|
Log-Analyse und Auswertung: C-Laufwerk füllt sich von selbstWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.04.2015, 10:13 | #1 |
| C-Laufwerk füllt sich von selbst Hallo liebes Trojaner-Board-Team, Mein C-Laufwerk hat plötzlich nur noch einen freien Speicher von 10GB. Etwa vor 2 Monaten habe ich alle grossen Programme (>2GB) deinstalliert um Platz zu schaffen, danach hatte ich ca. 65GB freien Speicherplatz. Es ist mir auch aufgefallen, dass sich die Festplatte von selber füllt, ohne dass ich den PC überhaupt aktiv benutze. Kann mir jemand sagen was hier falsch läuft und wie ich dagegen vorgehen kann? Ich habe jeweils ein Scan mit dem ADWCleaner-Scan und ein OTL-Scan durchgeführt, ich hoffe Ihr könnt damit etwas anfangen. Vielen Dank schon im Voraus Freundliche Grüsse Heinz Anhang 73659 |
13.04.2015, 10:37 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | C-Laufwerk füllt sich von selbst Hi und
__________________Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
13.04.2015, 11:44 | #3 |
| C-Laufwerk füllt sich von selbst Hallo cosinus,
__________________Ok hier der Text aus den Log-Files. Ich habe jetzt nacheinander den Text aus dem Adw-Scan, dann den Text aus dem OTL-Scan und schlussendlich noch den Text aus dem Extras-Textfile (das beim OTL-Scan entsteht) hereinkopiert:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.201 - Bericht erstellt 12/04/2015 um 16:01:37 # Aktualisiert 08/04/2015 von Xplode # Datenbank : 2015-04-08.1 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64) # Benutzername : Ivo - LINN-TOSHIBA # Gestarted von : C:\Users\Ivo\Desktop\AdwCleaner_4.201.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\BitGuard Ordner Gelöscht : C:\ProgramData\DSearchLink Ordner Gelöscht : C:\ProgramData\Partner Ordner Gelöscht : C:\ProgramData\Ap Ordner Gelöscht : C:\Program Files (x86)\Whilokii Ordner Gelöscht : C:\Users\Ivo\AppData\Local\Temp\OCS Ordner Gelöscht : C:\Users\Ivo\AppData\Local\PackageAware Ordner Gelöscht : C:\Users\Ivo\AppData\LocalLow\Delta Ordner Gelöscht : C:\Users\Ivo\AppData\LocalLow\Doko-Toolbar Ordner Gelöscht : C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard Datei Gelöscht : C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_edcikfknpchdehdlmjpbofgkoaonaijg_0.localstorage ***** [ Geplante Tasks ] ***** Task Gelöscht : BitGuard ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\iaimhpklononapfjngelgdokckfjekfc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKCU\Software\d53d6d8b268be41 Schlüssel Gelöscht : HKLM\SOFTWARE\d53d6d8b268be41 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1} Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\BABSOLUTION Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\Delta Schlüssel Gelöscht : HKCU\Software\IGearSettings Schlüssel Gelöscht : HKCU\Software\Myfree Codec Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Whilokii Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Delta Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec Schlüssel Gelöscht : HKLM\SOFTWARE\Whilokii Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{c16c1~1\bitguard.dll Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17689 -\\ Google Chrome v41.0.2272.118 [C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : iaimhpklononapfjngelgdokckfjekfc [C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] : hxxp://www.doko-search.com/?babsrc=HP_ss&mntrId=FE8124EC9928EAA2&affID=125836&tsp=5039 ************************* AdwCleaner[R0].txt - [6264 Bytes] - [12/04/2015 15:59:56] AdwCleaner[S0].txt - [5499 Bytes] - [12/04/2015 16:01:37] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5558 Bytes] ########## OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.04.2015 17:23:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ivo\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17691) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 7.96 Gb Total Physical Memory | 5.48 Gb Available Physical Memory | 68.78% Memory free 15.93 Gb Paging File | 13.01 Gb Available in Paging File | 81.70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146.48 Gb Total Space | 17.86 Gb Free Space | 12.19% Space Free | Partition Type: NTFS Drive D: | 534.82 Gb Total Space | 474.83 Gb Free Space | 88.78% Space Free | Partition Type: NTFS Computer Name: LINN-TOSHIBA | User Name: Ivo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2015.04.12 17:18:47 | 002,018,360 | ---- | M] (Spotify Ltd) -- C:\Users\Ivo\AppData\Roaming\Spotify\SpotifyWebHelper.exe PRC - [2015.04.12 15:57:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ivo\Desktop\OTL.exe PRC - [2015.04.02 20:38:14 | 043,382,072 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ivo\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2015.04.02 16:06:29 | 005,227,648 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe PRC - [2015.01.08 10:20:42 | 000,013,312 | ---- | M] () -- C:\Windows\SysWOW64\SMITSC.exe PRC - [2014.12.20 12:07:21 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2014.12.19 09:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2014.01.10 07:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2013.10.28 06:10:00 | 008,487,800 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe PRC - [2013.10.28 06:10:00 | 003,097,464 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe PRC - [2013.10.10 23:47:38 | 000,558,480 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2012.09.06 22:11:30 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe PRC - [2012.09.06 22:06:14 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe PRC - [2012.06.06 16:31:56 | 003,076,096 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe PRC - [2012.06.05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe PRC - [2012.05.30 08:08:28 | 001,842,384 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe PRC - [2012.02.05 06:41:10 | 000,231,328 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe PRC - [2012.02.05 06:40:56 | 000,219,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe PRC - [2012.02.04 22:47:54 | 000,251,808 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe PRC - [2012.02.04 22:16:54 | 002,824,104 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2012.01.21 01:29:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.01.05 12:59:50 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.08.08 22:43:00 | 000,690,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2011.08.08 22:36:00 | 000,087,960 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2010.11.21 05:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2010.09.17 15:28:14 | 000,577,792 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe PRC - [2010.09.17 15:28:06 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe PRC - [2010.09.07 01:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe PRC - [2008.10.01 18:28:56 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2015.04.12 17:18:42 | 000,043,008 | ---- | M] () -- c:\users\ivo\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxuleol.dll MOD - [2015.03.14 14:49:21 | 038,714,440 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll MOD - [2015.03.04 23:45:30 | 000,865,280 | ---- | M] () -- C:\Users\Ivo\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll MOD - [2015.03.04 23:45:30 | 000,750,080 | ---- | M] () -- C:\Users\Ivo\AppData\Roaming\Dropbox\bin\libGLESv2.dll MOD - [2015.03.04 23:45:30 | 000,200,704 | ---- | M] () -- C:\Users\Ivo\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll MOD - [2015.03.04 23:45:30 | 000,047,616 | ---- | M] () -- C:\Users\Ivo\AppData\Roaming\Dropbox\bin\libEGL.dll MOD - [2014.01.10 07:28:18 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2014.01.10 07:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2012.01.25 19:57:12 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosGatt.dll MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll MOD - [2008.09.29 17:37:44 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\sqlite3.dll ========== Services (SafeList) ========== SRV:64bit: - [2015.02.20 04:35:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2014.12.20 12:07:21 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2014.12.20 12:06:50 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Stopped] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc) SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2012.01.20 13:27:28 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.12.16 08:16:48 | 000,583,088 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2011.12.15 00:11:38 | 000,833,976 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2011.11.26 03:52:36 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2011.11.24 22:20:38 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2010.10.20 23:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2015.02.05 09:54:36 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2015.01.08 10:20:42 | 000,013,312 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\SMITSC.exe -- (SMITS) SRV - [2014.12.19 09:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2014.12.11 11:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2014.11.25 17:20:40 | 001,900,400 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service) SRV - [2014.04.11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2014.03.21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2014.02.25 23:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.10.28 06:10:00 | 003,097,464 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe) SRV - [2013.10.10 23:47:38 | 000,558,480 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.06.05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2012.01.21 01:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.07.12 02:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2011.04.02 02:42:00 | 000,198,064 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2011.02.10 10:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.09.17 15:28:06 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014.12.21 16:10:35 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx) DRV:64bit: - [2014.12.20 12:07:31 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2014.12.20 12:07:31 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm) DRV:64bit: - [2014.12.20 12:07:30 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP) DRV:64bit: - [2014.12.20 12:07:30 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2014.12.20 12:07:30 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2014.12.20 12:07:30 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid) DRV:64bit: - [2014.12.20 12:07:28 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2014.12.20 12:06:50 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv) DRV:64bit: - [2014.05.19 15:40:00 | 000,700,296 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uim_im.sys -- (Uim_IM) DRV:64bit: - [2014.05.19 15:40:00 | 000,102,664 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\UimBus.sys -- (UimBus) DRV:64bit: - [2014.05.19 15:40:00 | 000,025,992 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uim_devim.sys -- (Uim_DEVIM) DRV:64bit: - [2014.01.22 09:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2013.10.10 23:31:34 | 000,052,080 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64-6.sys -- (vpnva) DRV:64bit: - [2013.10.10 23:29:26 | 000,112,496 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2013.08.21 06:31:40 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.20 14:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:64bit: - [2012.08.20 14:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:64bit: - [2012.07.17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.30 23:14:00 | 000,304,696 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd) DRV:64bit: - [2012.01.20 13:53:32 | 010,731,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.01.20 12:34:36 | 000,328,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.01.17 00:49:14 | 000,103,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2012.01.05 12:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.05 12:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.05 12:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.12.23 04:22:12 | 000,412,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.12.23 04:22:10 | 000,021,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv) DRV:64bit: - [2011.12.17 02:24:00 | 000,079,040 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb) DRV:64bit: - [2011.12.05 23:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.12.01 12:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol) DRV:64bit: - [2011.12.01 12:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp) DRV:64bit: - [2011.11.30 04:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.10.21 11:45:14 | 002,791,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.08.09 02:53:28 | 000,045,168 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.07.28 23:33:50 | 000,313,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2011.03.19 00:03:18 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.09 04:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2010.11.29 20:47:00 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.11 19:27:00 | 000,050,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp) DRV:64bit: - [2010.08.30 19:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid) DRV:64bit: - [2010.06.19 01:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec) DRV:64bit: - [2010.04.26 20:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd) DRV:64bit: - [2009.07.31 05:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009.07.24 20:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds) DRV:64bit: - [2009.07.15 01:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.07 17:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk) DRV:64bit: - [2009.06.20 04:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009.06.17 21:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 16:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.05 16:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV - [2013.03.07 10:06:02 | 000,042,144 | ---- | M] (Beckhoff Automation GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\CxDevice.sys -- (CxDevice) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{41473E08-0591-4013-8C67-77933D207F3D}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA; IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{41473E08-0591-4013-8C67-77933D207F3D}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA; IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA IE - HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ivo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015.02.12 19:07:56 | 000,000,000 | ---D | M] [2013.09.24 13:16:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - default_search_provider: (Enabled) CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - plugin: Error reading preferences file CHR - Extension: No name found = C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.12_0\ CHR - Extension: No name found = C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\ CHR - Extension: No name found = C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\ CHR - Extension: No name found = C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SRS Premium Sound HD] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.) O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-21-1620153069-3634999086-2626984608-1000..\Run: [Facebook Update] C:\Users\Ivo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-1620153069-3634999086-2626984608-1000..