Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Adware und Spyware gefunden von MNet Sicherheitstool

Adware und Spyware gefunden von MNet Sicherheitstool


Plagegeister aller Art und deren Bekämpfung: Adware und Spyware gefunden von MNet Sicherheitstool

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 15.06.2015, 21:33   #1
Queesy1
 
Adware und Spyware gefunden von MNet Sicherheitstool - Standard

Adware und Spyware gefunden von MNet Sicherheitstool


Guten Abend,
seit einigen Wochen verhält sich dieser Rechner sehr suspekt. Heute kam dann der Höhepunkt: Datensicherung ging nicht, CDs ließen sich nicht mehr lesen, USB-Sticks wurden nicht erkannt... Windows Update blieb hängen. Eure Webseite wird zu Werbung umgeleitet :-(

Also wende ich mich an euch, weil ihr immer helfen könnt :-)

Hier die ersten Logfiles. Defogger gab übrigens keine Fehlermeldung aus.
Frst.txt
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by Josi (administrator) on JOSI-NOTEBOOK on 15-06-2015 22:17:39
Running from C:\Users\Josi\Downloads
Loaded Profiles: Josi (Available Profiles: Josi & Beni & Gast)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\fsgk32.exe
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Common\FSHDLL32.EXE
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TuneUp Software) C:\Windows\System32\TUProgSt.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproTray.exe
(Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\FWES\program\fsdfwd.exe
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\fsav32.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Common\FSM32.EXE
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [421888 2007-04-16] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2008-11-21] (TOSHIBA)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1011712 2009-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7289376 2009-03-30] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-04-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [468320 2009-03-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [503808 2009-03-31] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [729088 2009-03-23] (TOSHIBA Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1323008 2009-04-24] (TOSHIBA Corporation)
HKLM\...\Run: [TPCHWMsg] => C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe [570736 2009-04-15] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [299008 2009-05-12] (TOSHIBA CORPORATION)
HKLM\...\Run: [cfFncEnabler.exe] => C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe [16384 2009-03-24] (Toshiba Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1045904 2009-03-23] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [96144 2009-03-04] (Toshiba Europe GmbH)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-04-03] (CANON INC.)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [4389592 2009-11-06] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [962688 2009-11-06] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [377712 2009-11-06] (Acronis)
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM\...\Run: [NeroCheck] => C:\Windows\system32\\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [F-Secure Manager] => C:\Program Files\M-net\Sicherheitspaket\Common\FSM32.EXE [201128 2009-11-18] (F-Secure Corporation)
HKLM\...\Run: [F-Secure TNB] => C:\Program Files\M-net\Sicherheitspaket\FSGUI\TNBUtil.exe [1655464 2012-07-24] (F-Secure Corporation)
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [135680 2008-07-03] (Microsoft Corporation)
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\...\Run: [Google Update] => C:\Users\Josi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-20] (Google Inc.)
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\...\MountPoints2: {2be051eb-2158-11df-b128-0026223033e5} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\...\MountPoints2: {5530445e-d60d-11e3-a640-0026223033e5} - D:\Menu.exe
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\...\MountPoints2: {8e1bdb74-9121-11de-8158-806e6f6e6963} - rundll32.exe url,FileProtocolHandler index.html
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\...\MountPoints2: {c4c27749-ef31-11de-8993-0026223033e5} - D:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA)
Startup: C:\Users\Beni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2009-12-08]
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-06-09]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-06-09]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2015-01-25]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-550289631-3001628655-2886833039-1002\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0FFA6FC6-A0BC-4284-9E06-C8B6E3AFBF3B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
SearchScopes: HKLM -> {0FFA6FC6-A0BC-4284-9E06-C8B6E3AFBF3B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
SearchScopes: HKU\S-1-5-21-550289631-3001628655-2886833039-1000 -> DefaultScope {0FFA6FC6-A0BC-4284-9E06-C8B6E3AFBF3B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG_deDE356
SearchScopes: HKU\S-1-5-21-550289631-3001628655-2886833039-1000 -> {0FFA6FC6-A0BC-4284-9E06-C8B6E3AFBF3B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG_deDE356
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2013-01-28] (Sun Microsystems, Inc.)
BHO: Browsing Protection Class -> {C6867EB7-8350-4856-877F-93CF8AE3DC9C} -> C:\Program Files\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll [2014-06-03] (F-Secure Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2013-01-28] (Sun Microsystems, Inc.)
Toolbar: HKLM - Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll [2014-06-03] (F-Secure Corporation)
Toolbar: HKU\S-1-5-21-550289631-3001628655-2886833039-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Winsock: Catalog9 02 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Winsock: Catalog9 03 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Winsock: Catalog9 04 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Winsock: Catalog9 05 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Winsock: Catalog9 06 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Winsock: Catalog9 07 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Winsock: Catalog9 08 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Winsock: Catalog9 09 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Winsock: Catalog9 10 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Winsock: Catalog9 21 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Josi\AppData\Roaming\Mozilla\Firefox\Profiles\lolrty9n.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [2008-08-21] (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_38 -> C:\Windows\system32\npdeployJava1.dll [2013-01-28] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2013-01-28] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-550289631-3001628655-2886833039-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Josi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-550289631-3001628655-2886833039-1000: @talk.google.com/O1DPlugin -> C:\Users\Josi\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-550289631-3001628655-2886833039-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-550289631-3001628655-2886833039-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.)
FF user.js: detected! => C:\Users\Josi\AppData\Roaming\Mozilla\Firefox\Profiles\lolrty9n.default\user.js [2015-03-26]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Josi\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Josi\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Josi\AppData\Roaming\Mozilla\Firefox\Profiles\lolrty9n.default\searchplugins\ask-web-search.xml [2013-12-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2015-06-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-08]
FF HKLM\...\Firefox\Extensions: [litmus-ff@f-secure.com] - C:\Program Files\M-net\Sicherheitspaket\NRS\litmus-ff@f-secure.com
FF Extension: Browsing Protection - C:\Program Files\M-net\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2012-07-24]

