![]() |
|
Log-Analyse und Auswertung: spam wird geschickt, entweder von mir oder vom smart phone oder router, jjstejjer(a)hotmail.comWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() spam wird geschickt, entweder von mir oder vom smart phone oder router, jjstejjer(a)hotmail.com Hallo, ein Provider schaltet ab und zu den Anschluss ab, da Spam ausgeht, mit der im Betreff genannten email-adresse. Da nur ein Computer, ein Smartphone oder der Router (TP Link) überhaupt eingeschaltet sind, kann es nur eines dieser drei Komponenten sein. Beim Telefon ist ein Virenscanner drauf und beim Router weiss ich gar nicht wie das geht. Daher fangen wir mal mit dem Computer an: hier die gewünschten Files: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016 Ran by win_8 (administrator) on WIN8 (17-02-2016 23:16:02) Running from C:\Users\win_8\Downloads Loaded Profiles: win_8 (Available Profiles: win_8) Platform: Windows 8 (X64) Language: Svenska (Sverige) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (VMLite, Inc.) C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Microsoft Corporation) C:\Users\win_8\Desktop\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\splwow64.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] () HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] () HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation) HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.) HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation) HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-02] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [UVS10 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-10] (Ulead Systems, Inc.) HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313656 2013-10-16] (Hewlett-Packard Company) HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-05] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952376 2015-12-22] (Dropbox, Inc.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1609830323-765120689-1541722825-1001\...\MountPoints2: {0ac73d10-de8d-11e2-be87-7c05077950e8} - "E:\WD SmartWare.exe" autoplay=true ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-10-12] ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{A9471BA8-D654-4208-A824-D1488EE72EC2}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1609830323-765120689-1541722825-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1609830323-765120689-1541722825-1001 -> {C959D6CA-DD06-4623-BC24-B1A330093942} URL = Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-26] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-26] () FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.1.0.18 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [No File] FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.2.5.1 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [No File] FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.4.0.22 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [No File] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-03] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-03] (Oracle Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.) FF Extension: 1-Click YouTube Video Downloader - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-05-30] FF Extension: NoScript - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-02-12] FF Extension: Video DownloadHelper - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-01] FF Extension: Adblock Plus - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-02] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-02] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-02] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-02] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [249120 2016-01-05] (Avira Operations GmbH & Co. KG) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-03] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-03] (Dropbox, Inc.) R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed] S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2013-08-22] (HP) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor) R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [120392 2015-11-17] (Toshiba Europe GmbH) R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-29] (Ulead Systems, Inc.) [File not signed] R2 