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc) O4 - HKU\S-1-5-21-1620153069-3634999086-2626984608-1000..\Run: [Spotify] C:\Users\Ivo\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-1620153069-3634999086-2626984608-1000..\Run: [Spotify Web Helper] C:\Users\Ivo\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ivo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab (Java Plug-in 11.40.2) O16 - DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab (Java Plug-in 1.8.0_40) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab (Java Plug-in 1.8.0_40) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FF189A9-47B8-49C2-89E9-297967128391}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEC458C8-4D11-45C2-947F-F5AFC2D3E299}: DhcpNameServer = 192.168.0.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015.04.12 15:57:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2015.04.12 15:57:49 | 000,000,000 | ---D | C] -- \AdwCleaner [2015.04.12 15:57:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ivo\Desktop\OTL.exe [2015.04.12 15:51:48 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Roaming\JAM Software [2015.04.12 15:51:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JAM Software [2015.04.06 10:59:56 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Local\{5A8C56A8-A674-41B0-BB62-F5FD95CAC199} [2015.04.05 10:06:32 | 000,000,000 | --SD | C] -- C:\windows\SysWow64\GWX [2015.04.05 10:06:32 | 000,000,000 | --SD | C] -- C:\windows\SysNative\GWX [4 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2015.04.12 17:23:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2015.04.12 17:18:50 | 000,001,811 | ---- | M] () -- C:\Users\Ivo\Desktop\Spotify.lnk [2015.04.12 17:17:50 | 000,000,598 | ---- | M] () -- C:\windows\tasks\MATLAB R2012a Startup Accelerator.job [2015.04.12 17:17:40 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2015.04.12 17:17:40 | 000,000,350 | ---- | M] () -- C:\windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job [2015.04.12 17:17:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2015.04.12 17:17:36 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2015.04.12 16:13:48 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2015.04.12 16:13:48 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2015.04.12 16:06:30 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock [2015.04.12 16:05:15 | 2118,230,015 | -HS- | M] () -- C:\hiberfil.sys [2015.04.12 15:57:37 | 002,217,984 | ---- | M] () -- C:\Users\Ivo\Desktop\AdwCleaner_4.201.exe [2015.04.12 15:57:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ivo\Desktop\OTL.exe [2015.04.12 15:51:36 | 000,001,236 | ---- | M] () -- C:\Users\Ivo\Desktop\TreeSize Free.lnk [2015.04.12 15:16:07 | 000,000,920 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1620153069-3634999086-2626984608-1000UA.job [2015.04.11 14:50:17 | 001,620,612 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2015.04.11 14:50:17 | 000,699,666 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2015.04.11 14:50:17 | 000,654,464 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2015.04.11 14:50:17 | 000,149,774 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2015.04.11 14:50:17 | 000,122,336 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2015.04.10 14:34:08 | 000,001,145 | ---- | M] () -- C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015.04.08 11:25:21 | 001,171,525 | ---- | M] () -- C:\Users\Ivo\Desktop\Scan_linni1_08-04-2015_11-25-18_0420_001.pdf [2015.04.07 08:37:39 | 000,000,898 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1620153069-3634999086-2626984608-1000Core.job [2015.04.03 09:58:05 | 001,594,892 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2015.04.01 14:34:27 | 001,347,309 | ---- | M] () -- C:\Users\Ivo\Desktop\AMAX Aufgabenstellung (3).jpg [2015.04.01 14:34:27 | 001,145,222 | ---- | M] () -- C:\Users\Ivo\Desktop\AMAX Aufgabenstellung (2).jpg [2015.04.01 14:34:26 | 000,779,740 | ---- | M] () -- C:\Users\Ivo\Desktop\AMAX Aufgabenstellung (1).jpg [2015.04.01 14:30:04 | 001,209,465 | ---- | M] () -- C:\Users\Ivo\Desktop\Funktionsstruktur & Blackbox AMAX.pdf [4 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2015.04.12 17:18:50 | 000,001,811 | ---- | C] () -- C:\Users\Ivo\Desktop\Spotify.lnk [2015.04.12 16:06:30 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock [2015.04.12 15:57:29 | 002,217,984 | ---- | C] () -- C:\Users\Ivo\Desktop\AdwCleaner_4.201.exe [2015.04.12 15:51:36 | 000,001,236 | ---- | C] () -- C:\Users\Ivo\Desktop\TreeSize Free.lnk [2015.04.11 14:41:38 | 3002,156,788 | ---- | C] () -- C:\Users\Ivo\Desktop\nx-9.0.0-64bit.zip [2015.04.10 15:06:18 | 001,079,621 | ---- | C] () -- C:\Users\Ivo\Desktop\NX9 config BFH De v1.2.pdf [2015.04.08 11:24:31 | 001,171,525 | ---- | C] () -- C:\Users\Ivo\Desktop\Scan_linni1_08-04-2015_11-25-18_0420_001.pdf [2015.04.01 14:29:18 | 001,209,465 | ---- | C] () -- C:\Users\Ivo\Desktop\Funktionsstruktur & Blackbox AMAX.pdf [2015.04.01 07:33:28 | 001,347,309 | ---- | C] () -- C:\Users\Ivo\Desktop\AMAX Aufgabenstellung (3).jpg [2015.04.01 07:33:26 | 001,145,222 | ---- | C] () -- C:\Users\Ivo\Desktop\AMAX Aufgabenstellung (2).jpg [2015.04.01 07:33:26 | 000,779,740 | ---- | C] () -- C:\Users\Ivo\Desktop\AMAX Aufgabenstellung (1).jpg [2015.03.02 10:31:31 | 000,013,312 | ---- | C] () -- C:\windows\SysWow64\SMITSC.exe [2015.03.02 09:55:36 | 000,053,760 | ---- | C] () -- C:\windows\SysWow64\svccontrol.exe [2015.03.02 09:55:36 | 000,051,712 | ---- | C] () -- C:\windows\SysWow64\svcconfig.exe [2013.01.03 13:50:40 | 000,003,584 | ---- | C] () -- C:\Users\Ivo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.05 10:28:55 | 2118,230,015 | -HS- | C] () -- \hiberfil.sys [2012.03.07 09:41:40 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK [2012.03.07 09:41:37 | 000,383,786 | RHS- | C] () -- \bootmgr ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015.02.13 07:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015.02.13 07:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 83 bytes -> C:\Users\Ivo\Desktop\PA2 & Thesis.lnk:com.dropbox.attributes @Alternate Data Stream - 22 bytes -> C:\Users\Ivo\Desktop\NX9 config BFH De v1.2.pdf:com.apple.quarantine @Alternate Data Stream - 172 bytes -> C:\Users\Ivo\Desktop\de_Thesisvorlage_mit_Titelbild.dot:com.dropbox.attributes @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373E1720 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.04.2015 17:23:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ivo\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17691) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 7.96 Gb Total Physical Memory | 5.48 Gb Available Physical Memory | 68.78% Memory free 15.93 Gb Paging File | 13.01 Gb Available in Paging File | 81.70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146.48 Gb Total Space | 17.86 Gb Free Space | 12.19% Space Free | Partition Type: NTFS Drive D: | 534.82 Gb Total Space | 474.83 Gb Free Space | 88.78% Space Free | Partition Type: NTFS Computer Name: LINN-TOSHIBA | User Name: Ivo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1620153069-3634999086-2626984608-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG) "C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG) "C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04CF3323-EEC1-4386-9331-3613E2B5A580}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{080AAD9D-5F9D-487D-8CB5-1EC4219F03B6}" = lport=10243 | protocol=6 | dir=in | app=system | "{0ED12AD1-8E94-4D35-866F-34F94A36D79F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{110C6A11-288F-4515-BC30-493EAEF48E1B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1729BE1C-4B7B-4018-8A3E-19054B31F103}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1C8068F5-4162-4782-9F02-D71F9AEBB2D2}" = rport=10243 | protocol=6 | dir=out | app=system | "{441A034B-FF95-4D56-904E-E988B428A753}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{47DC39DF-DABA-4A22-A98D-DCFCEA6919C5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4969F1C1-367D-453E-989E-DE63FE2CB9AA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{53AA5D11-BE0C-4AC7-94FC-BF6616A6F9D4}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{553A8C25-367E-4A87-9D9B-38EA5AE3010A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{6BD8F6D7-5C40-44B5-81B8-83443F3AEA8F}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | "{6D0B7C13-B436-46C6-BACA-79B61472EEE6}" = lport=138 | protocol=17 | dir=in | app=system | "{6D47C877-EEAD-4432-BB5C-6BFB37623765}" = lport=2869 | protocol=6 | dir=in | app=system | "{6EDB858A-5810-44A7-88CD-ECBDFB1A506D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6FEBAA45-8F52-467D-8CD1-F313747F435E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7315717C-47F6-4100-94A1-3254DE962F8D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{774F1502-7CE4-48DD-8FDE-1132B486456C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{78B64765-82DC-4A86-AB4D-AD932AFB022E}" = lport=139 | protocol=6 | dir=in | app=system | "{7BB29328-7F87-49EF-8FEF-E4A3E2D56046}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{80CC1D1B-E9F1-4813-9471-991EB03CBC97}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8A6A5189-18E2-4FB8-A143-D76BEE727F61}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8DB28CC4-B57F-42C2-AFC2-85ABA296147D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{91EBE82C-FFAD-4888-AEFA-186AF0C67111}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{956C160F-2B79-4D5C-847E-BDE998374E86}" = lport=137 | protocol=17 | dir=in | app=system | "{974B6ACB-C8BE-4C54-BC76-F4E63A762A61}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A25430D1-2CA5-4F7F-A8A9-FF9A274ECCB5}" = rport=139 | protocol=6 | dir=out | app=system | "{AEB032CB-CE37-4B1D-9DEE-CB2B6F772500}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B9C598FD-260E-49D2-A7F2-126C44130F30}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{D7B0C840-80C1-4467-8719-139F5A468BD8}" = lport=2869 | protocol=6 | dir=in | app=system | "{D8E3A4C5-DED6-4A63-9FEE-2119435709B5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DF68EFC3-1910-404D-8941-79BCBFDD86ED}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{E45A3F3A-FAC9-45F3-9833-5390B17369A1}" = lport=445 | protocol=6 | dir=in | app=system | "{E466C0B7-0B86-4A23-9B43-38E9083EA36B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E612ECA0-9AB6-434A-B4AE-11AB9E5367D2}" = rport=138 | protocol=17 | dir=out | app=system | "{E755ECD7-8921-4D18-8431-6F46FC480252}" = rport=137 | protocol=17 | dir=out | app=system | "{F00A9EA3-DE58-4C00-B5EA-9F7BE8D7EA2E}" = rport=445 | protocol=6 | dir=out | app=system | "{F3A0EA5A-865E-4180-B9B0-D6FA86E41311}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{FE484182-5992-4844-B737-4FAD8DEAA144}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0594E3C7-2444-40DB-BF27-906737588A8B}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{12231C58-AE36-4D40-8B4F-3B634EEAA8BE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{129AFBC7-4A22-4063-A47B-AF3D5E5558DF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1A1D3155-D60F-465E-8669-D5C71877FCBC}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | "{1AC32534-F98C-42F6-9468-E8001BC52F9E}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | "{1F2C896E-BE64-409D-B09F-A9E7371A036C}" = protocol=6 | dir=in | app=c:\program files\siemens\nx 8.0\ugii\ugraf.exe | "{2A1A2531-D968-40CC-B4F8-C1A927C3A2B1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{365F34FB-8519-4D9B-915F-E18C5D7769EA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{3736C835-30C1-47CB-BCE7-0901D16A9EC2}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | "{3B59ECD5-528C-4D60-8800-53BD3A6DB59C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3BCE00CD-EA55-4149-945C-EFAF04D035AE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3FE99933-579F-45B4-BAEC-34EE555F460E}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | "{4D0B2ECB-924C-4216-BAC8-8DB73D6CC202}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{596F1228-FE7B-47CE-858C-543A61887AE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{6941C8C9-2505-4000-8A84-03F57F8E3B37}" = protocol=6 | dir=out | app=system | "{701D2C20-C672-492F-B24F-C050ACF5D04B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7215E09F-B26C-47F9-88E1-B0C4FD4985B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7506F75F-9804-4062-9B03-E71FB1473A80}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{81688914-B9AD-4E44-95B2-32851986D49E}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | "{9BC6814C-AC9F-49D9-87C0-8342461C0AC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9F4FFDD9-D9C8-44C0-A424-6814164B515C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A23DA0F9-FD8E-4EED-9BF4-0A3F02B4965C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A828FB45-A78D-46DE-A964-9DCBC08067C5}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | "{A8D65392-F9C5-4F2D-883C-9A849A016D5F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A989B1BC-54ED-46B4-BD08-E3C55F379976}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl10g\faxrx.exe | "{AE16A041-785C-46C3-A4D8-555759CF81EB}" = protocol=17 | dir=in | app=c:\users\ivo\appdata\roaming\dropbox\bin\dropbox.exe | "{B84A2118-0284-46B7-942E-5BF62D68D816}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B95AF3D6-CC8B-4B90-A693-C0C7D721C617}" = protocol=6 | dir=in | app=c:\users\ivo\appdata\roaming\dropbox\bin\dropbox.exe | "{BB4B0C46-2714-41E9-AEBF-1D3C3A46808B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{C0308FC1-1756-4237-A08C-B0B4DF08BB0C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{C31EA902-4B02-4A3F-B418-B14C16BF2BB7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C81DEDEE-F6BA-4B13-AA46-CFCC787EFF9D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{C8EC7F99-FF06-4EA7-AB3E-7A6B272279A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{CE66349C-742A-42E5-8867-8C99DBD979BB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{CFEEEC6C-B92C-47F9-802B-EE0F70784C03}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{D42CDD8A-3952-40D2-9D94-0C13F0366A2F}" = dir=in | app=c:\users\ivo\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{D8EBC039-BB86-4582-9C33-1530EE55B6BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{DC59D5D9-B38B-42FB-AF79-7ED6E30E7A89}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{E64D7D0B-FB0D-4DE0-8A5C-851FB1F53B67}" = dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | "{EA38464D-DD89-44FE-9C12-8D385B7396D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{EA8C0AB1-C139-4686-B656-8A4E29EA00DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{EABFE256-19A2-48EE-9181-C687B3E95A88}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{ECD76C63-FE05-48E1-9A7B-5A88D04CA67F}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | "{ED402141-D141-413E-B908-3908F90BFF90}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{ED7F6049-D61F-458A-A7EE-24E34D802CB7}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl10g\faxrx.exe | "{F9A72F59-1CC2-4313-A754-7D99136401AC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FAC2EC13-1EF2-4514-8D50-098ED6010938}" = protocol=17 | dir=in | app=c:\program files\siemens\nx 8.0\ugii\ugraf.exe | "TCP Query User{031EDDF6-736C-4D00-8EBD-811A04DDAEE4}C:\users\ivo\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ivo\appdata\roaming\spotify\spotify.exe | "TCP Query User{139B817C-A1AA-4BEA-921F-909BDE7EE6FE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{32CBB92D-8D41-4ECF-8510-81DF50D04D00}C:\users\ivo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ivo\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{AA2B0E52-1B5F-4352-8328-D56DB82AB144}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{DEAFEAEC-F0B5-455B-AB7C-14589AAD8848}C:\program files\siemens\nx 8.0\ugii\ugraf.exe" = protocol=6 | dir=in | app=c:\program files\siemens\nx 8.0\ugii\ugraf.exe | "UDP Query User{040A08AF-4256-4300-91AD-15B6C230EE2A}C:\users\ivo\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ivo\appdata\roaming\spotify\spotify.exe | "UDP Query User{1C713344-48D9-4880-AE09-F618D44E505F}C:\users\ivo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ivo\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{4CB09F1B-16DE-4199-BC75-63AF7A5EE786}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{67329848-3613-43E4-BC83-8797CAAB2703}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{7C841CE5-ADE0-4F68-9A77-ECDC9C72A89B}C:\program files\siemens\nx 8.0\ugii\ugraf.exe" = protocol=17 | dir=in | app=c:\program files\siemens\nx 8.0\ugii\ugraf.