Chrome: 
=======
CHR Profile: C:\Users\Josi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Assist Point) - C:\Users\Josi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpoafklolhgippbaembaimabcodejbe [2015-05-03]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [619408 2009-11-06] (Acronis)
R2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
R2 F-Secure Gatekeeper Handler Starter; C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe [221608 2009-11-18] (F-Secure Corporation)
R3 FSDFWD; C:\Program Files\M-net\Sicherheitspaket\FWES\Program\fsdfwd.exe [524712 2009-11-18] (F-Secure Corporation)
R2 FSMA; C:\Program Files\M-net\Sicherheitspaket\Common\FSMA32.EXE [188840 2009-11-18] (F-Secure Corporation)
R3 FSORSPClient; C:\Program Files\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe [60456 2015-03-10] (F-Secure Corporation)
R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-03-23] (Toshiba Europe GmbH)
R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [62776 2009-04-01] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-24] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation) [File not signed]
R2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [656752 2009-04-15] (TOSHIBA Corporation)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [360704 2011-07-04] (TuneUp Software)
R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604416 2011-07-04] (TuneUp Software)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 F-Secure Filter; C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\Win2K\FSfilter.sys [41640 2009-11-18] ()
R3 F-Secure Gatekeeper; C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys [145856 2013-07-10] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys [69928 2009-11-18] (F-Secure Corporation)
S4 F-Secure Recognizer; C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\Win2K\FSrec.sys [27048 2009-11-18] ()
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [43560 2015-06-09] ()
R1 FSES; C:\Windows\System32\drivers\fses.sys [41552 2012-07-24] (F-Secure Corporation)
R1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [72904 2009-11-18] (F-Secure Corporation)
R1 fsvista; C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys [14248 2009-11-18] ()
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-05-07] (COMPAL ELECTRONIC INC.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-08-22] (Malwarebytes Corporation)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-11] (Realtek Semiconductor Corp.)
R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2009-12-27] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44704 2009-12-27] (Acronis)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-20] (TOSHIBA Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-15 22:17 - 2015-06-15 22:18 - 00023981 _____ C:\Users\Josi\Downloads\FRST.txt
2015-06-15 22:17 - 2015-06-15 22:17 - 00000000 ____D C:\FRST
2015-06-15 22:16 - 2015-06-15 22:17 - 01148416 _____ (Farbar) C:\Users\Josi\Downloads\FRST.exe
2015-06-15 22:15 - 2015-06-15 22:15 - 00000470 _____ C:\Users\Josi\Downloads\defogger_disable.log
2015-06-15 22:15 - 2015-06-15 22:15 - 00000000 _____ C:\Users\Josi\defogger_reenable
2015-06-15 22:14 - 2015-06-15 22:14 - 00050477 _____ C:\Users\Josi\Downloads\Defogger.exe
2015-06-15 21:42 - 2015-06-15 21:42 - 00004484 _____ C:\Users\Josi\Documents\cc_20150615_214201.reg
2015-06-15 20:34 - 2015-06-15 21:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-15 20:28 - 2015-06-15 21:36 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2015-06-11 20:47 - 2015-06-11 20:47 - 00001701 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-09 14:08 - 2015-06-09 14:08 - 06420480 _____ C:\Program Files\GUTB24E.tmp
2015-06-09 14:08 - 2015-06-09 14:08 - 00000000 ____D C:\Program Files\GUMB24D.tmp
2015-06-09 14:05 - 2015-06-09 14:05 - 00000008 __RSH C:\ProgramData\ntuser.pol