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-02] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-02] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-02] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-02] (Avira Operations GmbH & Co. KG) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation) S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2014-03-17] (Focusrite Audio Engineering Limited.) S3 MUSONIK_PHASE_X64_USB; C:\Windows\System32\Drivers\msnkphsu.sys [460352 2009-11-13] (Ploytec GmbH) S3 MUSONIK_PHASE_X64_WDM; C:\Windows\system32\drivers\msnkphsa.sys [49216 2009-11-13] (Ploytec GmbH) R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation ) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated) S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1816968 2010-04-16] (Syntek) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider) R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.) R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.) R3 VBoxNetFlt; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.) R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.) R3 vmlitestor; C:\Windows\system32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.) R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-01-31] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [275712 2015-01-31] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-17 23:16 - 2016-02-17 23:16 - 00021778 _____ C:\Users\win_8\Downloads\FRST.txt 2016-02-17 23:14 - 2016-02-17 23:14 - 02371072 _____ (Farbar) C:\Users\win_8\Downloads\FRST64.exe 2016-02-12 17:59 - 2016-02-15 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-02-07 15:20 - 2016-02-07 15:20 - 00011264 _____ C:\Users\win_8\Downloads\export.xls 2016-02-06 23:47 - 2016-02-06 23:47 - 09460656 _____ C:\Users\win_8\Downloads\Bakgrundermp3.zip 2016-02-03 20:09 - 2016-02-03 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-02-03 18:25 - 2016-02-03 18:25 - 00000000 ____D C:\Users\win_8\AppData\Roaming\Dropbox 2016-02-03 18:23 - 2016-02-17 22:28 - 00001222 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-02-03 18:23 - 2016-02-17 18:28 - 00001218 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-02-03 18:23 - 2016-02-03 20:09 - 00000000 ____D C:\Users\win_8\AppData\Local\Dropbox 2016-02-03 18:23 - 2016-02-03 20:09 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-02-03 18:23 - 2016-02-03 18:23 - 00690072 _____ (Dropbox, Inc.) C:\Users\win_8\Downloads\DropboxInstaller.exe 2016-02-03 18:23 - 2016-02-03 18:23 - 00004194 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineUA 2016-02-03 18:23 - 2016-02-03 18:23 - 00003958 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineCore 2016-02-03 18:23 - 2016-02-03 18:23 - 00000000 ____D C:\ProgramData\Dropbox 2016-02-03 18:14 - 2016-01-12 23:45 - 2648580096 _____ C:\Users\win_8\Desktop\000.ts 2016-02-01 20:03 - 2016-02-01 20:05 - 00083884 _____ C:\Users\win_8\Downloads\Uppgift 2 MV702(1).pdf 2016-01-30 18:35 - 2016-01-30 18:35 - 00083884 _____ C:\Users\win_8\Downloads\Uppgift 2 MV702.pdf 2016-01-29 15:49 - 2016-01-29 15:50 - 00151517 _____ C:\Users\win_8\Downloads\Kursplan_CourseSyllabus_1MU702(2).pdf 2016-01-29 15:48 - 2016-01-29 15:49 - 00076483 _____ C:\Users\win_8\Downloads\Studiehandledning 1MV702 vt 16.pdf 2016-01-29 15:41 - 2016-01-29 15:41 - 00086757 _____ C:\Users\win_8\Downloads\Uppgift 1. 1MV702. Vt 16.pdf 2016-01-20 22:16 - 2016-01-20 22:17 - 00004246 _____ C:\Users\win_8\Downloads\newocr.com-20160120211646.txt 2016-01-20 22:14 - 2016-01-20 22:14 - 00354251 _____ C:\Users\win_8\Downloads\2307_001.pdf 2016-01-20 20:44 - 2016-01-20 20:44 - 00000000 ____D C:\Users\win_8\Desktop\norrala_astro 2016-01-19 20:31 - 2016-01-19 20:31 - 35880416 _____ C:\Users\win_8\Downloads\BankID_installation_7_1_0.exe 2016-01-19 20:25 - 2016-01-19 20:25 - 00001868 _____ C:\Users\Public\Desktop\BankID säkerhetsprogram.