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{180500C1-57BB-3AA8-8E55-DCD5ECD16537}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2 "{26A24AE4-039D-4CA4-87B4-2F86418040F0}" = Java 8 Update 40 (64-bit) "{27C3DB42-A9C1-4B44-A164-93849D160D12}" = TOSHIBA Blu-ray Disc Player "{2C486987-D447-4E36-8D61-86E48E24199C}" = TOSHIBA eco Utility "{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU "{439A73C2-8CFA-4630-8484-36BCA2AEBB0A}" = Premium Sound HD "{4BC12C41-9B5B-AEF9-0A63-EE2AA19FBFB8}" = ccc-utility64 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch) "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2 "{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor "{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 "{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{BD62A012-1D08-4A38-9982-488618B12E95}" = CodeMeter Runtime Kit v5.10 "{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU "{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU "{C4AB999A-D981-4913-BA26-E4776B598E7D}" = PTC Mathcad Prime 3.0 "{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU) "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1 "{F856881A-D370-B1A7-2AFF-128F4AA93558}" = AMD Catalyst Install Manager "7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) "CCleaner" = CCleaner "EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1 "Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 2.0.4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{0AB6726B-2C04-75E6-D30A-AA8C0E26E46A}" = CCC Help Japanese "{0AF17224-CF88-40B8-BB1A-D179369847B4}" = TOSHIBA Supervisor Password "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 "{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}" = Brother MFL-Pro Suite MFC-J6910DW "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1B341C66-33EB-BAF0-6138-38AD1A502527}" = Catalyst Control Center "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1D74451F-B220-E2E4-7FCD-520AA66F1A85}" = CCC Help Russian "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FAB6902-546D-9060-D0C8-4B502160AA06}" = CCC Help English "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521 "{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 "{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.0 "{26A24AE4-039D-4CA4-87B4-2F83218040F0}" = Java 8 Update 40 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2C14B193-A623-7DAA-9660-BB1EBF870D6B}" = Catalyst Control Center InstallProxy "{2CC1453B-3385-F6FF-735F-F3BA36758715}" = CCC Help Swedish "{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3253D3E5-C08E-E22B-BA99-DE88F520CBB3}" = CCC Help Korean "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3D516940-6675-41C1-E3DA-E3D358A7C207}" = CCC Help Italian "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B05867-9440-98ED-617B-6C05ACD1E457}" = Catalyst Control Center Graphics Previews Common "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{571F7B9B-96B8-E1B8-E198-0458BF5F80C4}" = CCC Help Hungarian "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1 "{5B7F8A19-AF71-4517-B49C-683AFC5B639C}" = PTC Quality Agent "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer "{6C36881B-0E51-4231-9D02-BF2149664D34}" = Google Drive "{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7540EB6A-FE9B-4EE2-37D9-A88DC87AA9E6}" = CCC Help Turkish "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects "{7B69C60A-A148-4572-978C-729029390651}" = Catalyst Control Center - Branding "{7B88EC96-7A2F-480B-B9EC-00C20AD6381E}" = Matlab R2012a "{7D263751-40FB-D719-9F42-B62B67553D6F}" = CCC Help Chinese Traditional "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{82EE309C-B63C-1AAA-79AB-8A5E5986B687}" = CCC Help Norwegian "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EC376A3-F279-47D7-97AA-7BA2A2EB006E}" = Cisco AnyConnect Secure Mobility Client "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{931991F4-99D4-95A6-1235-EAA599884AC6}" = CCC Help Danish "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}" = TOSHIBA Hardware Setup "{990B884F-569C-5078-DD76-8BE91A569291}" = CCC Help Chinese Standard "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E77F8EF-588E-D11B-697F-5514B97779DF}" = CCC Help Greek "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB34574F-AC24-AAB7-066E-680256DD91E9}" = Catalyst Control Center Localization All "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Deutsch "{AC76D478-1033-0000-3478-000000000004}" = Mathcad PDSi viewable support "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{B740C369-EA8D-2FDB-4265-CB70DD08095D}" = CCC Help Spanish "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{B9818C90-560C-8DC7-E254-38323B9A41EA}" = CCC Help Polish "{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ "{BD37CF23-3458-BFD1-7583-F8FFC37561F2}" = CCC Help Czech "{BF34B28A-4D50-439A-6B6B-13EA41235E43}" = CCC Help German "{C2471823-76DB-B529-F037-8D02CAC5DE5E}" = CCC Help Dutch "{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D06BA64C-4447-49B4-B99D-E85BEA9E1035}" = TI Connect™ "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU "{DAE76FE1-BD65-3251-1B6F-6B519A661A1F}" = CCC Help Finnish "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E7809829-3AC8-FBFA-2001-0D9BEBE51386}" = CCC Help Portuguese "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in "{F79997CC-F030-93C6-7882-92DC241D7C07}" = CCC Help Thai "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE3E16F2-D838-7B5F-A31E-2D55757D18E7}" = CCC Help French "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "4K Video Downloader_is1" = 4K Video Downloader 3.1 "Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX "avast" = Avast Free Antivirus "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client "DivX Setup" = DivX-Setup "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.12.827 "Gadwin PrintScreen" = Gadwin PrintScreen "Google Chrome" = Google Chrome "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer "InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ "Mathcad PDSi viewable support" = Mathcad PDSi viewable support "Matlab SV R2012a" = MATLAB R2012a Student Version (32-bit) "Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1 "Office14.SingleImage" = Microsoft Office Professional 2010 "Origin" = Origin "Steam App 8930" = Sid Meier's Civilization V "TreeSize Free_is1" = TreeSize Free V3.3.2 "WildTangent toshiba Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials "WTA-140b279d-278a-4366-8190-7c113f95a57f" = Plants vs. Zombies - Game of the Year "WTA-1cc53509-49bd-4376-b235-3795ef5262be" = Bejeweled 3 "WTA-2cbd82e9-4469-4e00-aebb-293216c9dc10" = Jewel Quest Solitaire 2 "WTA-4c941c8b-a87c-441a-9138-c3c74d2eb7cb" = Virtual Villagers 4 - The Tree of Life "WTA-533a6742-7db5-4101-b179-b1bc4e2deda1" = Aloha TriPeaks "WTA-63fa87e4-7ba7-470d-8458-5b097168d661" = Agatha Christie - Death on the Nile "WTA-738e1d7e-1548-4fd9-aa6e-04976c49a57c" = Polar Bowler "WTA-765cf0e4-5824-48e8-844b-6c1ceff2f92f" = Mystery P.I. - The London Caper "WTA-82341c23-c130-4fa7-9035-c340356fff92" = Insaniquarium Deluxe "WTA-99d1242e-a451-4e66-82ea-81335eaf141e" = Chuzzle Deluxe "WTA-f17af041-0fce-4a42-b42f-edd1c470544b" = Cake Mania "Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.9.5 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1620153069-3634999086-2626984608-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "MyFreeCodec" = MyFreeCodec "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 06.03.2015 14:30:40 | Computer Name = Linn-Toshiba | Source = VSS | ID = 22 Description = Error - 06.03.2015 14:30:40 | Computer Name = Linn-Toshiba | Source = VSS | ID = 8193 Description = Error - 12.03.2015 03:33:18 | Computer Name = Linn-Toshiba | Source = WinMgmt | ID = 10 Description = Error - 12.03.2015 03:36:34 | Computer Name = Linn-Toshiba | Source = WinMgmt | ID = 10 Description = Error - 04.04.2015 06:01:30 | Computer Name = Linn-Toshiba | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 04.04.2015 06:01:41 | Computer Name = Linn-Toshiba | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 04.04.2015 06:01:51 | Computer Name = Linn-Toshiba | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 06.04.2015 13:17:35 | Computer Name = Linn-Toshiba | Source = MATLAB | ID = 0 Description = Error - 12.04.2015 09:58:09 | Computer Name = Linn-Toshiba | Source = MATLAB | ID = 0 Description = Error - 12.04.2015 10:04:23 | Computer Name = Linn-Toshiba | Source = WinMgmt | ID = 10 Description = Error - 12.04.2015 10:06:37 | Computer Name = Linn-Toshiba | Source = WinMgmt | ID = 10 Description = [ Cisco AnyConnect Secure Mobility Client Events ] Error - 12.04.2015 10:06:08 | Computer Name = Linn-Toshiba | Source = acvpnagent | ID = 67108866 Description = Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser File: .\IPC\WinsecAPI.cpp Line: 73 Invoked Function: CWinsecApiImpersonateUser::acquireTokens Return Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED Error - 12.04.2015 10:06:08 | Computer Name = Linn-Toshiba | Source = acvpnagent | ID = 67108866 Description = Function: CCapiCertUtils::CCapiCertUtils File: .\Certificates\CapiCertUtils.cpp Line: 111 Invoked Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser Return Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED Error - 12.04.2015 10:06:08 | Computer Name = Linn-Toshiba | Source = acvpnagent | ID = 67108866 Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp Line: 57 Invoked Function: CapiCertUtils Return Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED Error - 12.04.2015 10:06:08 | Computer Name = Linn-Toshiba | Source = acvpnagent | ID = 67108866 Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp Line: 39 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED Error - 12.04.2015 10:06:08 | Computer Name = Linn-Toshiba | Source = acvpnagent | ID = 67108866 Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp Line: 1630 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED Error - 12.04.2015 10:06:08 | Computer Name = Linn-Toshiba | Source = acvpnagent | ID = 67108866 Description = Function: CHostConfigMgr::determinePublicAddrCandidateFromDefRoute File: .\HostConfigMgr.cpp Line: 1766 Invoked Function: CHostConfigMgr::FindDefaultRouteInterface Return Code: -24117215 (0xFE900021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 12.04.2015 10:11:07 | Computer Name = Linn-Toshiba | Source = acvpnagent | ID = 67108865 Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp Line: 274 m_pIServicePlugin is NULL Error - 12.04.2015 10:11:07 | Computer Name = Linn-Toshiba | Source = acvpnagent | ID = 67108865 Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp Line: 274 m_pIServicePlugin is NULL Error - 12.04.2015 10:11:07 | Computer Name = Linn-Toshiba | Source = acvpnagent | ID = 67108865 Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp Line: 311 m_pITelemetryPlugin is NULL Error - 12.04.2015 11:17:40 | Computer Name = Linn-Toshiba | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE [ System Events ] Error - 12.04.2015 10:03:54 | Computer Name = Linn-Toshiba | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Util Whilokii" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 12.04.2015 10:04:20 | Computer Name = Linn-Toshiba | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: UimBus Uim_DEVIM Uim_IM Error - 12.04.2015 10:04:43 | Computer Name = Linn-Toshiba | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000 Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b Error - 12.04.2015 10:05:22 | Computer Name = Linn-Toshiba | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\CxDevice.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 12.04.2015 10:05:22 | Computer Name = Linn-Toshiba | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Beckhoff Automation CxDevice Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error - 12.04.2015 10:06:06 | Computer Name = Linn-Toshiba | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Update Whilokii" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 12.04.2015 10:06:06 | Computer Name = Linn-Toshiba | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Util Whilokii" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 12.04.2015 10:06:36 | Computer Name = Linn-Toshiba | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: UimBus Uim_DEVIM Uim_IM Error - 12.04.2015 10:08:37 | Computer Name = Linn-Toshiba | Source = DCOM | ID = 10010 Description = Error - 12.04.2015 10:08:37 | Computer Name = Linn-Toshiba | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000 Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005 < End of report > Ich hoffe so geht es dir einfacher. |
13.04.2015, 11:48 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | C-Laufwerk füllt sich von selbst Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
13.04.2015, 11:54 | #5 |
| C-Laufwerk füllt sich von selbst Nein sonst habe ich keine Scans durchgeführt. Soll ich jetzt noch einen weiteren Scan durchführen (z.B. Farbar's Recovery Scan)? |
13.04.2015, 12:52 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | C-Laufwerk füllt sich von selbst Sonst hätte ich den Baustein kaum gepostet
__________________ --> C-Laufwerk füllt sich von selbst |
14.04.2015, 14:10 | #7 |