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-15 22:17 - 2010-03-13 14:37 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-15 22:16 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-15 22:16 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-15 22:15 - 2009-12-06 13:16 - 00000000 ____D C:\Users\Josi
2015-06-15 22:05 - 2014-12-10 18:44 - 01673804 _____ C:\Windows\WindowsUpdate.log
2015-06-15 22:00 - 2011-07-04 07:35 - 00000498 _____ C:\Windows\Tasks\1-Klick-Wartung.job
2015-06-15 21:59 - 2012-09-24 10:19 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550289631-3001628655-2886833039-1000UA.job
2015-06-15 21:47 - 2013-01-08 21:47 - 00000000 ____D C:\Users\Josi\AppData\Roaming\Garmin
2015-06-15 21:45 - 2009-12-06 13:19 - 00000000 ____D C:\Users\Josi\AppData\Local\Google
2015-06-15 21:45 - 2009-06-09 11:27 - 00000000 ____D C:\ProgramData\Google
2015-06-15 21:45 - 2009-06-09 11:27 - 00000000 ____D C:\Program Files\Google
2015-06-15 21:41 - 2010-05-16 18:10 - 00000000 ____D C:\Windows\Minidump
2015-06-15 21:39 - 2008-01-21 09:16 - 01586872 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-15 21:36 - 2012-04-25 13:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-15 21:36 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-15 21:34 - 2010-03-13 14:37 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-15 21:34 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-15 20:59 - 2012-09-24 10:19 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550289631-3001628655-2886833039-1000Core.job
2015-06-15 20:32 - 2012-04-11 07:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-14 22:48 - 2006-11-02 15:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-13 14:50 - 2009-12-06 18:05 - 00130560 _____ C:\Users\Josi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-10 21:44 - 2009-06-09 11:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 21:43 - 2013-08-16 17:01 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 21:35 - 2006-11-02 12:24 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-06-10 21:32 - 2012-04-11 07:10 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-10 21:32 - 2011-08-19 22:59 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-09 20:50 - 2010-11-21 20:17 - 00000008 __RSH C:\Users\Josi\ntuser.pol
2015-06-09 14:12 - 2012-07-24 21:26 - 00043560 _____ C:\Windows\system32\Drivers\fsbts.sys

==================== Files in the root of some directories =======

2015-06-09 14:08 - 2015-06-09 14:08 - 6420480 _____ () C:\Program Files\GUTB24E.tmp
2014-02-21 15:22 - 2014-02-21 15:22 - 49940480 _____ () C:\Program Files\GUTF415.tmp
2009-12-06 15:51 - 2010-02-10 20:27 - 0000192 _____ () C:\Users\Josi\AppData\Roaming\wklnhst.dat
2009-12-06 23:54 - 2013-04-11 07:26 - 0000680 _____ () C:\Users\Josi\AppData\Local\d3d9caps.dat
2009-12-06 18:05 - 2015-06-13 14:50 - 0130560 _____ () C:\Users\Josi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-13 23:38 - 2009-12-13 23:39 - 0000336 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Josi\agsetup183se.exe
C:\Users\Josi\avira_antivir_personal415_de.exe
C:\Users\Josi\lameplugin.exe