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-17 23:16 - 2015-03-09 19:40 - 00000000 ____D C:\FRST 2016-02-17 22:52 - 2012-07-26 08:59 - 00000000 ____D C:\windows\CbsTemp 2016-02-15 21:10 - 2013-07-15 09:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-02-15 21:07 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT 2016-02-15 21:00 - 2013-08-12 17:52 - 00000000 ____D C:\Users\win_8\AppData\Local\ElevatedDiagnostics 2016-02-14 13:13 - 2013-09-10 17:06 - 00000000 ____D C:\audio 2016-02-14 11:34 - 2012-08-02 01:02 - 00712522 _____ C:\windows\system32\perfh01D.dat 2016-02-14 11:34 - 2012-08-02 01:02 - 00148908 _____ C:\windows\system32\perfc01D.dat 2016-02-14 11:34 - 2012-08-02 00:55 - 00440762 _____ C:\windows\system32\perfh014.dat 2016-02-14 11:34 - 2012-08-02 00:55 - 00076914 _____ C:\windows\system32\perfc014.dat 2016-02-14 11:34 - 2012-08-02 00:48 - 00426314 _____ C:\windows\system32\perfh00B.dat 2016-02-14 11:34 - 2012-08-02 00:48 - 00081450 _____ C:\windows\system32\perfc00B.dat 2016-02-14 11:34 - 2012-08-02 00:41 - 00455676 _____ C:\windows\system32\perfh006.dat 2016-02-14 11:34 - 2012-08-02 00:41 - 00079422 _____ C:\windows\system32\perfc006.dat 2016-02-14 11:34 - 2012-07-26 08:28 - 03259898 _____ C:\windows\system32\PerfStringBackup.INI 2016-02-14 11:34 - 2012-07-26 06:37 - 00000000 ____D C:\windows\Inf 2016-02-13 04:31 - 2013-07-01 08:32 - 00000000 ___RD C:\download 2016-02-12 18:37 - 2015-02-14 09:54 - 00000000 ____D C:\Users\win_8\.mediathek3 2016-02-11 20:19 - 2013-06-26 18:28 - 00000000 ____D C:\Users\win_8\AppData\Roaming\vlc 2016-02-10 11:13 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent 2016-02-10 11:12 - 2012-07-26 09:12 - 00000000 ___HD C:\Program Files\WindowsApps 2016-02-07 22:31 - 2015-04-30 18:40 - 00062464 _____ C:\Users\win_8\Documents\ulrike_buchfuerung.xls 2016-02-07 20:12 - 2015-03-20 23:00 - 00000000 ____D C:\Users\win_8\REW 2016-02-07 20:12 - 2015-03-20 22:58 - 00000000 ___HD C:\jexepackres 2016-02-07 20:10 - 2014-07-20 11:57 - 00000000 ____D C:\svtplay_download 2016-02-05 00:30 - 2015-09-05 02:12 - 00001149 _____ C:\Users\Public\Desktop\Avira Launcher.lnk 2016-02-05 00:30 - 2015-07-02 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-02-05 00:30 - 2015-02-05 18:04 - 00000000 ____D C:\ProgramData\Package Cache 2016-01-31 00:30 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI 2016-01-23 01:04 - 2014-05-26 21:36 - 00000000 ____D C:\Users\win_8\Desktop\platzt 2016-01-19 20:26 - 2014-11-02 19:26 - 00000000 ____D C:\Program Files (x86)\BankID 2016-01-19 20:25 - 2014-11-02 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BankID säkerhetsprogram ==================== Files in the root of some directories ======= 2013-06-26 18:27 - 2013-06-26 18:27 - 0000027 _____ () C:\Program Files\plugins.dat Some files in TEMP: ==================== C:\Users\win_8\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-02-13 03:20 ==================== End of FRST.txt ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-02-2016 Ran by win_8 (2016-02-17 23:17:11) Running from C:\Users\win_8\Downloads Windows 8 (X64) (2013-06-24 16:23:21) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administratör (S-1-5-21-1609830323-765120689-1541722825-500 - Administrator - Disabled) Gäst (S-1-5-21-1609830323-765120689-1541722825-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1609830323-765120689-1541722825-1003 - Limited - Enabled) win_8 (S-1-5-21-1609830323-765120689-1541722825-1001 - Administrator - Enabled) => C:\Users\win_8 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated) Adobe Reader XI (11.0.04) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated) Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{ccdc9cfe-8ba7-4c6c-ac5f-b2d6cfa49efc}) (Version: 1.1.54.24924 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.54.24924 - Avira Operations GmbH & Co. KG) Hidden BankID säkerhetsprogram (HKLM-x32\...\{1BDBF557-BA87-438F-9B28-AE4D836E35BA}) (Version: 7.1.0.20 - Finansiell ID-Teknik BID AB) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION) Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.0.1 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Compatibility Pack för Office 2007-systemet (HKLM-x32\...\{90120000-0020-041D-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.6 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden DVBT Driver (x32 Version: 1.1.3.1 - ) Hidden Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden HP Color LaserJet Pro MFP M476 (HKLM-x32\...\{4b849805-3b07-4b35-874a-705c0d103672}) (Version: 10.0.13302.320 - Hewlett-Packard) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPCLJProMFPM476 (HKLM-x32\...