| C-Laufwerk füllt sich von selbst Die Scans laufen zum Teil sehr lange, ich schicke die Log-Files einzeln wenn das ok ist. ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=19979aaee5aa6a4cbc424ae5cfac5e5d # engine=23355 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-04-13 03:39:45 # local_time=2015-04-13 05:39:45 (+0100, Mitteleuropäische Sommerzeit) # country="Switzerland" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='avast! Internet Security' # compatibility_mode=779 16777213 85 72 92211 193360075 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 16009 180569435 0 0 # scanned=532000 # found=16 # cleaned=16 # scan_time=11258 sh=4C897E0E7A1E43EBE55F1BB377A421C97412A690 ft=1 fh=4118d7d234029ed4 vn="Variante von Win32/BrowseFox.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\updateWhilokii.exe.vir" sh=4C897E0E7A1E43EBE55F1BB377A421C97412A690 ft=1 fh=4118d7d234029ed4 vn="Variante von Win32/BrowseFox.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\utilWhilokii.exe.vir" sh=D94943C191D49B139F02B2487667AD685423B4D0 ft=1 fh=8d7b880ebbdea417 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\plugins\Whilokii.FFUpdate.dll.vir" sh=5EF18AAF770B31AC5E608D0EEFFDEFA9B1084D21 ft=1 fh=f2bff39dd57e791f vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\plugins\Whilokii.GCUpdate.dll.vir" sh=365305BD4C745CAB3D85AEFC0A99E34AA4A66EDB ft=1 fh=27bb7f6f254766f9 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\plugins\Whilokii.IEUpdate.dll.vir" sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ivo\AppData\Local\Temp\OCS\ocs_v71a.exe.vir" sh=47B19AB97028D8925579BED54EFEE88C8107D6B6 ft=1 fh=34f71966959b3eb8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Ivo\AppData\Local\Temp\DMR\dmr_72.exe" sh=00473E491486234B816A47D3BDAF1477B43264CC ft=1 fh=9ac275b03eeab95c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\CCleaner - CHIP-Downloader.exe" sh=B532F28587DD72352586A682F7BA0A10D00E8831 ft=1 fh=06eaf8caf185c3c7 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Emsisoft Anti Malware - CHIP-Installer.exe" sh=9DA0E9DFCE5ECF254DB531ABCE80FA6295E10621 ft=1 fh=197d6a836cd0fe4d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe" sh=3995CAFB5216D2A879658A7D92B3FBFC7A86EFC9 ft=1 fh=a486d9a166db053c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe" sh=9A644D2320314C513859B7EFD75818692AEBBDA3 ft=1 fh=9d8fb2af0f87d18d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Mathcad Prime - CHIP-Installer.exe" sh=10AC9E145DDF58DF1B17015CA37065BDF669964E ft=1 fh=a701690afef0c80a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Paragon Backup Recovery 2014 Free - CHIP-Installer.exe" sh=9C3DD1E88F3DA53B2F9351BA5A018494BC746021 ft=1 fh=8f18e6a5439e5907 vn="Variante von Win32/SecurityStronghold.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\WhilokiiAdsRemovalTool (1).exe" sh=9C3DD1E88F3DA53B2F9351BA5A018494BC746021 ft=1 fh=8f18e6a5439e5907 vn="Variante von Win32/SecurityStronghold.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\WhilokiiAdsRemovalTool.exe" sh=7E17C67C7D1D12ADC7685AE61C04FB1B994D8D3A ft=1 fh=bc101229761f7fdf vn="Variante von Win32/Packed.VMProtect.AAH Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Downloads\PESEdit.com 2014 Patch 1.2\PESEdit.com 2014 Patch 1.2\Install PESEdit.com 2014 Patch 1.2.exe" Hallo cosinus, Ich habe jetzt Scans mit allen angegebenen Tools durchgeführt, ich füge die Log-Files jetzt hier ein: ESET Online Scan: Code:
ATTFilter C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\updateWhilokii.exe.vir Variante von Win32/BrowseFox.G evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\utilWhilokii.exe.vir Variante von Win32/BrowseFox.G evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\plugins\Whilokii.FFUpdate.dll.vir Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\plugins\Whilokii.GCUpdate.dll.vir Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\plugins\Whilokii.IEUpdate.dll.vir Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\AdwCleaner\Quarantine\C\Users\Ivo\AppData\Local\Temp\OCS\ocs_v71a.exe.vir Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\Ivo\AppData\Local\Temp\DMR\dmr_72.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert D:\Downloads\CCleaner - CHIP-Downloader.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert D:\Downloads\Emsisoft Anti Malware - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert D:\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert D:\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert D:\Downloads\Mathcad Prime - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert D:\Downloads\Paragon Backup Recovery 2014 Free - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert D:\Downloads\WhilokiiAdsRemovalTool (1).exe Variante von Win32/SecurityStronghold.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert D:\Downloads\WhilokiiAdsRemovalTool.exe Variante von Win32/SecurityStronghold.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert D:\Downloads\PESEdit.com 2014 Patch 1.2\PESEdit.com 2014 Patch 1.2\Install PESEdit.com 2014 Patch 1.2.exe Variante von Win32/Packed.VMProtect.AAH Trojaner Gesäubert durch Löschen - in Quarantäne kopiert Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.04.2015 Suchlauf-Zeit: 01:16:23 Logdatei: Malwarebytes Scan.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.04.13.08 Rootkit Datenbank: v2015.03.31.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Ivo Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 382746 Verstrichene Zeit: 20 Min, 22 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 1 PUP.Optional.Whilokii.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Whilokii, , [73a9d993f2984aecf76c86b68c79b54b], Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 1 PUP.Optional.DokoSearch.A, C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\chromepreferences, Gut: (), Schlecht: ( "homepage": "hxxp://www.doko-search.com/?babsrc=HP_ss&mntrId=FE8124EC9928EAA2&affID=125836&tsp=5039",), ,[5fbd313bc8c24de978270a37a36340c0] Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter Emsisoft Anti-Malware - Version 9.0 Letztes Update: 13.04.2015 19:53:29 Benutzerkonto: Linn-Toshiba\Ivo Scan-Einstellungen: Scan Methode: Detail-Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ PUPs-Erkennung: An Archiv-Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan-Beginn: 13.04.2015 21:33:55 Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\UPDATE WHILOKII gefunden: Application.AdServ (A) D:\GalaxyS2\Downloads\23kms7773.apk -> META-INF/CERT.RSA gefunden: Android.Trojan.FakeInst.AV (B) Gescannt 588605 Gefunden 2 Scan-Ende: 14.04.2015 00:38:37 Scan-Zeit: 3:04:42 FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015 Ran by Ivo (administrator) on LINN-TOSHIBA on 14-04-2015 14:39:40 Running from D:\Downloads Loaded Profiles: Ivo (Available profiles: Ivo) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe () C:\Windows\SysWOW64\SMITSC.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Spotify Ltd) C:\Users\Ivo\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd) C:\Users\Ivo\AppData\Roaming\Spotify\Spotify.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Dropbox, Inc.) C:\Users\Ivo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (Spotify Ltd) C:\Users\Ivo\AppData\Roaming\Spotify\SpotifyCrashService.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeBtMng.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeSrvProvider.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (Spotify Ltd) C:\Users\Ivo\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\Ivo\AppData\Roaming\Spotify\Spotify.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe (PTC) C:\Program Files\PTC\Mathcad Prime 3.0\MathcadPrime.exe (PTC Inc.) C:\Program Files\PTC\Mathcad Prime 3.0\Engine 3 Support (x86)\efisymbolics-outofproc.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2wizard.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\sdclt.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\browsercleanup.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\Setup\instup.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-02-01] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2011-12-23] (Synaptics Incorporated) HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-02-06] (SRS Labs, Inc.) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-14] (TOSHIBA Corporation) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1548208 2011-11-24] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-15] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-26] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH) HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-03-07] (Toshiba Europe GmbH) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-01-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-02] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation) HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation) HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-22] (TOSHIBA) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe [577792 2010-09-17] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-04-02] (AVAST Software) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM-x32\...\Run: [emsisoft anti-malware] => C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [4886608 2015-03-23] (Emsisoft GmbH) HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1 HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1 HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384 2012-05-30] (Gadwin Systems, Inc) HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\...\Run: [Facebook Update] => C:\Users\Ivo\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-30] (Facebook Inc.) HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\...\Run: [Spotify Web Helper] => C:\Users\Ivo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-12] (Spotify Ltd) HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\...\Run: [Spotify] => C:\Users\Ivo\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-12] (Spotify Ltd) HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA SearchScopes: HKLM -> {41473E08-0591-4013-8C67-77933D207F3D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA; SearchScopes: HKLM-x32 -> {41473E08-0591-4013-8C67-77933D207F3D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA; SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000 -> {41473E08-0591-4013-8C67-77933D207F3D} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-09] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-20] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-09] (Oracle Corporation) BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-11-03] (<TOSHIBA>) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-09] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-20] (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-09] (Oracle Corporation) BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-11-03] (<TOSHIBA>) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 147.87.224.20 147.87.96.20 FireFox: ======== FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-09] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-09] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-09] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll No File FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-09] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1620153069-3634999086-2626984608-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Ivo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-23] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.ch/" CHR Profile: C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Adblock Plus) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-09] CHR Extension: (Avast Online Security) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-17] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12] CHR Extension: (Google Wallet) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5020520 2015-03-23] (Emsisoft GmbH) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-20] (AVAST Software) S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-20] (Avast Software) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [45312 2010-09-17] (NewTech Infosystems, Inc.) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-25] (Electronic Arts) R2 SMITS; C:\Windows\SysWOW64\SMITSC.exe [13312 2015-01-08] () [File not signed] S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 Update Whilokii; "C:\Program Files (x86)\Whilokii\updateWhilokii.exe" [X] S2 Util Whilokii; "C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-20] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-20] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-20] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-20] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-20] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-20] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-20] () S2 CxDevice; C:\Windows\SysWOW64\Drivers\CxDevice.sys [42144 2013-03-07] (Beckhoff Automation GmbH) R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-23] (Emsisoft GmbH) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation) S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19032 2012-08-20] () S3 pwdspio; C:\windows\system32\pwdspio.sys [12384 2012-08-20] () R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2011-12-23] (Synaptics Incorporated) S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] () S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] () S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] () R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-20] (Avast Software) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-14 01:15 - 2015-04-14 01:15 - 00001338 _____ () C:\Users\Ivo\Desktop\a2scan_150413-213355.txt 2015-04-14 00:38 - 2015-04-14 00:38 - 00000000 ____D () C:\ProgramData\Emsisoft 2015-04-13 19:48 - 2015-04-13 19:48 - 00000376 _____ () C:\Users\Ivo\Desktop\Malwarebytes Scan.txt 2015-04-13 18:16 - 2015-04-14 01:16 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-13 18:11 - 2015-04-13 18:11 - 00002680 _____ () C:\Users\Ivo\Desktop\ESET Online Scan.txt 2015-04-13 14:40 - 2015-04-13 14:40 - 00001106 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2015-04-13 14:40 - 2015-04-13 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2015-04-13 14:40 - 2015-03-23 23:17 - 00135800 _____ (Emsisoft GmbH) C:\windows\system32\Drivers\epp64.sys 2015-04-13 14:39 - 2015-04-14 00:38 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2015-04-13 14:31 - 2015-04-14 14:40 - 00000000 ____D () C:\FRST 2015-04-13 14:29 - 2015-04-13 14:29 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-04-13 14:14 - 2015-04-13 14:14 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-04-13 14:14 - 2015-04-13 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-13 14:14 - 2015-04-13 14:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-04-13 14:14 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-04-13 14:14 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-04-13 14:14 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-04-13 13:04 - 2015-04-13 13:04 - 00000000 ____D () C:\Users\Ivo\AppData\Local\Siemens 2015-04-13 12:58 - 2015-04-13 12:58 - 00000000 ____H () C:\ProgramData\cm-lock 2015-04-13 12:47 - 2015-04-13 12:47 - 00000000 ____D () C:\Users\Ivo\Desktop\Adw & OTL-Scan 2015-04-13 12:34 - 2013-11-11 14:46 - 00001998 _____ () C:\Users\Ivo\Desktop\Start_NX9_BFH_local german.lnk 2015-04-13 10:23 - 2015-04-13 10:23 - 00000000 ____D () C:\Users\Ivo\Desktop\AMAX 2015-04-13 10:07 - 2015-04-13 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Siemens NX 9.0 2015-04-13 09:36 - 2015-04-13 09:36 - 00000000 ____D () C:\Program Files\Siemens 2015-04-13 09:10 - 2015-04-13 09:18 - 00000000 ____D () C:\Users\Ivo\Desktop\dvdrom090 2015-04-12 15:57 - 2015-04-12 16:01 - 00000000 ____D () C:\AdwCleaner 2015-04-12 15:57 - 2015-04-12 15:57 - 02217984 _____ () C:\Users\Ivo\Desktop\AdwCleaner_4.201.exe 2015-04-12 15:57 - 2015-04-12 15:57 - 00602112 _____ (OldTimer Tools) C:\Users\Ivo\Desktop\OTL.exe 2015-04-12 15:51 - 2015-04-12 15:51 - 00001236 _____ () C:\Users\Ivo\Desktop\TreeSize Free.lnk 2015-04-12 15:51 - 2015-04-12 15:51 - 00000000 ____D () C:\Users\Ivo\AppData\Roaming\JAM Software 2015-04-12 15:51 - 2015-04-12 15:51 - 00000000 ____D () C:\Program Files (x86)\JAM Software 2015-04-06 10:59 - 2015-04-06 10:59 - 00000000 ____D () C:\Users\Ivo\AppData\Local\{5A8C56A8-A674-41B0-BB62-F5FD95CAC199} 2015-04-05 10:06 - 2015-04-05 10:06 - 00000000 ___SD () C:\windows\SysWOW64\GWX 2015-04-05 10:06 - 2015-04-05 10:06 - 00000000 ___SD () C:\windows\system32\GWX ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-14 14:41 - 2012-09-29 12:55 - 00000598 _____ () C:\windows\Tasks\MATLAB R2012a Startup Accelerator.job 2015-04-14 14:40 - 2012-06-05 10:34 - 01620091 _____ () C:\windows\WindowsUpdate.log 2015-04-14 14:40 - 2012-03-07 02:21 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-14 14:39 - 2012-09-30 20:53 - 00000920 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1620153069-3634999086-2626984608-1000UA.job 