Some files in TEMP:
====================
C:\Users\Beni\AppData\Local\Temp\AskSLib.dll
C:\Users\Beni\AppData\Local\Temp\contentDATs.exe
C:\Users\Beni\AppData\Local\Temp\IcqUpdater.exe
C:\Users\Beni\AppData\Local\Temp\iev6mvxg.dll
C:\Users\Beni\AppData\Local\Temp\install_flashplayer11x32_mssd_au_aih.exe
C:\Users\Gast\AppData\Local\Temp\tmp54F2.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-15 21:39

==================== End of log ============================
addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015
Ran by Josi at 2015-06-15 22:18:32
Running from C:\Users\Josi\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-550289631-3001628655-2886833039-500 - Administrator - Disabled)
Beni (S-1-5-21-550289631-3001628655-2886833039-1002 - Limited - Enabled) => C:\Users\Beni
Gast (S-1-5-21-550289631-3001628655-2886833039-501 - Limited - Enabled) => C:\Users\Gast
Josi (S-1-5-21-550289631-3001628655-2886833039-1000 - Administrator - Enabled) => C:\Users\Josi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: M-net Sicherheitspaket 9.12 (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: M-net Sicherheitspaket 9.12 (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: M-net Sicherheitspaket 9.12 (Enabled) {2D7AC0A6-6241-D774-E168-461178D9686C}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis*True*Image*Home (HKLM\...\{D1E0E859-F46D-4708-A41D-ED90C0C1822A}) (Version: 12.0.9809 - Acronis)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader 9 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.302.105 - ALPS ELECTRIC CO., LTD.)
ATI Catalyst Install Manager (HKLM\...\{4324E4DD-C67C-A413-5C12-5DC694A99AF6}) (Version: 3.0.723.0 - ATI Technologies, Inc.)
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
Canon MX310 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series) (Version:  - )
Canon MX310 series Benutzerregistrierung (HKLM\...\Canon MX310 series Benutzerregistrierung) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
ccc-core-static (Version: 2009.0421.2132.36832 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.08 - Piriform)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.05 - Piriform)
Free Hide Folder (HKLM\...\Free Hide Folder) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java(TM) 6 Update 38 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216038FF}) (Version: 6.0.380 - Oracle)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
M-net Sicherheitspaket (HKLM\...\F-Secure Product 444) (Version:  - )
Mozilla Firefox 38.0.5 (x86 de) (HKLM\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myphotobook 3.65 (HKLM\...\myphotobook) (Version: 3.65 - myphotobook)
Nero - Burning Rom (HKLM\...\{A4D7B764-4140-11D4-88EB-0050DA3579C0}) (Version: 5.5.9 - ahead software gmbh)
OpenOffice.org 3.1 (HKLM\...\{D765F1CE-5AE5-4C47-B134-AE58AC474740}) (Version: 3.1.9420 - OpenOffice.org)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC runtime (HKLM\...\{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}) (Version: 1 - Microsoft Corporation)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5821 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20132 - Realtek Semiconductor Corp.)
Skins (Version: 2009.0421.2132.36832 - ATI) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.10 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM\...\{1C971EE3-B4C4-4367-9676-57549919C6CE}) (Version: 7.40 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}) (Version: 7.4.9 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.00.1.04-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.0.3.0 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.0.5.32 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.0.0.1 - TOSHIBA Corporation)
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.06.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 - TOSHIBA)
TOSHIBA Recovery Disk Creator Reminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0017 - TOSHIBA)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.6 - TOSHIBA)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.0.26 - TOSHIBA)
TOSHIBA Supervisorkennwort (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
Toshiba TEMPRO (HKLM\...\{7C30283C-8DC7-4FBB-805E-52BEA5F580E8}) (Version: 2.0 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.8 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.0.1.8 - TOSHIBA Corporation)
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.6 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.6 - TOSHIBA) Hidden
TuneUp Utilities 2009 (HKLM\...\{55A29068-F2CE-456C-9148-C869879E2357}) (Version: 8.0.3000.20 - TuneUp Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Utility Common Driver (Version: 1.0.50.22C - TOSHIBA) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Josi\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Josi\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Josi\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)

==================== Restore Points =========================

09-05-2015 17:01:29 Windows Update
12-05-2015 23:29:25 Windows Update
09-06-2015 14:57:37 Geplanter Prüfpunkt
09-06-2015 22:51:53 Windows Update
10-06-2015 21:33:39 Windows Update
11-06-2015 20:57:36 Windows Update
13-06-2015 15:25:40 Geplanter Prüfpunkt
13-06-2015 17:12:59 Windows Update
14-06-2015 21:01:25 Windows Update
14-06-2015 22:41:36 Windows Update
15-06-2015 20:22:50 Windows Update
15-06-2015 20:45:08 Windows Update
15-06-2015 21:46:40 Removed Garmin Lifetime Updater