\{C44C593D-3009-4D03-910E-243050C5E193}) (Version: 0.05.0000 - Hewlett-Packard) HPDXP (x32 Version: 3.0.26.15 - HP) Hidden HPLJDXPHelper (x32 Version: 060.048.005 - HP) Hidden HPLJUTCore (x32 Version: 008.000.0001 - HP) Hidden HPLJUTM476 (x32 Version: 010.000.0001 - HP) Hidden hppLaserJetService (x32 Version: 009.033.00906 - Hewlett-Packard) Hidden hppM476LaserJetService (x32 Version: 001.034.00634 - Hewlett-Packard) Hidden hpStatusAlerts (x32 Version: 100.040.00198 - Hewlett Packard) Hidden hpStatusAlertsM476 (x32 Version: 100.046.00121 - Hewlett-Packard) Hidden Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41663) (Version: 3.8.0.41663.61 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle) Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden LJDXPHelperUI (x32 Version: 060.048.005 - HP) Hidden Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden Microsoft Office 2000 Premium (HKLM-x32\...\{0000041D-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation) Microsoft RichCopy 4.0 (HKLM-x32\...\{86F4F32B-77C7-4951-B33C-05D41A8190C1}) (Version: 4.0.211 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Mozilla Firefox 44.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla) NetBeans IDE 7.4 (HKLM\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org) Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden PHASE X64 USB (HKLM\...\USB_AUDIO_DEusb-audio.dePhaseX64USB) (Version: - ) Pirateplayer (HKLM-x32\...\Pirateplayer) (Version: - ) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Premium Sound HD (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.6000 - DTS, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.) Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.) Room EQ Wizard V5 (HKLM-x32\...\RoomEQWizardV5) (Version: - John Mulcahy) SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.) Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH) Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH) Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH) Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH) Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH) Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH) Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated) TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6410 - Toshiba Corporation) TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA) TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.973 - Toshiba Corporation) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation) TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation) Toshiba TEMPRO (HKLM-x32\...\{E4C7D9D7-19D4-4623-AF0C-EA313C466411}) (Version: 5.0.0 - Toshiba Europe GmbH) Ulead VideoStudio SE DVD (HKLM-x32\...\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}) (Version: 10.0 - Ulead Systems) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden USB2.0 Grabber (HKLM-x32\...\{45518B6D-9DDF-4144-83E4-A56762524F35}) (Version: 7.12.000.002 - Youyan) USB2.0 Grabber (HKLM-x32\...\USB2.0 Grabber) (Version: - ) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden Visual Analyser 2011 (HKLM-x32\...\{BE2F9F39-9512-4DFD-A412-0355A2FE66D3}) (Version: 14.0.0.19 - Alfredo Accattatis) VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN) VMLite Workstation (HKLM\...\{197F2BEF-2705-406E-8CEB-8E404FFFE414}) (Version: 3.2.6 - VMLite) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent) WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden Windows-drivrutinspaket - Focusrite USB 2.0 Audio Driver (03/17/2014 2.5.128.1) (HKLM\...\D86E353566ECB4A7ADA159C02FE46D0BACC4FA6B) (Version: 03/17/2014 2.5.128.1 - Focusrite) Windows-drivrutinspaket - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00D33521-7874-4CD6-8BB2-863C2C00EA3B} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe Task: {0142B33C-E60B-4208-BE1B-BBE7F82EA304} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2013-04-16] (Hewlett Packard) Task: {09928DDE-9D84-4891-93C7-0676062C66CC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {13F34040-20F2-4AA3-B808-7F7EED36A5F4} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2015-11-17] (Toshiba Europe GmbH) Task: {3A549A00-7E23-47A4-907E-E9A5CEA74912} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-03] (Dropbox, Inc.) Task: {6EAB019B-FFF9-4F3B-9061-53FC2DC5D1C4} - System32\Tasks\{128FE2DB-52E4-4D16-BA42-5F04D72A0C62} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsProgressBar Task: {74118A71-CC1D-4C3B-888A-52D20702266F} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation) Task: {7E2AB53E-B992-4373-8C7E-4662A968BEE1} - System32\Tasks\{E064D739-1F93-4F82-983F-2AF2EA6353CE} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsBing Task: {BB829643-4E94-4DC8-B9CC-EB19809E272D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-03] (Dropbox, Inc.) Task: {EB5ED57C-B450-4E90-B0C5-A5FDC3306643} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe Task: {EF1EAFEE-95F9-4987-ABA9-2460BF88F59B} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation) Task: {F59F3CDE-905A-4317-8C70-BAC604AAF49C} - System32\Tasks\{7BE2C727-B857-4282-A9DE-8763EC92488D} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsProgressBar (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2011-10-13 13:38 - 2011-10-13 13:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe 2010-08-11 13:18 - 2010-08-11 13:18 - 00202344 _____ () C:\Program Files\VMLite\VMLite Workstation\VBoxDDU.dll 2010-08-11 13:18 - 2010-08-11 13:18 - 02725480 _____ () C:\Program Files\VMLite\VMLite Workstation\VBoxRT.dll 2009-03-26 21:03 - 2009-03-26 21:03 - 01289728 _____ () C:\Program Files\VMLite\VMLite Workstation\LIBEAY32.dll 2012-10-26 00:24 - 2012-10-24 06:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-07-25 21:44 - 2012-07-25 21:35 - 00129024 _____ () C:\windows\system32\WinMetadata\Windows.UI.winmd 2012-07-25 21:44 - 2012-07-25 21:35 - 00036864 _____ () C:\windows\system32\WinMetadata\Windows.Data.winmd 2012-07-25 21:44 - 2012-07-25 21:35 - 00022016 _____ () C:\windows\system32\WinMetadata\Windows.Foundation.winmd 2016-02-03 20:08 - 2015-12-21 20:42 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2016-02-03 20:08 - 2015-12-21 20:42 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2016-02-03 20:08 - 2015-12-22 01:22 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 01734984 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2016-02-03 20:08 - 2015-12-21 20:42 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2016-02-03 20:08 - 2015-12-22 01:22 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2016-02-03 20:08 - 2015-12-21 20:42 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2016-02-03 20:08 - 2015-12-22 01:22 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2013-05-03 22:20 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk" HKLM\...\StartupApproved\Run: => "TecoResident" HKLM\...\StartupApproved\Run32: => "Intel AppUp(R) center" HKLM\...\StartupApproved\Run32: => "TCrdMain" HKLM\...\StartupApproved\Run32: => "TODDMain" HKLM\...\StartupApproved\Run32: => "TosWaitSrv" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{07E6D6A7-E7EF-4A4F-91A2-25057ED1E21F}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe FirewallRules: [{7592F679-6BF6-4429-AE9D-FD49B0DAF795}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{BBA0E0ED-E678-440F-875A-C9D4F54BF3E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{19A13C35-388E-4E86-9420-02D685842016}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{994898F5-8155-49AE-9555-B065D0B42A44}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{CDC05EA5-8141-47CF-ADD5-A769C40A9DF5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{3684E08F-B4A3-44B7-9226-D72307472873}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M476\bin\SendAFax.exe FirewallRules: [{F46CC2C9-0066-48EC-90C1-64AD85EE8141}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M476\bin\FaxPrinterUtility.exe FirewallRules: [{022DC4B5-DC90-43F1-A200-76DD32B994F4}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M476\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{80FA8050-5DF8-4D12-8D7A-C14B43CB0171}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{7679322D-DD23-4374-9F98-D70FFC59AABE}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\bin\DigitalWizards.exe FirewallRules: [{153558CE-EC42-4B7D-BC23-45BFE5425F7A}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\bin\FaxApplications.exe FirewallRules: [{F42992A9-7B31-4780-8AB8-9B92E21702E3}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\bin\EWSProxy.exe FirewallRules: [{6EE64FE9-1B06-4975-8817-B815CDEB30F6}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\4b849805-3b07-4b35-874a-705c0d103672\Installer\hpbcsiInstaller.exe FirewallRules: [{D781D8C9-48F6-4CFC-ABA1-2E3026C388E7}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\4b849805-3b07-4b35-874a-705c0d103672\Installer\hpbcsiInstaller.exe FirewallRules: [{5F3E864D-1096-4281-8EF3-82A5E024534F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{97E72214-DBB9-4C55-86A8-A90C9F3E2532}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F9115E09-425D-4CEE-A831-73B0D2FD5865}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Restore Points ========================= 06-02-2016 04:54:38 Schemalagd kontrollpunkt 09-02-2016 08:52:38 Windows Update 12-02-2016 16:53:26 Windows Update 15-02-2016 17:33:14 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/15/2016 09:23:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Felet uppstod i programmet med namn: TCrdMain_Win8.exe, version 2.0.7.64, tidsstämpel 0x5091827a , felet uppstod i modulen med namn: SynCOM.dll_unloaded, version 0.0.0.0, tidsstämpel 0x50b86421 Undantagskod: 0xc0000005 Felförskjutning: 0x000000001001f368 Process-ID: 0xde0 Programmets starttid: 0xTCrdMain_Win8.exe0 Sökväg till program: TCrdMain_Win8.exe1 Sökväg till modul: TCrdMain_Win8.exe2 Rapport-ID: TCrdMain_Win8.exe3 Fullständigt namn på felaktigt paket: TCrdMain_Win8.exe4 Program-ID relativt till felaktigt paket: TCrdMain_Win8.exe5 Error: (02/06/2016 04:43:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Felet uppstod i programmet med namn: plugin-container.exe, version 43.0.4.5848, tidsstämpel 0x568c88bd , felet uppstod i modulen med namn: mozglue.dll, version 43.0.4.5848, tidsstämpel 0x568c7b16 Undantagskod: 0x80000003 Felförskjutning: 0x0000ed44 Process-ID: 0x8f0 Programmets starttid: 0xplugin-container.exe0 Sökväg till program: plugin-container.exe1 Sökväg till modul: plugin-container.exe2 Rapport-ID: plugin-container.exe3 Fullständigt namn på felaktigt paket: plugin-container.exe4 Program-ID relativt till felaktigt paket: plugin-container.exe5 Error: (01/26/2016 05:52:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Felet uppstod i programmet med namn: TCrdMain_Win8.exe, version 2.0.7.64, tidsstämpel 0x5091827a , felet uppstod i modulen med namn: SynCOM.dll_unloaded, version 0.0.0.0, tidsstämpel 0x50b86421 Undantagskod: 0xc0000005 Felförskjutning: 0x000000001001f368 Process-ID: 0xef8 Programmets starttid: 0xTCrdMain_Win8.exe0 Sökväg till program: TCrdMain_Win8.exe1 Sökväg till modul: TCrdMain_Win8.exe2 Rapport-ID: TCrdMain_Win8.exe3 Fullständigt namn på felaktigt paket: TCrdMain_Win8.exe4 Program-ID relativt till felaktigt paket: TCrdMain_Win8.exe5 Error: (01/20/2016 10:31:10 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Det gick inte att skapa aktiveringskontext för C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest1. Det finns ett fel i manifest- eller principfilen C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest2 på rad C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest3. En komponentversion som krävs av programmet står i konflikt med en annan komponentversion som redan är aktiv. Följande komponenter orsakar konflikten: Komponent 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest. Komponent 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_8935f06086091acc.manifest. Error: (01/20/2016 10:10:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Felet uppstod i programmet med namn: TCrdMain_Win8.exe, version 2.0.7.64, tidsstämpel 0x5091827a , felet uppstod i modulen med namn: SynCOM.dll_unloaded, version 0.0.0.0, tidsstämpel 0x50b86421 Undantagskod: 0xc0000005 Felförskjutning: 0x000000001001f368 Process-ID: 0xff4 Programmets starttid: 0xTCrdMain_Win8.exe0 Sökväg till program: TCrdMain_Win8.exe1 Sökväg till modul: TCrdMain_Win8.exe2 Rapport-ID: TCrdMain_Win8.exe3 Fullständigt namn på felaktigt paket: TCrdMain_Win8.exe4 Program-ID relativt till felaktigt paket: TCrdMain_Win8.exe5 Error: (01/15/2016 05:11:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Felet uppstod i programmet med namn: TCrdMain_Win8.exe, version 2.0.7.64, tidsstämpel 0x5091827a , felet uppstod i modulen med namn: SynCOM.dll_unloaded, version 0.0.0.0, tidsstämpel 0x50b86421 Undantagskod: 0xc0000005 Felförskjutning: 0x000000001001f368 Process-ID: 0xa0c Programmets starttid: 0xTCrdMain_Win8.exe0 Sökväg till program: TCrdMain_Win8.exe1 Sökväg till modul: TCrdMain_Win8.exe2 Rapport-ID: TCrdMain_Win8.exe3 Fullständigt namn på felaktigt paket: TCrdMain_Win8.exe4 Program-ID relativt till felaktigt paket: TCrdMain_Win8.exe5 Error: (01/13/2016 05:56:27 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Felet uppstod i programmet med namn: DiagTrackRunner.exe, version 10.0.10041.0, tidsstämpel 0x5503b990 , felet uppstod i modulen med namn: diagtrack.dll, version 10.0.10033.0, tidsstämpel 0x54f65c93 Undantagskod: 0xc0000005 Felförskjutning: 0x0000000000031388 Process-ID: 0x13214 Programmets starttid: 0xDiagTrackRunner.exe0 Sökväg till program: DiagTrackRunner.exe1 Sökväg till modul: DiagTrackRunner.exe2 Rapport-ID: DiagTrackRunner.exe3 Fullständigt namn på felaktigt paket: DiagTrackRunner.exe4 Program-ID relativt till felaktigt paket: DiagTrackRunner.exe5 Error: (01/11/2016 08:23:10 PM) (Source: VSS) (EventID: 12344) (User: ) Description: Volume Shadow Copy-fel: Felet 0x00000000c000014d påträffades medan Registry Writer förberedde registret för en skuggkopia. Kontrollera i loggböckerna Program och System om det finns några relaterade fel. Åtgärd: Händelsen OnFreeze Händelsen Freeze Kontext: Körningskontext: Registry Writer Körningskontext: Writer Skrivarklass-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485} Skrivarnamn: Registry Writer Skrivarinstans-ID: {ce0fee1f-131f-4924-a9db-60ed88a92cc4} Error: (01/02/2016 03:34:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Felet uppstod i programmet med namn: plugin-container.exe, version 43.0.1.5828, tidsstämpel 0x56723a12 , felet uppstod i modulen med namn: mozglue.dll, version 43.0.1.5828, tidsstämpel 0x56722c0b Undantagskod: 0x80000003 Felförskjutning: 0x0000ed63 Process-ID: 0x12a4 Programmets starttid: 0xplugin-container.exe0 Sökväg till program: plugin-container.exe1 Sökväg till modul: plugin-container.exe2 Rapport-ID: plugin-container.exe3 Fullständigt namn på felaktigt paket: plugin-container.exe4 Program-ID relativt till felaktigt paket: plugin-container.exe5 Error: (01/02/2016 03:22:30 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Felet uppstod i programmet med namn: spoolsv.exe, version 6.2.9200.16384, tidsstämpel 0x501080ef , felet uppstod i modulen med namn: unknown, version 0.0.0.0, tidsstämpel 0x00000000 Undantagskod: 0xc0000005 Felförskjutning: 0x00000000013f6420 Process-ID: 0x5f4 Programmets starttid: 0xspoolsv.exe0 Sökväg till program: spoolsv.exe1 Sökväg till modul: spoolsv.exe2 Rapport-ID: spoolsv.exe3 Fullständigt namn på felaktigt paket: spoolsv.exe4 Program-ID relativt till felaktigt paket: spoolsv.exe5 System errors: ============= Error: (02/16/2016 04:59:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten Dnscache. Error: (02/16/2016 04:59:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten Dnscache. Error: (02/16/2016 04:58:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten LanmanWorkstation. Error: (02/16/2016 04:58:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten NlaSvc. Error: (02/15/2016 09:07:05 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Den senaste avstängningen av datorn vid 21:06:11 den 15.02.2016 skedde oväntat. Error: (02/14/2016 03:33:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten NlaSvc. Error: (02/11/2016 05:19:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten NlaSvc. Error: (02/10/2016 07:43:50 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Den senaste avstängningen av datorn vid 11:07:19 den 10.02.2016 skedde oväntat. Error: (02/04/2016 07:59:58 PM) (Source: DCOM) (EventID: 10010) (User: NT instans) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (02/04/2016 07:59:51 PM) (Source: DCOM) (EventID: 10010) (User: NT instans) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU 1000M @ 1.80GHz Percentage of memory in use: 55% Total physical RAM: 3979.21 MB Available physical RAM: 1784.87 MB Total Virtual: 6667.21 MB Available Virtual: 3883.65 MB ==================== Drives ================================ Drive c: (TI31061100A) (Fixed) (Total:286.29 GB) (Free:43.78 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ |
Themen zu spam wird geschickt, entweder von mir oder vom smart phone oder router, jjstejjer(a)hotmail.com |
adware, antivir, antivirus, avira, browser, computer, cpu, cubase, desktop, device driver, dnsapi.dll, downloader, email-client, excel, firefox, flash player, installation, mozilla, proxy, realtek, registry, router, scan, security, smartphone, software, spam, svchost.exe, system, udp, windows |