2015-04-14 14:39 - 2012-09-30 18:58 - 00000000 ____D () C:\Users\Ivo\AppData\Local\Spotify 2015-04-14 14:39 - 2012-09-27 10:19 - 00000000 ____D () C:\Users\Ivo\Documents\Outlook-Dateien 2015-04-14 14:39 - 2012-03-07 02:21 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-14 14:39 - 2012-03-07 02:05 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-04-14 07:39 - 2014-03-06 17:24 - 00083891 _____ () C:\windows\setupact.log 2015-04-14 04:55 - 2012-09-30 18:58 - 00000000 ____D () C:\Users\Ivo\AppData\Roaming\Spotify 2015-04-13 20:58 - 2012-09-30 20:53 - 00000898 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1620153069-3634999086-2626984608-1000Core.job 2015-04-13 16:19 - 2015-02-16 17:41 - 00000000 ____D () C:\Users\Ivo\Desktop\PA2 Ivo 2015-04-13 14:14 - 2013-11-15 11:00 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-13 13:08 - 2009-07-14 06:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-13 13:08 - 2009-07-14 06:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-13 13:01 - 2012-10-30 15:05 - 00000000 ____D () C:\Users\Ivo\AppData\Roaming\Dropbox 2015-04-13 12:58 - 2013-06-12 13:22 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job 2015-04-13 12:58 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-04-13 12:57 - 2009-07-14 06:45 - 00439072 _____ () C:\windows\system32\FNTCACHE.DAT 2015-04-13 12:33 - 2012-09-29 13:43 - 00000000 ____D () C:\NX_Data 2015-04-13 11:28 - 2014-05-23 19:15 - 00000000 ____D () C:\Users\Ivo\Desktop\dvdrom0902_05 2015-04-13 10:24 - 2012-09-23 13:56 - 00114160 _____ () C:\Users\Ivo\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-12 17:18 - 2012-09-30 18:58 - 00001797 _____ () C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-04-11 14:50 - 2011-02-11 10:21 - 00699666 _____ () C:\windows\system32\perfh007.dat 2015-04-11 14:50 - 2011-02-11 10:21 - 00149774 _____ () C:\windows\system32\perfc007.dat 2015-04-11 14:50 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI 2015-04-10 14:34 - 2012-10-30 15:15 - 00000000 ____D () C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-04-08 15:57 - 2014-11-10 19:03 - 00000000 ____D () C:\Users\Ivo\Desktop\Zum Einordnen 2015-04-06 17:01 - 2012-09-23 14:05 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update 2015-04-03 09:58 - 2012-09-27 22:56 - 01594892 _____ () C:\windows\SysWOW64\PerfStringBackup.INI 2015-03-25 12:20 - 2012-11-18 17:35 - 00000000 ____D () C:\Users\Ivo\Desktop\Zum Ausdrucken 2015-03-16 01:21 - 2013-06-12 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive ==================== Files in the root of some directories ======= 2013-01-03 13:50 - 2013-01-03 13:50 - 0003584 _____ () C:\Users\Ivo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-04-13 12:58 - 2015-04-13 12:58 - 0000000 ____H () C:\ProgramData\cm-lock Some content of TEMP: ==================== C:\Users\Ivo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwhmxsa.dll C:\Users\Ivo\AppData\Local\Temp\jre-8u20-windows-au.exe C:\Users\Ivo\AppData\Local\Temp\jre-8u40-windows-au.exe C:\Users\Ivo\AppData\Local\Temp\Quarantine.exe C:\Users\Ivo\AppData\Local\Temp\RSPUpgradeInstaller.exe C:\Users\Ivo\AppData\Local\Temp\SkypeSetup.exe C:\Users\Ivo\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-14 00:56 ==================== End Of Log ============================ --- --- --- FRST Additions: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015 Ran by Ivo at 2015-04-14 14:42:06 Running from D:\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4K Video Downloader 3.1 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.1.2.1275 - Open Media LLC) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden AMD Catalyst Install Manager (HKLM\...\{F856881A-D370-B1A7-2AFF-128F4AA93558}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.) Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.0.0.12 - Atheros Communications) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.12.13 - Atheros Communications Inc.) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros) Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.00.00(T) - TOSHIBA CORPORATION) Brother MFL-Pro Suite MFC-J6910DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 2.0.0.0 - Brother Industries, Ltd.) Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden CodeMeter Runtime Kit v5.10 (HKLM\...\{BD62A012-1D08-4A38-9982-488618B12E95}) (Version: 5.10.1220.500 - WIBU-SYSTEMS AG) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC) Dropbox (HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.) Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Free YouTube to MP3 Converter version 3.12.12.827 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.12.827 - DVDVideoSoft Ltd.) Gadwin PrintScreen (HKLM-x32\...\Gadwin PrintScreen) (Version: 4.7 - Gadwin Systems, Inc.) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.) Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Hotfix für Microsoft Visual C# 2010 Express - DEU (KB2635973) (HKLM-x32\...\{D81641E8-ABF1-3D07-803B-60E8FC619368}.KB2635973) (Version: 1 - Microsoft Corporation) Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation) Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) Mathcad PDSi viewable support (HKLM-x32\...\Mathcad PDSi viewable support) (Version: 9.0.0 - Adobe Systems) Mathcad PDSi viewable support (x32 Version: 9.0.0 - Adobe Systems) Hidden Matlab R2012a (HKLM-x32\...\{7B88EC96-7A2F-480B-B9EC-00C20AD6381E}) (Version: 1.0.0 - The MathWorks, Inc.) MATLAB R2012a Student Version (32-bit) (HKLM-x32\...\Matlab SV R2012a) (Version: 7.14 - The MathWorks, Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft Visual C# 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C# 2010 Express - DEU) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyFreeCodec (HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\...\MyFreeCodec) (Version: - ) Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG) NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 2.0.2.8 - NewTech Infosystems) NTI Backup Now EZ (x32 Version: 2.0.2.8 - NewTech Infosystems) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Premium Sound HD (HKLM\...\{439A73C2-8CFA-4630-8484-36BCA2AEBB0A}) (Version: 1.12.0300 - SRS Labs, Inc.) PTC Mathcad Prime 3.0 (HKLM\...\{C4AB999A-D981-4913-BA26-E4776B598E7D}) (Version: 3.0.0 - PTC) PTC Quality Agent (HKLM-x32\...\{5B7F8A19-AF71-4517-B49C-683AFC5B639C}) (Version: 2.0.0.0 - PTC) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39013 - Realtek Semiconductor Corp.) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13034_9 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.3.13034_9 - Samsung Electronics Co., Ltd.) Hidden Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.) Siemens NX 9.0 (HKLM\...\{CAE1D783-E86C-4144-B0E3-8D2485019B11}) (Version: 9.0.0.19 - Siemens) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.39.0 - Synaptics Incorporated) TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.) TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION) TOSHIBA Blu-ray Disc Player (HKLM\...\{27C3DB42-A9C1-4B44-A164-93849D160D12}) (Version: 1.0.5.214 - Toshiba Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM\...\{2C486987-D447-4E36-8D61-86E48E24199C}) (Version: 1.3.10.64 - TOSHIBA Corporation) TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.8 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation) Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.04 - TOSHIBA) TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION) TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION) TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation) TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION) TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA) TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA) TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0022.000104 - TOSHIBA Corporation) TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.3 - TOSHIBA Corporation) TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation) TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation) VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN) WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent) WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.) Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation) Youtube Downloader HD v. 2.9.5 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 17-03-2015 12:45:18 Windows Update 24-03-2015 11:12:32 Windows Update 31-03-2015 10:55:12 Windows Update 03-04-2015 09:51:39 Windows Update 05-04-2015 10:05:44 Windows Update 10-04-2015 14:42:59 Windows Update 13-04-2015 08:04:28 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {09B56658-9662-42FF-8419-5BF4D34DA1D0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1620153069-3634999086-2626984608-1000Core => C:\Users\Ivo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-30] (Facebook Inc.) Task: {0B190EA0-A9ED-4F05-ACD6-EFCA2EF5C254} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\windows\TEMP\{D1D73F7F-092D-4840-A8D1-40A307EC5D16}.exe Task: {12F19F81-FE4C-4FB1-8AAE-CD0BEE2842EE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {23C6A236-7130-4BBF-8F0B-5B17C04D878F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {2808FB14-91DA-42F3-AFA6-79B5C7E7C4CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {55E23CE4-B0C9-4FDE-A93C-69DC23C19BAD} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {6633008B-0EC4-4921-A19A-28D5F153967E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {6F65B2F6-61E0-4982-9C30-32581D5DBC3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.) Task: {764851F5-0E4A-43EB-8839-354CA451FB82} - System32\Tasks\MATLAB R2012a Startup Accelerator => C:\Program Files (x86)\MATLAB\R2012a Student\bin\win32\MATLABStartupAccelerator.exe [2011-12-29] () Task: {81C2E56B-A1E6-4281-BD40-DD7F626C8B6A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-02-10] (Oracle Corporation) Task: {8330FB98-550F-4BF2-B698-EF673FC43F61} - System32\Tasks\{6F692C3E-C7D8-40C1-9307-0F10D81659C2} => pcalua.exe -a C:\Users\Ivo\AppData\Local\Temp\Temp2_MCG_Mathcad_Prime_3.0_64.zip\MCG_Mathcad_Prime_3.0_64\Setup.exe Task: {9C9D0898-99BF-4A56-B18C-47A4FFD752C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd) Task: {B693A355-823C-455A-8CD7-2097843D95FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.) Task: {BB45D115-0CAE-4FC7-A651-0B83B90C09FE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-20] (AVAST Software) Task: {CDBF5E00-F92F-437B-A840-CA7251EBD4B7} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation) Task: {D1D5EE5D-435F-4954-AC95-30D89B1D7E3E} - System32\Tasks\{1B83124C-CC34-416A-BF9C-EDF63CC38BE0} => pcalua.exe -a C:\Users\Ivo\AppData\Local\Temp\Temp3_MCG_Mathcad_Prime_3.0_64.zip\MCG_Mathcad_Prime_3.0_64\Setup.exe Task: {D6F2EF9F-7F7F-4856-9951-D3DD0841F360} - System32\Tasks\{DD0FEC30-E4CC-4D07-8461-037759976857} => pcalua.exe -a C:\Users\Ivo\AppData\Local\Temp\Temp2_MCG_Mathcad_Prime_3.0_32.zip\MCG_Mathcad_Prime_3.0_32\Setup.exe Task: {DEC136F4-0A7E-4ED3-B13A-2610BD612E73} - System32\Tasks\{DD25B78F-360B-42DD-B315-51452CDE2201} => pcalua.exe -a C:\Users\Ivo\AppData\Local\Temp\Temp1_MCG_Mathcad_Prime_3.0_32.zip\MCG_Mathcad_Prime_3.0_32\Setup.exe Task: {E1C688E1-92DE-4E28-997D-169B296790B8} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {E3DCA245-DC2D-40A7-80E8-64A61C429E70} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {F3B0CFEA-6790-41B7-8E08-AA035D18F72A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1620153069-3634999086-2626984608-1000UA => C:\Users\Ivo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-30] (Facebook Inc.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\windows\TEMP\{D1D73F7F-092D-4840-A8D1-40A307EC5D16}.exe <==== ATTENTION Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1620153069-3634999086-2626984608-1000Core.job => C:\Users\Ivo\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1620153069-3634999086-2626984608-1000UA.job => C:\Users\Ivo\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\MATLAB R2012a Startup Accelerator.job => C:\Program Files (x86)\MATLAB\R2012a Student\bin\win32\MATLABStartupAccelerator.exe ==================== Loaded Modules (whitelisted) ============== 2015-03-02 10:31 - 2015-01-08 10:20 - 00013312 _____ () C:\Windows\SysWOW64\SMITSC.exe 2012-09-30 16:48 - 2010-03-16 01:04 - 00143360 _____ () C:\windows\system32\BrSNMP64.dll 2011-11-24 22:20 - 2011-11-24 22:20 - 00593856 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll 2011-08-23 00:19 - 2011-08-23 00:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2010-12-16 00:19 - 2010-12-16 00:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll 2012-03-07 02:05 - 2011-12-15 16:56 - 00022400 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\de\TosDILangPack.resources.dll 2012-03-07 02:05 - 2011-12-15 16:55 - 00063360 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIInternal.XmlSerializers.dll 2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2012-01-20 13:13 - 2012-01-20 13:13 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-11-09 18:55 - 2011-11-09 18:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2011-11-26 03:51 - 2011-11-26 03:51 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll 2013-09-12 16:19 - 2013-09-12 16:19 - 03951104 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\de\MathcadPrime.resources.dll 2013-09-12 16:19 - 2013-09-12 16:19 - 00053760 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\de\Ptc.Controls.Worksheet.resources.dll 2013-09-12 16:19 - 2013-09-12 16:19 - 00039936 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\de\Ptc.Controls.ExcelComponent.resources.dll 2013-09-12 16:17 - 2013-09-12 16:17 - 05409280 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\Ptc.License.Plpf.dll 2013-09-12 16:19 - 2013-09-12 16:19 - 00398848 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\de\DevComponents.WpfRibbon.resources.dll 2013-09-12 16:19 - 2013-09-12 16:19 - 00066560 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\de\DevComponents.WpfDock.resources.dll 2013-09-12 16:19 - 2013-09-12 16:19 - 00282112 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\de\Ptc.Controls.EquationControl.resources.dll 2013-09-12 16:19 - 2013-09-12 16:19 - 00108544 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\de\Ptc.Calculation.Core.resources.dll 2013-09-12 16:19 - 2013-09-12 16:19 - 00085504 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\de\Ptc.Controls.Plots.resources.dll 2013-09-12 16:19 - 2013-09-12 16:19 - 00043008 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\de\Ptc.Controls.Core.resources.dll 2013-09-12 16:19 - 2013-09-12 16:19 - 00013312 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\de\Ptc.Controls.resources.dll 2013-09-04 16:20 - 2013-09-04 16:20 - 00059904 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\utl-mgd.dll 2013-09-04 15:43 - 2013-09-04 15:43 - 00008704 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\Mpl.dll 2013-09-12 16:19 - 2013-09-12 16:19 - 00006656 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\de\Ptc.Controls.Whiteboard.resources.dll 2013-09-04 16:25 - 2013-09-04 16:25 - 00035328 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\efisymbolics.dll 2013-09-04 16:27 - 2013-09-04 16:27 - 00046080 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\McdTranslator.dll 2013-09-04 16:21 - 2013-09-04 16:21 - 00005120 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\MplPrimitives.dll 2013-09-04 16:21 - 2013-09-04 16:21 - 00031232 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\MplPrelude.dll 2013-09-04 16:22 - 2013-09-04 16:22 - 00055808 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\McdRun.dll 