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4F0D4563-35AE-4B16-9157-0756CE5A77C0} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {50924D80-73C3-4F60-B083-E457ADAD8C47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {641E51DC-1C3A-406A-9DA3-5BBB92E4DED0} - System32\Tasks\Google Updater and Installer => C:\Users\Josi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-20] (Google Inc.)
Task: {69E0AE62-46CB-46B8-9702-A31FD5D30590} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-09-17] (Sun Microsystems, Inc.)
Task: {6ED9BFCA-3243-48A3-8529-5F7719B420F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {7FF43289-4788-4F53-8BDE-B6264A365FAC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-550289631-3001628655-2886833039-1000Core => C:\Users\Josi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-20] (Google Inc.)
Task: {83BF85F1-449B-4220-83B9-DA3317E6FC7B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-550289631-3001628655-2886833039-1000UA => C:\Users\Josi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-20] (Google Inc.)
Task: {AA7D33F5-BCDE-41A3-827C-A6C862E9AD53} - System32\Tasks\{DDB4EDFE-E59D-488A-A6B2-DE20766A3D66} => pcalua.exe -a C:\PROGRA~1\FREEHI~1\UNWISE.EXE -c C:\PROGRA~1\FREEHI~1\INSTALL.LOG
Task: {C9EF0F77-EB83-4422-B8C0-8D0B2A753F1E} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Josi => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation)
Task: {DF39B54F-F16D-416E-9D72-1CA38159DC11} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10] (Adobe Systems Incorporated)
Task: {EDA75C2B-A435-436D-9122-9497926B290D} - System32\Tasks\1-Klick-Wartung => C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe [2009-03-20] (TuneUp Software GmbH)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\1-Klick-Wartung.job => C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550289631-3001628655-2886833039-1000Core.job => C:\Users\Josi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550289631-3001628655-2886833039-1000UA.job => C:\Users\Josi\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-07-24 21:33 - 2012-07-24 21:33 - 00178816 _____ () C:\Program Files\M-net\Sicherheitspaket\FSPC\engine\0004\fsnrs2_eng.dll
2009-04-24 11:39 - 2009-04-24 11:39 - 00516096 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2009-08-25 04:54 - 2009-04-21 22:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2009-01-30 22:11 - 2009-01-30 22:11 - 00073728 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2009-03-07 14:15 - 2009-03-07 14:15 - 07005496 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2008-07-14 11:37 - 2008-07-14 11:37 - 00095544 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2009-06-09 11:13 - 2006-10-10 12:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 18:55 - 2006-12-01 18:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2009-08-25 04:55 - 2009-08-25 04:55 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-01-30 10:41 - 2009-01-30 10:41 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-08-25 04:55 - 2009-08-25 04:55 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-07-24 21:32 - 2012-07-24 21:32 - 00030888 _____ () C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\minifilter\hashlib_x86.dll
2012-07-24 21:24 - 2009-11-18 18:05 - 00217512 _____ () c:\program files\m-net\sicherheitspaket\daas2\daas2.dll
2012-07-24 21:24 - 2013-04-27 13:54 - 00213048 _____ () C:\Program Files\M-net\Sicherheitspaket\Spam Control\fsas.dll
2012-07-24 21:24 - 2009-11-18 18:06 - 00036864 _____ () C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\FSAVHRES.eng
2012-07-24 21:24 - 2009-11-18 18:06 - 00442792 _____ () C:\Program Files\M-net\Sicherheitspaket\FSGUI\about.dll
2012-07-24 21:24 - 2009-11-18 18:06 - 00090536 _____ () C:\Program Files\M-net\Sicherheitspaket\FSGUI\aboutres.dll
2012-07-24 21:24 - 2009-11-18 18:07 - 00086016 _____ () C:\Program Files\M-net\Sicherheitspaket\FSGUI\strres.eng
2012-07-24 21:24 - 2009-11-18 18:07 - 00553384 _____ () C:\Program Files\M-net\Sicherheitspaket\FSGUI\gres.dll
2012-07-24 21:24 - 2009-11-18 18:06 - 00045056 _____ () C:\Program Files\M-net\Sicherheitspaket\FSGUI\fsavures.eng
2012-07-24 21:24 - 2009-11-18 18:06 - 00143360 _____ () C:\Program Files\M-net\Sicherheitspaket\FSGUI\flyerres.eng
2012-07-24 21:24 - 2009-11-18 18:08 - 00001536 _____ () C:\Program Files\M-net\Sicherheitspaket\FSPC\fspcfsm.eng

