: browser.search.selectedEngine - Astromenda
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/search.aspx?s=D1Db105&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-EfficientCalendarFree - (no file)
c:\users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk - c:\users\Toshiba\AppData\Roaming\Windows Net Data\net.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1137706452-944283701-392776631-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:fd,86,b6,24,ee,82,85,8d,b4,0b,b4,34,d6,23,56,d7,4d,fb,57,55,08,1a,a2,
   d7,70,b3,a6,99,cb,da,eb,aa,92,ae,a0,5c,e5,fe,85,c3,58,d6,9c,c1,a8,ee,08,3c,\
"??"=hex:d9,eb,e8,87,54,a1,8d,80,f0,7a,3a,0f,c2,c7,4d,2a
.
[HKEY_USERS\S-1-5-21-1137706452-944283701-392776631-1000\Software\SecuROM\License information*]
"datasecu"=hex:01,b7,c4,fa,1e,c0,c1,b4,c9,d3,72,97,64,56,ad,d8,aa,d3,05,10,62,
   e0,1a,94,c6,9c,54,b5,ed,1e,61,53,20,00,70,00,07,82,a1,c3,dc,19,62,04,3e,3e,\
"rkeysecu"=hex:6e,be,6c,f7,45,7e,98,68,55,64,e3,d3,6b,5a,9a,23
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-04-03  22:43:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-04-03 20:43
.
Vor Suchlauf: 15 Verzeichnis(se), 105.627.971.584 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 107.449.495.552 Bytes frei
.
- - End Of File - - 667C44AB1BE718CCDD82D7AA85A4C8C3
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 04.04.2015, 11:27   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Wörter gelinkt, führen zu Werbung - Standard

Windows 7: Wörter gelinkt, führen zu Werbung



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Windows 7: Wörter gelinkt, führen zu Werbung

Antwort

Themen zu Windows 7: Wörter gelinkt, führen zu Werbung
adware, antivirus, avira, branding, browser, converter, device driver, excel, firefox, flash player, helper, homepage, iexplore.exe, installmanager.exe, internet, maus, monitor, rundll, scan, security, server, software, svchost.exe, trojaner, usb, virus, werbung, windows, windows 7 64 bit, wlan




Ähnliche Themen: Windows 7: Wörter gelinkt, führen zu Werbung


  1. Einzelne Wörter werden blau unterstrichen wenn ich auf sie drücke werde ich zu Werbung gelinkt
    Plagegeister aller Art und deren Bekämpfung - 27.05.2015 (7)
  2. Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen.
    Log-Analyse und Auswertung - 13.11.2014 (11)
  3. Windows 7: Chrome öffnet Fenster, Tabs und PopUps mit Werbung und Wörter doppelt blau unterstrichen
    Log-Analyse und Auswertung - 10.09.2014 (9)
  4. Windows 8 unterstreicht Wörter doppelt und überall blinkt Werbung auf
    Plagegeister aller Art und deren Bekämpfung - 08.09.2014 (3)
  5. Win8 ungewollte Werbung (Wörter in Text öffnen Werbung)
    Plagegeister aller Art und deren Bekämpfung - 20.07.2014 (10)
  6. Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung
    Log-Analyse und Auswertung - 15.07.2014 (13)
  7. Windows 8.1 Chrome : blau unterstrichene wörter + unnötige werbung
    Log-Analyse und Auswertung - 05.07.2014 (7)
  8. Windows 7: Webseiten werden auf Werbung umgeleitet; ständig erscheinende Werbe-Pop-Ups und blau markierte Wörter
    Log-Analyse und Auswertung - 03.07.2014 (18)
  9. Doppelt unterstrichende wörter bei Firefox, die Werbung bublizieren (Windows 8)
    Log-Analyse und Auswertung - 18.06.2014 (7)
  10. Windows 8.1, Firefox, Wörter doppelt blau unterstrichen, Werbung an den Seiten und am unteren Bildschirmrand
    Plagegeister aller Art und deren Bekämpfung - 06.06.2014 (12)
  11. Windows 7: zufällige Wörter blau und doppelt unterstrichen - aufdringliche Werbung
    Log-Analyse und Auswertung - 26.04.2014 (13)
  12. Windows 7-Chrome-blau unterstrichene Wörter WERBUNG!
    Plagegeister aller Art und deren Bekämpfung - 10.04.2014 (9)
  13. Windows 8: Einzelne Wörter grün, doppelt unterstrichen und verlinkt mit Werbung etc.
    Plagegeister aller Art und deren Bekämpfung - 21.03.2014 (14)
  14. Werbung im Browser; Unterstrichene Wörter mit Werbung; Taskleiste zeigt kurz ein Symbol
    Plagegeister aller Art und deren Bekämpfung - 17.03.2014 (4)
  15. Computer läuft langsam und bunt unterstrichene Wörter führen zu Werbung...
    Plagegeister aller Art und deren Bekämpfung - 06.11.2013 (7)
  16. Windows 8 wörter im Firefox unterstrichen viel Werbung oft keine Rückmeldung beim Rechtsklick
    Plagegeister aller Art und deren Bekämpfung - 09.10.2013 (23)
  17. Wörter sind verlinkt und führen clickcompage.info
    Plagegeister aller Art und deren Bekämpfung - 07.06.2013 (9)

Zum Thema Windows 7: Wörter gelinkt, führen zu Werbung - Hallo, ich habe seit gestern einen Virus auf meinem PC, durch den mir plötzlich wahllos Wörter im Browser unterstrichen und als Links angezeigt werden. Wenn ich mit der Maus drüber - Windows 7: Wörter gelinkt, führen zu Werbung...
Archiv
Du betrachtest: Windows 7: Wörter gelinkt, führen zu Werbung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.