2013-09-04 16:25 - 2013-09-04 16:25 - 00139264 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiSymbolicsParser.dll 2013-09-04 16:25 - 2013-09-04 16:25 - 00010240 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiSymbolicsMacros.dll 2013-09-04 16:21 - 2013-09-04 16:21 - 00005632 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\MplSexpr.dll 2013-09-04 16:21 - 2013-09-04 16:21 - 00016384 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\MplMacro.dll 2013-09-04 16:25 - 2013-09-04 16:25 - 00114176 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiSymbolicsLexer.dll 2013-09-04 16:22 - 2013-09-04 16:22 - 00006656 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\Hashtable.dll 2013-09-04 16:25 - 2013-09-04 16:25 - 00034304 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiSymbolicsMuPadMap.dll 2013-09-04 16:25 - 2013-09-04 16:25 - 00007680 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiSymbolicsLabels.dll 2013-09-04 16:25 - 2013-09-04 16:25 - 00347136 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiSymbolicsEmitter.dll 2013-08-30 12:06 - 2013-08-30 12:06 - 00071680 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\Ptc.OleInterop.dll 2013-08-30 12:06 - 2013-08-30 12:06 - 00301056 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\asyncoremt.dll 2013-08-30 12:06 - 2013-08-30 12:06 - 00079872 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\utfstrmt.dll 2013-08-30 12:06 - 2013-08-30 12:06 - 00278016 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\rtlcoremt.dll 2013-08-30 12:06 - 2013-08-30 12:06 - 00241664 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\i18nmt.dll 2013-09-04 16:26 - 2013-09-04 16:26 - 00006144 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiPlot.dll 2013-09-04 16:23 - 2013-09-04 16:23 - 00014336 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiMatrix.dll 2013-09-12 16:19 - 2013-09-12 16:19 - 00006144 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\de\Ptc.Controls.Text.resources.dll 2013-09-04 16:22 - 2013-09-04 16:22 - 00017408 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiCore.dll 2013-09-04 16:25 - 2013-09-04 16:25 - 00073728 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\efiplot_.dll 2013-09-04 16:26 - 2013-09-04 16:26 - 00180736 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\McdDynamicEfi.dll 2013-09-04 16:25 - 2013-09-04 16:25 - 00010752 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiWavelets.dll 2013-09-04 16:24 - 2013-09-04 16:24 - 00014336 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiStatistics.dll 2013-09-04 16:22 - 2013-09-04 16:22 - 00004096 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiSpecial.dll 2013-09-04 16:25 - 2013-09-04 16:25 - 00007168 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiSolver.dll 2013-09-04 16:26 - 2013-09-04 16:26 - 00007168 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiSixsigma.dll 2013-09-04 16:25 - 2013-09-04 16:25 - 00011264 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiSignal.dll 2013-09-04 16:23 - 2013-09-04 16:23 - 00016384 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiImage.dll 2013-09-04 16:25 - 2013-09-04 16:25 - 00007680 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiIO.dll 2013-09-04 16:22 - 2013-09-04 16:22 - 00008192 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiGraphics.dll 2013-09-04 16:23 - 2013-09-04 16:23 - 00003584 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiFourier.dll 2013-09-04 16:24 - 2013-09-04 16:24 - 00006656 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiFitting.dll 2013-09-04 16:25 - 2013-09-04 16:25 - 00005120 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiFinance.dll 2013-09-04 16:25 - 2013-09-04 16:25 - 00011264 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiDiffEQ.dll 2013-09-04 16:22 - 2013-09-04 16:22 - 00004096 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiDebug.dll 2013-09-04 16:25 - 2013-09-04 16:25 - 00007168 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiData.dll 2013-09-04 16:23 - 2013-09-04 16:23 - 00005632 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiCalculus.dll 2013-09-04 16:22 - 2013-09-04 16:22 - 00006144 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiBessel.dll 2013-09-04 16:26 - 2013-09-04 16:26 - 00003072 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\EfiAffine.dll 2013-09-04 16:25 - 2013-09-04 16:25 - 00035840 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\McdStaticUnitSystem.dll 2013-09-04 15:24 - 2013-09-04 15:24 - 06115840 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\creo3dfit.dll 2013-09-04 16:26 - 2013-09-04 16:26 - 00037888 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\McdUnitSystemSI.dll 2013-09-04 16:25 - 2013-09-04 16:25 - 00053248 _____ () C:\Program Files\PTC\Mathcad Prime 3.0\McdStaticUnitSystemSI.dll 2013-10-10 23:48 - 2013-10-10 23:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2015-04-13 12:05 - 2015-04-13 12:05 - 02925568 _____ () C:\Program Files\AVAST Software\Avast\defs\15041300\algo.dll 2015-04-13 23:27 - 2015-04-13 23:27 - 02925568 _____ () C:\Program Files\AVAST Software\Avast\defs\15041302\algo.dll 2015-04-14 14:40 - 2015-04-14 14:40 - 02925568 _____ () C:\Program Files\AVAST Software\Avast\defs\15041400\algo.dll 2008-09-29 17:37 - 2008-09-29 17:37 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\sqlite3.dll 2015-03-12 12:20 - 2015-04-12 17:18 - 40506936 _____ () C:\Users\Ivo\AppData\Roaming\Spotify\libcef.dll 2015-04-13 13:00 - 2015-04-13 13:00 - 00043008 _____ () c:\users\ivo\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwhmxsa.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Ivo\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Ivo\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Ivo\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Ivo\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2012-09-30 16:48 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2015-03-14 14:49 - 2015-03-14 14:49 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll 2012-01-25 19:57 - 2012-01-25 19:57 - 00172032 _____ () C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosGatt.dll 2015-03-12 12:20 - 2015-04-12 17:18 - 01365560 _____ () C:\Users\Ivo\AppData\Roaming\Spotify\libglesv2.dll 2015-03-12 12:20 - 2015-04-12 17:18 - 00219192 _____ () C:\Users\Ivo\AppData\Roaming\Spotify\libegl.dll 2015-03-12 12:20 - 2015-03-12 12:20 - 09305656 _____ () C:\Users\Ivo\AppData\Roaming\Spotify\pdf.dll 2015-03-12 12:20 - 2015-04-12 17:18 - 00990776 _____ () C:\Users\Ivo\AppData\Roaming\Spotify\ffmpegsumo.dll 2015-04-03 20:14 - 2015-03-30 23:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll 2015-04-03 20:14 - 2015-03-30 23:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll 2015-04-03 20:14 - 2015-03-30 23:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll 2012-09-23 21:43 - 2012-09-23 21:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720 AlternateDataStreams: C:\Users\Ivo\Desktop\de_Thesisvorlage_mit_Titelbild.dot:com.dropbox.attributes AlternateDataStreams: C:\Users\Ivo\Desktop\NX9 config BFH De v1.2.pdf:com.apple.quarantine AlternateDataStreams: C:\Users\Ivo\Desktop\PA2 & Thesis.lnk:com.dropbox.attributes ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 147.87.224.20 - 147.87.96.20 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized MSCONFIG\startupreg: CODESYSControlSysTray => "C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlSysTray.exe" MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: Spotify => "C:\Users\Ivo\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Ivo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent MSCONFIG\startupreg: TcSysUI => C:\TwinCAT\3.0\System\TcSysUi.exe ==================== Accounts: ============================= Administrator (S-1-5-21-1620153069-3634999086-2626984608-500 - Administrator - Disabled) Gast (S-1-5-21-1620153069-3634999086-2626984608-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1620153069-3634999086-2626984608-1003 - Limited - Enabled) Ivo (S-1-5-21-1620153069-3634999086-2626984608-1000 - Administrator - Enabled) => C:\Users\Ivo ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: avast! Firewall NDIS Filter Miniport Description: avast! Firewall NDIS Filter Miniport Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ALWIL Software Service: aswNdis Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ========================= Application errors: ================== Error: (04/13/2015 06:12:34 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/13/2015 02:44:52 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/13/2015 02:29:07 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/13/2015 02:29:04 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/13/2015 00:58:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/12/2015 04:06:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/12/2015 04:04:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/12/2015 03:58:09 PM) (Source: MATLAB) (EventID: 0) (User: ) Description: MATLABSevere: Error checking out license The program '[25848] C:\Apps\MATLAB\R2012a\bin\win64\MATLAB.exe: Native' has exited with code 1 (0x1). Error: (04/06/2015 07:17:35 PM) (Source: MATLAB) (EventID: 0) (User: ) Description: MATLABSevere: Error checking out license The program '[20172] C:\Apps\MATLAB\R2012a\bin\win64\MATLAB.exe: Native' has exited with code 1 (0x1). Error: (04/04/2015 00:01:51 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020 System errors: ============= Error: (04/13/2015 00:58:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: UimBus Uim_DEVIM Uim_IM Error: (04/13/2015 00:58:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Util Whilokii" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (04/13/2015 00:58:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Update Whilokii" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (04/13/2015 00:57:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Beckhoff Automation CxDevice Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (04/13/2015 00:57:52 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\CxDevice.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (04/12/2015 04:08:37 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT-AUTORITÄT) Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005 Error: (04/12/2015 04:08:37 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (04/12/2015 04:06:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: UimBus Uim_DEVIM Uim_IM Error: (04/12/2015 04:06:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Util Whilokii" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (04/12/2015 04:06:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Update Whilokii" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (04/13/2015 06:12:34 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (04/13/2015 02:44:52 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Downloads\esetsmartinstaller_deu.exe Error: (04/13/2015 02:29:07 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Downloads\esetsmartinstaller_deu.exe Error: (04/13/2015 02:29:04 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Downloads\esetsmartinstaller_deu.exe Error: (04/13/2015 00:58:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/12/2015 04:06:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/12/2015 04:04:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/12/2015 03:58:09 PM) (Source: MATLAB) (EventID: 0) (User: ) Description: MATLABSevere: Error checking out license The program '[25848] C:\Apps\MATLAB\R2012a\bin\win64\MATLAB.exe: Native' has exited with code 1 (0x1). Error: (04/06/2015 07:17:35 PM) (Source: MATLAB) (EventID: 0) (User: ) Description: MATLABSevere: Error checking out license The program '[20172] C:\Apps\MATLAB\R2012a\bin\win64\MATLAB.exe: Native' has exited with code 1 (0x1). Error: (04/04/2015 00:01:51 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020 System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz Percentage of memory in use: 59% Total physical RAM: 8154.8 MB Available physical RAM: 3339.85 MB Total Pagefile: 16307.8 MB Available Pagefile: 10748.81 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (TI30886900A) (Fixed) (Total:146.48 GB) (Free:19.03 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Volume) (Fixed) (Total:534.82 GB) (Free:475.24 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 1780111D) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=534.8 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=15.9 GB) - (Type=17) ==================== End Of Log ============================ Gruss Heinz |
14.04.2015, 15:19 | #8 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | C-Laufwerk füllt sich von selbst Beitrag nicht richtig gelesen? Es stand doch dick da, dass du keine neuen Scans machen (und auch keine neuen Virenscanner installieren) solltest Ich hab aber schwer den Eindruck, dass du gleich mal alle Programme (Emsisoft, ESET, ...) installiert hast - die Artikel auf den ich verlinkt hab diente nur als Anleitung um die Logs zu finden... Bitte fortan sorgfältiger lesen!! Zitat:
Leider hast du unsere Anleitung nicht richtig befolgt: Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter. FRST jetzt nicht nochmal starten, es war nur ein Hinweis, dass du bitte fortan alle unsere Tools auf den Desktop ablegst! Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
15.04.2015, 07:48 | #9 |
| C-Laufwerk füllt sich von selbst Ja das ist richtig, dass diese Programme auf meinem PC sind. Ich absolviere momentan ein Studium und nutze diese nur für Studienzwecke und nicht gewerblich. |
15.04.2015, 22:09 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | C-Laufwerk füllt sich von selbst Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
16.04.2015, 12:57 | #11 |