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-550289631-3001628655-2886833039-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Josi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [TCP Query User{97833BE5-EBD8-4D6A-85BD-0E37709B676A}C:\program files\google\google earth\client\googleearth.exe] => (Block) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{048AD7B8-E9A2-405A-B9FB-39B5ECC0A7EB}C:\program files\google\google earth\client\googleearth.exe] => (Block) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [{91CBCA39-E7BE-4AFC-9799-014AD94C85F3}] => (Allow) F:\fsetup.exe
FirewallRules: [{BEBB1534-D584-4761-B00E-BBFEC2AC0F05}] => (Allow) F:\fsetup.exe
FirewallRules: [{69144BF9-C9FD-4DFC-8944-5A3D1B23B780}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C97C910C-4BD3-44FA-B81C-8192769B91B3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C1100173-CF10-4FA6-9A25-CC0B2C62262D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{FBE68E62-8283-4D1D-9E3F-62D6A9A49BCF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2015 09:44:13 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 3  2015-06-15  21:44:13+02:00  JOSI-NOTEBOOK  Josi-Notebook\Josi  F-Secure Anti-Virus
 Spyware detected: 
 Type: adware 
 Family:  
 Name: Gen:Variant.Adware.Kazy 
 Object: C:\ProgramData\c716fd70-872c-4aaa-a07f-e248365d7f56\plugins\4\Plugin.exe

Error: (06/15/2015 09:41:53 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 2  2015-06-15  21:41:53+02:00  JOSI-NOTEBOOK  Josi-Notebook\Josi  F-Secure Anti-Virus
 Spyware detected: 
 Type: adware 
 Family:  
 Name: Gen:Variant.Adware.Kazy 
 Object: C:\ProgramData\c716fd70-872c-4aaa-a07f-e248365d7f56\plugins\4\Plugin.exe

Error: (06/15/2015 09:37:54 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1  2015-06-15  21:37:53+02:00  JOSI-NOTEBOOK  Josi-Notebook\Josi  F-Secure Anti-Virus
 Spyware detected: 
 Type: adware 
 Family:  
 Name: Gen:Variant.Adware.Kazy 
 Object: C:\ProgramData\c716fd70-872c-4aaa-a07f-e248365d7f56\plugins\4\Plugin.exe

Error: (06/15/2015 09:36:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (06/15/2015 09:35:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2015 08:21:27 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1  2015-06-15  20:21:27+02:00  JOSI-NOTEBOOK  Josi-Notebook\Josi  F-Secure Anti-Virus
 Spyware detected: 
 Type: adware 
 Family:  
 Name: Gen:Variant.Adware.Kazy 
 Object: C:\ProgramData\c716fd70-872c-4aaa-a07f-e248365d7f56\plugins\4\Plugin.exe

Error: (06/15/2015 08:20:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (06/15/2015 08:18:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2015 10:34:59 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1  2015-06-14  22:34:59+02:00  JOSI-NOTEBOOK  Josi-Notebook\Josi  F-Secure Anti-Virus
 Spyware detected: 
 Type: adware 
 Family:  
 Name: Gen:Variant.Adware.Kazy 
 Object: C:\ProgramData\c716fd70-872c-4aaa-a07f-e248365d7f56\plugins\4\Plugin.exe

Error: (06/14/2015 10:33:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.


System errors:
=============

Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-06-15 22:18:12.349
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-15 22:18:12.162
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-15 22:18:11.943
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-15 22:18:11.803
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-15 22:18:11.616
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-15 22:18:11.491
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-15 22:18:11.350
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-15 22:18:11.226
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-15 22:18:05.298
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-15 22:18:05.173
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 53%
Total physical RAM: 3035.93 MB
Available physical RAM: 1398.23 MB
Total Pagefile: 6274.13 MB
Available Pagefile: 4520.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1868.55 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:186.31 GB) (Free:43.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:184.84 GB) (Free:170.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 372.6 GB) (Disk ID: 7878FC96)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=186.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=184.8 GB) - (Type=07 NTFS)

==================== End of log ============================

 

Themen zu Adware und Spyware gefunden von MNet Sicherheitstool
adware, antivir, avira, branding, browser, canon, desktop, excel, firefox, firefox 38.0.5, flash player, google, helper, home, homepage, mozilla, object, realtek, registry, rundll, scan, security, software, spyware, svchost.exe, system, werbung, windows


« Probleme mit Trojan.0Access auf Windows 7 | Neuer Laptop »


Ähnliche Themen: Adware und Spyware gefunden von MNet Sicherheitstool


  1. Virus ADWARE/InstallerCore,AgentCV,Adware gefunden
    Plagegeister aller Art und deren Bekämpfung - 21.02.2015 (11)
  2. Avira hat Maleware gefunden : ADWARE/Adware.Gen
    Log-Analyse und Auswertung - 09.02.2015 (9)
  3. Adware.Gen7 - Adware/Cherished.oia - Adware/InstallCore.Gen9 - TR/Trash.Gen bei Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.12.2014 (13)
  4. Adware/Adware.gen von Antivir gefunden - Forsetzung-Thread wegen Noscript und WOT
    Plagegeister aller Art und deren Bekämpfung - 26.10.2014 (16)
  5. Windows 7: ADWARE/CrossRider.Gen4, ADWARE/EoRezo.Gen4 und ADWARE/MPlug 6.14 durch AntiVir gefunden
    Log-Analyse und Auswertung - 22.10.2014 (4)
  6. Trojaner gefunden TR/Dldr.Agent.314440 und verschiedene Adwares ADWARE/EoRezo.AF, ADWARE/Adware.Gen7, ADWARE/AgentCV.A.2919
    Log-Analyse und Auswertung - 02.05.2014 (19)
  7. ADWARE/Adware.Gen2 8x gefunden: Schadsoftware? Dann ständig Farbfehler usw.
    Plagegeister aller Art und deren Bekämpfung - 08.02.2014 (7)
  8. ADWARE/Adware.Gen7 gefunden Was soll ich machen?
    Plagegeister aller Art und deren Bekämpfung - 02.06.2013 (20)
  9. ADWARE/InstallCore.Gen, ADWARE/Yontoo.Gen und ADWARE/InstallCore.E von AVIRA gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (10)
  10. ADWARE/Adware.Gen2 in C:\$Recycle.Bin\S-1-5-21-3001668521-1564884368-437330382-1001\$RJPCQB1.exe gefunden
    Plagegeister aller Art und deren Bekämpfung - 06.04.2013 (15)
  11. Googles Android-Sicherheitstool mit Trojaner infiziert
    Nachrichten - 10.03.2011 (0)
  12. Sicherheitstool entfernen
    Plagegeister aller Art und deren Bekämpfung - 22.11.2010 (5)
  13. 9 Viren gefunden (Trojaner,Spyware,Adware) - Kriege sie nicht weg!
    Plagegeister aller Art und deren Bekämpfung - 24.03.2008 (9)
  14. Benötige Hilfe - Adware und Elemente von Spyware wurden gefunden
    Plagegeister aller Art und deren Bekämpfung - 18.08.2007 (2)
  15. Fund:savenow adware+ ezula Spyware/adware
    Log-Analyse und Auswertung - 17.05.2007 (1)
  16. 180Solutions Spyware/, VX2 Spyware/Adware, VB and VBA Program Settings Spyware/Adware
    Log-Analyse und Auswertung - 12.07.2006 (10)
  17. escan: 2 mal spyware/adware gefunden
    Plagegeister aller Art und deren Bekämpfung - 04.11.2005 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Adware und Spyware gefunden von MNet Sicherheitstool - Guten Abend, seit einigen Wochen verhält sich dieser Rechner sehr suspekt. Heute kam dann der Höhepunkt: Datensicherung ging nicht, CDs ließen sich nicht mehr lesen, USB-Sticks wurden nicht erkannt... Windows - Adware und Spyware gefunden von MNet Sicherheitstool...
Archiv
Du betrachtest: Adware und Spyware gefunden von MNet Sicherheitstool auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19