| C-Laufwerk füllt sich von selbst AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.201 - Bericht erstellt 16/04/2015 um 13:09:10 # Aktualisiert 08/04/2015 von Xplode # Datenbank : 2015-04-15.1 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64) # Benutzername : Ivo - LINN-TOSHIBA # Gestarted von : C:\Users\Ivo\Desktop\AdwCleaner_4.201.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\OCS ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17689 -\\ Google Chrome v41.0.2272.118 ************************* AdwCleaner[R0].txt - [6264 Bytes] - [12/04/2015 15:59:56] AdwCleaner[R1].txt - [992 Bytes] - [16/04/2015 12:54:15] AdwCleaner[R2].txt - [1050 Bytes] - [16/04/2015 13:07:37] AdwCleaner[S0].txt - [5674 Bytes] - [12/04/2015 16:01:37] AdwCleaner[S1].txt - [926 Bytes] - [16/04/2015 13:09:10] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [984 Bytes] ########## JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.5.5 (04.15.2015:1) OS: Windows 7 Home Premium x64 Ran by Ivo on 16.04.2015 at 13:24:51.93 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [Service] update whilokii Successfully deleted: [Service] update whilokii Successfully stopped: [Service] util whilokii Successfully deleted: [Service] util whilokii ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update whilokii Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util whilokii ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec Successfully deleted: [Empty Folder] C:\Users\Ivo\appdata\local\{0E9F08A9-37F4-4B25-AAE5-3A5617DC85BA} Successfully deleted: [Empty Folder] C:\Users\Ivo\appdata\local\{1C190911-4AAD-429A-B3AB-3491064445E8} Successfully deleted: [Empty Folder] C:\Users\Ivo\appdata\local\{39CBC0C7-37E6-46AA-8CF6-A7DEAE8E04EE} Successfully deleted: [Empty Folder] C:\Users\Ivo\appdata\local\{441A7E28-C48A-4AA2-BB9A-B6CAA26E134B} Successfully deleted: [Empty Folder] C:\Users\Ivo\appdata\local\{5A8C56A8-A674-41B0-BB62-F5FD95CAC199} Successfully deleted: [Empty Folder] C:\Users\Ivo\appdata\local\{9A392B6E-0062-4E06-9A8D-EFE16FD7C0B3} ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 16.04.2015 at 13:31:10.62 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04 Ran by Ivo (administrator) on LINN-TOSHIBA on 16-04-2015 13:42:08 Running from C:\Users\Ivo\Desktop Loaded Profiles: Ivo (Available profiles: Ivo) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-02-01] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2011-12-23] (Synaptics Incorporated) HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-02-06] (SRS Labs, Inc.) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-14] (TOSHIBA Corporation) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1548208 2011-11-24] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-15] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-26] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH) HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-03-07] (Toshiba Europe GmbH) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-01-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-02] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation) HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation) HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-22] (TOSHIBA) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe [577792 2010-09-17] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-04-02] (AVAST Software) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM-x32\...\Run: [emsisoft anti-malware] => C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [4886608 2015-03-23] (Emsisoft GmbH) HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1 HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1 HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384 2012-05-30] (Gadwin Systems, Inc) HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\...\Run: [Facebook Update] => C:\Users\Ivo\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-30] (Facebook Inc.) HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\...\Run: [Spotify Web Helper] => C:\Users\Ivo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-12] (Spotify Ltd) HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\...\Run: [Spotify] => C:\Users\Ivo\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-12] (Spotify Ltd) HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA SearchScopes: HKLM -> {41473E08-0591-4013-8C67-77933D207F3D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA; SearchScopes: HKLM-x32 -> {41473E08-0591-4013-8C67-77933D207F3D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA; SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000 -> {41473E08-0591-4013-8C67-77933D207F3D} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-09] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-20] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-09] (Oracle Corporation) BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-11-03] (<TOSHIBA>) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-09] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-20] (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-09] (Oracle Corporation) BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-11-03] (<TOSHIBA>) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.254 FireFox: ======== FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-09] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-09] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-09] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll No File FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-09] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1620153069-3634999086-2626984608-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Ivo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-23] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.ch/" CHR Profile: C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Adblock Plus) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-09] CHR Extension: (Avast Online Security) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-17] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12] CHR Extension: (Google Wallet) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5020520 2015-03-23] (Emsisoft GmbH) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-20] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-20] (Avast Software) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S2 NTI BackupNowEZSvr; C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [45312 2010-09-17] (NewTech Infosystems, Inc.) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-25] (Electronic Arts) S2 SMITS; C:\Windows\SysWOW64\SMITSC.exe [13312 2015-01-08] () [File not signed] S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-20] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-20] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-20] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-20] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-20] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-20] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-20] () S2 CxDevice; C:\Windows\SysWOW64\Drivers\CxDevice.sys [42144 2013-03-07] (Beckhoff Automation GmbH) R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-23] (Emsisoft GmbH) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation) S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19032 2012-08-20] () S3 pwdspio; C:\windows\system32\pwdspio.sys [12384 2012-08-20] () R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2011-12-23] (Synaptics Incorporated) S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] () S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] () S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] () R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-20] (Avast Software) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-16 13:42 - 2015-04-16 13:42 - 00020913 _____ () C:\Users\Ivo\Desktop\FRST.txt 2015-04-16 13:42 - 2015-04-16 13:42 - 00000000 ____D () C:\Users\Ivo\Desktop\FRST-OlderVersion 2015-04-16 13:31 - 2015-04-16 13:31 - 00001742 _____ () C:\Users\Ivo\Desktop\JRT.txt 2015-04-16 13:31 - 2015-04-16 13:31 - 00000247 _____ () C:\windows\system32\2015-04-16-11-31-12.003-aswFe.exe-3340.log 2015-04-16 13:26 - 2015-04-16 13:31 - 00000247 _____ () C:\windows\system32\2015-04-16-11-26-39.096-aswFe.exe-2392.log 2015-04-16 13:26 - 2015-04-16 13:26 - 00000197 _____ () C:\windows\system32\2015-04-16-11-26-32.025-AvastVBoxSVC.exe-1556.log 2015-04-16 13:24 - 2015-04-16 13:24 - 00000207 _____ () C:\windows\tweaking.com-regbackup-LINN-TOSHIBA-Windows-7-Home-Premium-(64-bit).dat 2015-04-16 13:24 - 2015-04-16 13:24 - 00000000 ____D () C:\RegBackup 2015-04-16 13:23 - 2015-04-16 13:24 - 02686088 _____ (Thisisu) C:\Users\Ivo\Desktop\JRT.exe 2015-04-16 13:14 - 2015-04-16 13:14 - 00001063 _____ () C:\Users\Ivo\Desktop\AdwCleaner[S1].txt 2015-04-16 13:13 - 2015-04-16 13:13 - 00000197 _____ () C:\windows\system32\2015-04-16-11-13-53.020-AvastVBoxSVC.exe-2940.log 2015-04-16 13:04 - 2015-04-16 13:04 - 02217984 _____ () C:\Users\Ivo\Desktop\AdwCleaner_4.201.exe 2015-04-16 13:02 - 2015-04-16 13:03 - 00000000 ____D () C:\Users\Ivo\Desktop\Scan-Programme 2015-04-14 00:38 - 2015-04-14 00:38 - 00000000 ____D () C:\ProgramData\Emsisoft 2015-04-13 18:16 - 2015-04-14 01:16 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-13 14:40 - 2015-04-13 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2015-04-13 14:40 - 2015-03-23 23:17 - 00135800 _____ (Emsisoft GmbH) C:\windows\system32\Drivers\epp64.sys 2015-04-13 14:39 - 2015-04-16 13:25 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2015-04-13 14:31 - 2015-04-16 13:42 - 02097664 _____ (Farbar) C:\Users\Ivo\Desktop\FRST64.exe 2015-04-13 14:31 - 2015-04-16 13:42 - 00000000 ____D () C:\FRST 2015-04-13 14:29 - 2015-04-13 14:29 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-04-13 14:14 - 2015-04-13 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-13 14:14 - 2015-04-13 14:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-04-13 14:14 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-04-13 14:14 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-04-13 14:14 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-04-13 13:04 - 2015-04-13 13:04 - 00000000 ____D () C:\Users\Ivo\AppData\Local\Siemens 2015-04-13 12:47 - 2015-04-16 13:01 - 00000000 ____D () C:\Users\Ivo\Desktop\Virenscans 2015-04-13 12:34 - 2013-11-11 14:46 - 00001998 _____ () C:\Users\Ivo\Desktop\Start_NX9_BFH_local german.lnk 2015-04-13 10:23 - 2015-04-13 10:23 - 00000000 ____D () C:\Users\Ivo\Desktop\AMAX 2015-04-13 10:07 - 2015-04-13 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Siemens NX 9.0 2015-04-13 09:36 - 2015-04-13 09:36 - 00000000 ____D () C:\Program Files\Siemens 2015-04-13 09:10 - 2015-04-13 09:18 - 00000000 ____D () C:\Users\Ivo\Desktop\dvdrom090 2015-04-12 15:57 - 2015-04-16 13:18 - 00000000 ____D () C:\AdwCleaner 2015-04-12 15:51 - 2015-04-12 15:51 - 00000000 ____D () C:\Users\Ivo\AppData\Roaming\JAM Software 2015-04-12 15:51 - 2015-04-12 15:51 - 00000000 ____D () C:\Program Files (x86)\JAM Software 2015-04-05 10:06 - 2015-04-05 10:06 - 00000000 ___SD () C:\windows\SysWOW64\GWX 2015-04-05 10:06 - 2015-04-05 10:06 - 00000000 ___SD () C:\windows\system32\GWX ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-16 13:41 - 2012-09-27 10:19 - 00000000 ____D () C:\Users\Ivo\Documents\Outlook-Dateien 2015-04-16 13:36 - 2012-06-05 10:34 - 02034912 _____ () C:\windows\WindowsUpdate.log 2015-04-16 13:23 - 2012-03-07 02:05 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-04-16 13:22 - 2009-07-14 06:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-16 13:22 - 2009-07-14 06:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-16 13:16 - 2012-09-30 18:58 - 00000000 ____D () C:\Users\Ivo\AppData\Roaming\Spotify 2015-04-16 13:16 - 2012-09-30 18:58 - 00000000 ____D () C:\Users\Ivo\AppData\Local\Spotify 2015-04-16 13:14 - 2012-10-30 15:05 - 00000000 ____D () C:\Users\Ivo\AppData\Roaming\Dropbox 2015-04-16 13:14 - 2012-09-29 12:55 - 00000598 _____ () C:\windows\Tasks\MATLAB R2012a Startup Accelerator.job 2015-04-16 13:13 - 2012-09-23 14:05 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update 2015-04-16 13:11 - 2013-06-12 13:22 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job 2015-04-16 13:11 - 2012-03-07 02:21 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-16 13:10 - 2014-04-08 20:02 - 00100564 _____ () C:\windows\PFRO.log 2015-04-16 13:10 - 2014-03-06 17:24 - 00084619 _____ () C:\windows\setupact.log 2015-04-16 13:10 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-04-16 12:54 - 2012-03-07 02:21 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-16 11:58 - 2012-09-30 20:53 - 00000920 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1620153069-3634999086-2626984608-1000UA.job 2015-04-16 09:56 - 2012-09-30 20:53 - 00000898 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1620153069-3634999086-2626984608-1000Core.job 2015-04-15 10:42 - 2015-02-16 17:41 - 00000000 ____D () C:\Users\Ivo\Desktop\PA2 Ivo 2015-04-15 09:00 - 2012-11-18 17:35 - 00000000 ____D () C:\Users\Ivo\Desktop\Zum Ausdrucken 2015-04-13 14:14 - 2013-11-15 11:00 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-13 12:57 - 2009-07-14 06:45 - 00439072 _____ () C:\windows\system32\FNTCACHE.DAT 2015-04-13 12:33 - 2012-09-29 13:43 - 00000000 ____D () C:\NX_Data 2015-04-13 11:28 - 2014-05-23 19:15 - 00000000 ____D () C:\Users\Ivo\Desktop\dvdrom0902_05 2015-04-13 10:24 - 2012-09-23 13:56 - 00114160 _____ () C:\Users\Ivo\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-12 17:18 - 2012-09-30 18:58 - 00001797 _____ () C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-04-11 14:50 - 2011-02-11 10:21 - 00699666 _____ () C:\windows\system32\perfh007.dat 2015-04-11 14:50 - 2011-02-11 10:21 - 00149774 _____ () C:\windows\system32\perfc007.dat 2015-04-11 14:50 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI 2015-04-10 14:34 - 2012-10-30 15:15 - 00000000 ____D () C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-04-08 15:57 - 2014-11-10 19:03 - 00000000 ____D () C:\Users\Ivo\Desktop\Zum Einordnen 2015-04-03 09:58 - 2012-09-27 22:56 - 01594892 _____ () C:\windows\SysWOW64\PerfStringBackup.INI ==================== Files in the root of some directories ======= 2013-01-03 13:50 - 2013-01-03 13:50 - 0003584 _____ () C:\Users\Ivo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some content of TEMP: ==================== C:\Users\Ivo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfwhevq.dll C:\Users\Ivo\AppData\Local\Temp\jre-8u20-windows-au.exe C:\Users\Ivo\AppData\Local\Temp\jre-8u40-windows-au.exe C:\Users\Ivo\AppData\Local\Temp\RSPUpgradeInstaller.exe C:\Users\Ivo\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-14 00:56 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 04 Ran by Ivo at 2015-04-16 13:42:44 Running from C:\Users\Ivo\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4K Video Downloader 3.1 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.1.2.1275 - Open Media LLC) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden AMD Catalyst Install Manager (HKLM\...\{F856881A-D370-B1A7-2AFF-128F4AA93558}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.) Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.0.0.12 - Atheros Communications) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.12.13 - Atheros Communications Inc.) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros) Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.00.00(T) - TOSHIBA CORPORATION) Brother MFL-Pro Suite MFC-J6910DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 2.0.0.0 - Brother Industries, Ltd.) Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden CodeMeter Runtime Kit v5.10 (HKLM\...\{BD62A012-1D08-4A38-9982-488618B12E95}) (Version: 5.10.1220.500 - WIBU-SYSTEMS AG) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC) Dropbox (HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.) Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Free YouTube to MP3 Converter version 3.12.12.827 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.12.827 - DVDVideoSoft Ltd.) Gadwin PrintScreen (HKLM-x32\...\Gadwin PrintScreen) (Version: 4.7 - Gadwin Systems, Inc.) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.) Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Hotfix für Microsoft Visual C# 2010 Express - DEU (KB2635973) (HKLM-x32\...\{D81641E8-ABF1-3D07-803B-60E8FC619368}.KB2635973) (Version: 1 - Microsoft Corporation) Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation) Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) Mathcad PDSi viewable support (HKLM-x32\...\Mathcad PDSi viewable support) (Version: 9.0.0 - Adobe Systems) Mathcad PDSi viewable support (x32 Version: 9.0.0 - Adobe Systems) Hidden Matlab R2012a (HKLM-x32\...\{7B88EC96-7A2F-480B-B9EC-00C20AD6381E}) (Version: 1.0.0 - The MathWorks, Inc.) MATLAB R2012a Student Version (32-bit) (HKLM-x32\...\Matlab SV R2012a) (Version: 7.14 - The MathWorks, Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft Visual C# 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C# 2010 Express - DEU) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyFreeCodec (HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\...\MyFreeCodec) (Version: - ) Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG) NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 2.0.2.8 - NewTech Infosystems) NTI Backup Now EZ (x32 Version: 2.0.2.8 - NewTech Infosystems) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Premium Sound HD (HKLM\...\{439A73C2-8CFA-4630-8484-36BCA2AEBB0A}) (Version: 1.12.0300 - SRS Labs, Inc.) PTC Mathcad Prime 3.0 (HKLM\...\{C4AB999A-D981-4913-BA26-E4776B598E7D}) (Version: 3.0.0 - PTC) PTC Quality Agent (HKLM-x32\...\{5B7F8A19-AF71-4517-B49C-683AFC5B639C}) (Version: 2.0.0.0 - PTC) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39013 - Realtek Semiconductor Corp.) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13034_9 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.3.13034_9 - Samsung Electronics Co., Ltd.) Hidden Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.) Siemens NX 9.0 (HKLM\...\{CAE1D783-E86C-4144-B0E3-8D2485019B11}) (Version: 9.0.0.19 - Siemens) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.39.0 - Synaptics Incorporated) TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.) TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION) TOSHIBA Blu-ray Disc Player (HKLM\...\{27C3DB42-A9C1-4B44-A164-93849D160D12}) (Version: 1.0.5.214 - Toshiba Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM\...\{2C486987-D447-4E36-8D61-86E48E24199C}) (Version: 1.3.10.64 - TOSHIBA Corporation) TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.8 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation) Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.04 - TOSHIBA) TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION) TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION) TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation) TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION) TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA) TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA) TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0022.000104 - TOSHIBA Corporation) TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.3 - TOSHIBA Corporation) TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation) TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation) VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN) WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent) WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.) Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation) Youtube Downloader HD v. 2.9.5 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ivo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 17-03-2015 12:45:18 Windows Update 24-03-2015 11:12:32 Windows Update 31-03-2015 10:55:12 Windows Update 03-04-2015 09:51:39 Windows Update 05-04-2015 10:05:44 Windows Update 10-04-2015 14:42:59 Windows Update 13-04-2015 08:04:28 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {09B56658-9662-42FF-8419-5BF4D34DA1D0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1620153069-3634999086-2626984608-1000Core => C:\Users\Ivo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-30] (Facebook Inc.) Task: {0B190EA0-A9ED-4F05-ACD6-EFCA2EF5C254} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\windows\TEMP\{D1D73F7F-092D-4840-A8D1-40A307EC5D16}.exe Task: {12F19F81-FE4C-4FB1-8AAE-CD0BEE2842EE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {23C6A236-7130-4BBF-8F0B-5B17C04D878F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {2808FB14-91DA-42F3-AFA6-79B5C7E7C4CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {55E23CE4-B0C9-4FDE-A93C-69DC23C19BAD} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {6633008B-0EC4-4921-A19A-28D5F153967E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {6F65B2F6-61E0-4982-9C30-32581D5DBC3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.) Task: {764851F5-0E4A-43EB-8839-354CA451FB82} - System32\Tasks\MATLAB R2012a Startup Accelerator => C:\Program Files (x86)\MATLAB\R2012a Student\bin\win32\MATLABStartupAccelerator.exe [2011-12-29] () Task: {81C2E56B-A1E6-4281-BD40-DD7F626C8B6A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-02-10] (Oracle Corporation) Task: {8330FB98-550F-4BF2-B698-EF673FC43F61} - System32\Tasks\{6F692C3E-C7D8-40C1-9307-0F10D81659C2} => pcalua.exe -a C:\Users\Ivo\AppData\Local\Temp\Temp2_MCG_Mathcad_Prime_3.0_64.zip\MCG_Mathcad_Prime_3.0_64\Setup.exe Task: {9C9D0898-99BF-4A56-B18C-47A4FFD752C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd) Task: {B693A355-823C-455A-8CD7-2097843D95FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.) Task: {BB45D115-0CAE-4FC7-A651-0B83B90C09FE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-20] (AVAST Software) Task: {CDBF5E00-F92F-437B-A840-CA7251EBD4B7} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation) Task: {D1D5EE5D-435F-4954-AC95-30D89B1D7E3E} - System32\Tasks\{1B83124C-CC34-416A-BF9C-EDF63CC38BE0} => pcalua.exe -a C:\Users\Ivo\AppData\Local\Temp\Temp3_MCG_Mathcad_Prime_3.0_64.zip\MCG_Mathcad_Prime_3.0_64\Setup.exe Task: {D6F2EF9F-7F7F-4856-9951-D3DD0841F360} - System32\Tasks\{DD0FEC30-E4CC-4D07-8461-037759976857} => pcalua.exe -a C:\Users\Ivo\AppData\Local\Temp\Temp2_MCG_Mathcad_Prime_3.0_32.zip\MCG_Mathcad_Prime_3.0_32\Setup.exe Task: {DEC136F4-0A7E-4ED3-B13A-2610BD612E73} - System32\Tasks\{DD25B78F-360B-42DD-B315-51452CDE2201} => pcalua.exe -a C:\Users\Ivo\AppData\Local\Temp\Temp1_MCG_Mathcad_Prime_3.0_32.zip\MCG_Mathcad_Prime_3.0_32\Setup.exe Task: {E1C688E1-92DE-4E28-997D-169B296790B8} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {E3DCA245-DC2D-40A7-80E8-64A61C429E70} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {F3B0CFEA-6790-41B7-8E08-AA035D18F72A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1620153069-3634999086-2626984608-1000UA => C:\Users\Ivo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-30] (Facebook Inc.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\windows\TEMP\{D1D73F7F-092D-4840-A8D1-40A307EC5D16}.exe <==== ATTENTION Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1620153069-3634999086-2626984608-1000Core.job => C:\Users\Ivo\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1620153069-3634999086-2626984608-1000UA.job => C:\Users\Ivo\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\MATLAB R2012a Startup Accelerator.job => C:\Program Files (x86)\MATLAB\R2012a Student\bin\win32\MATLABStartupAccelerator.exe ==================== Loaded Modules (whitelisted) ============== 2012-09-30 16:48 - 2010-03-16 01:04 - 00143360 _____ () C:\windows\system32\BrSNMP64.dll 2011-08-23 00:19 - 2011-08-23 00:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2014-12-20 12:06 - 2014-12-20 12:06 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll 2014-12-20 12:06 - 2014-12-20 12:06 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll 2015-04-16 09:43 - 2015-04-16 09:43 - 02925568 _____ () C:\Program Files\AVAST Software\Avast\defs\15041600\algo.dll 2014-12-20 12:06 - 2014-12-20 12:06 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll 2015-03-14 14:49 - 2015-03-14 14:49 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-10-10 23:48 - 2013-10-10 23:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720 AlternateDataStreams: C:\Users\Ivo\Desktop\de_Thesisvorlage_mit_Titelbild.dot:com.dropbox.attributes AlternateDataStreams: C:\Users\Ivo\Desktop\NX9 config BFH De v1.2.pdf:com.apple.quarantine AlternateDataStreams: C:\Users\Ivo\Desktop\PA2 & Thesis.lnk:com.dropbox.attributes ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.254 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized MSCONFIG\startupreg: CODESYSControlSysTray => "C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlSysTray.exe" MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: Spotify => "C:\Users\Ivo\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Ivo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent MSCONFIG\startupreg: TcSysUI => C:\TwinCAT\3.0\System\TcSysUi.exe ==================== Accounts: ============================= Administrator (S-1-5-21-1620153069-3634999086-2626984608-500 - Administrator - Disabled) Gast (S-1-5-21-1620153069-3634999086-2626984608-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1620153069-3634999086-2626984608-1003 - Limited - Enabled) Ivo (S-1-5-21-1620153069-3634999086-2626984608-1000 - Administrator - Enabled) => C:\Users\Ivo ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: avast! Firewall NDIS Filter Miniport Description: avast! Firewall NDIS Filter Miniport Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ALWIL Software Service: aswNdis Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ========================= Application errors: ================== Error: (04/16/2015 01:11:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/15/2015 05:58:45 AM) (Source: Google Update) (EventID: 20) (User: Linn-Toshiba) Description: Network Request Error. Error: 0x80040880. Http status code: 200. Url=https://www.facebook.com/omaha/update.php Trying config: source=IE, direct connection. trying CUP:WinHTTP. Send request returned 0x80040880. Http status code 200. trying WinHTTP. Send request returned 0x80072f8f. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80040880. Http status code 200. trying WinHTTP. Send request returned 0x80072f8f. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, direct connection. trying CUP:WinHTTP. Send request returned 0x80040880. Http status code 200. trying WinHTTP. Send request returned 0x80072f8f. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x Error: (04/13/2015 06:12:34 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/13/2015 02:44:52 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/13/2015 02:29:07 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/13/2015 02:29:04 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/13/2015 00:58:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/12/2015 04:06:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/12/2015 04:04:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/12/2015 03:58:09 PM) (Source: MATLAB) (EventID: 0) (User: ) Description: MATLABSevere: Error checking out license The program '[25848] C:\Apps\MATLAB\R2012a\bin\win64\MATLAB.exe: Native' has exited with code 1 (0x1). System errors: ============= Error: (04/16/2015 01:25:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "TOSHIBA HDD SSD Alert Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (04/16/2015 01:25:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "TPCH Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (04/16/2015 01:25:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/16/2015 01:25:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "TMachInfo" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (04/16/2015 01:25:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "BrYNSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (04/16/2015 01:25:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "TOSHIBA Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (04/16/2015 01:25:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/16/2015 01:25:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/16/2015 01:25:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "TOSHIBA eco Utility Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (04/16/2015 01:25:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "CodeMeter Runtime Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= Error: (04/16/2015 01:11:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/15/2015 05:58:45 AM) (Source: Google Update) (EventID: 20) (User: Linn-Toshiba) Description: Network Request Error. Error: 0x80040880. Http status code: 200. Url=https://www.facebook.com/omaha/update.php Trying config: source=IE, direct connection. trying CUP:WinHTTP. Send request returned 0x80040880. Http status code 200. trying WinHTTP. Send request returned 0x80072f8f. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80040880. Http status code 200. trying WinHTTP. Send request returned 0x80072f8f. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, direct connection. trying CUP:WinHTTP. Send request returned 0x80040880. Http status code 200. trying WinHTTP. Send request returned 0x80072f8f. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x Error: (04/13/2015 06:12:34 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (04/13/2015 02:44:52 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Downloads\esetsmartinstaller_deu.exe Error: (04/13/2015 02:29:07 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Downloads\esetsmartinstaller_deu.exe Error: (04/13/2015 02:29:04 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Downloads\esetsmartinstaller_deu.exe Error: (04/13/2015 00:58:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/12/2015 04:06:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/12/2015 04:04:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/12/2015 03:58:09 PM) (Source: MATLAB) (EventID: 0) (User: ) Description: MATLABSevere: Error checking out license The program '[25848] C:\Apps\MATLAB\R2012a\bin\win64\MATLAB.exe: Native' has exited with code 1 (0x1). ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz Percentage of memory in use: 23% Total physical RAM: 8154.8 MB Available physical RAM: 6266.25 MB Total Pagefile: 16307.8 MB Available Pagefile: 14020.16 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (TI30886900A) (Fixed) (Total:146.48 GB) (Free:15.51 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Volume) (Fixed) (Total:534.82 GB) (Free:476.45 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 1780111D) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=534.8 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=15.9 GB) - (Type=17) ==================== End Of Log ============================ |
16.04.2015, 13:49 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | C-Laufwerk füllt sich von selbst FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\...\Run: [] => [X] SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000 -> {41473E08-0591-4013-8C67-77933D207F3D} URL = Toolbar: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\windows\TEMP\{D1D73F7F-092D-4840-A8D1-40A307EC5D16}.exe <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:373E1720 EmptyTemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
16.04.2015, 14:15 | #13 |
| C-Laufwerk füllt sich von selbstCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 04 Ran by Ivo at 2015-04-16 15:12:21 Run:1 Running from C:\Users\Ivo\Desktop Loaded Profiles: Ivo (Available profiles: Ivo) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Run: [] => [X] SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000 -> {41473E08-0591-4013-8C67-77933D207F3D} URL = Toolbar: HKU\S-1-5-21-1620153069-3634999086-2626984608-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\windows\TEMP\{D1D73F7F-092D-4840-A8D1-40A307EC5D16}.exe <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{41473E08-0591-4013-8C67-77933D207F3D}" => Key deleted successfully. HKCR\CLSID\{41473E08-0591-4013-8C67-77933D207F3D} => Key not found. HKU\S-1-5-21-1620153069-3634999086-2626984608-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => Moved successfully. C:\ProgramData\TEMP => ":373E1720" ADS removed successfully. ==== End of Fixlog 15:12:21 ==== |
16.04.2015, 14:25 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | C-Laufwerk füllt sich von selbst Fertig. Wenn du jetzt noch Platzfresser hast, musst du die mit TreeSize Free - Download - Filepony aufspüren
__________________ Logfiles bitte immer in CODE-Tags posten |
16.04.2015, 16:25 | #15 |
| C-Laufwerk füllt sich von selbst Ok, vielen herzlichen Dank für die Hilfe und die Geduld. Habt ihr ein PayPal-Konto, wo ich euch eine kleine Spende hinterlassen könnte? |
Themen zu C-Laufwerk füllt sich von selbst |
festplatte, füllt, von selbst |