spam wird geschickt, entweder von mir oder vom smart phone oder router, jjstejjer(a)hotmail.com

tom_sverige · 17.02.2016, 23:35

Hallo,

ein Provider schaltet ab und zu den Anschluss ab, da Spam ausgeht, mit der im Betreff genannten email-adresse. Da nur ein Computer, ein Smartphone oder der Router (TP Link) überhaupt eingeschaltet sind, kann es nur eines dieser drei Komponenten sein. Beim Telefon ist ein Virenscanner drauf und beim Router weiss ich gar nicht wie das geht. Daher fangen wir mal mit dem Computer an:

hier die gewünschten Files:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
Ran by win_8 (administrator) on WIN8 (17-02-2016 23:16:02)
Running from C:\Users\win_8\Downloads
Loaded Profiles: win_8 (Available Profiles: win_8)
Platform: Windows 8 (X64) Language: Svenska (Sverige)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(VMLite, Inc.) C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Users\win_8\Desktop\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] ()
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UVS10 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-10] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313656 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952376 2015-12-22] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1609830323-765120689-1541722825-1001\...\MountPoints2: {0ac73d10-de8d-11e2-be87-7c05077950e8} - "E:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-10-12]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A9471BA8-D654-4208-A824-D1488EE72EC2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1609830323-765120689-1541722825-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1609830323-765120689-1541722825-1001 -> {C959D6CA-DD06-4623-BC24-B1A330093942} URL = 
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-26] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-26] ()
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.1.0.18 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [No File]
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.2.5.1 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [No File]
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.4.0.22 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-03] (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
FF Extension: 1-Click YouTube Video Downloader - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-05-30]
FF Extension: NoScript - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-02-12]
FF Extension: Video DownloadHelper - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-01]
FF Extension: Adblock Plus - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-02] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [249120 2016-01-05] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-03] (Dropbox, Inc.)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2013-08-22] (HP) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [120392 2015-11-17] (Toshiba Europe GmbH)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-29] (Ulead Systems, Inc.) [File not signed]
R2 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-02] (Avira Operations GmbH & Co. KG)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2014-03-17] (Focusrite Audio Engineering Limited.)
S3 MUSONIK_PHASE_X64_USB; C:\Windows\System32\Drivers\msnkphsu.sys [460352 2009-11-13] (Ploytec GmbH)
S3 MUSONIK_PHASE_X64_WDM; C:\Windows\system32\drivers\msnkphsa.sys [49216 2009-11-13] (Ploytec GmbH)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1816968 2010-04-16] (Syntek)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.)
R3 VBoxNetFlt; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.)
R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
R3 vmlitestor; C:\Windows\system32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-01-31] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [275712 2015-01-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-17 23:16 - 2016-02-17 23:16 - 00021778 _____ C:\Users\win_8\Downloads\FRST.txt
2016-02-17 23:14 - 2016-02-17 23:14 - 02371072 _____ (Farbar) C:\Users\win_8\Downloads\FRST64.exe
2016-02-12 17:59 - 2016-02-15 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-07 15:20 - 2016-02-07 15:20 - 00011264 _____ C:\Users\win_8\Downloads\export.xls
2016-02-06 23:47 - 2016-02-06 23:47 - 09460656 _____ C:\Users\win_8\Downloads\Bakgrundermp3.zip
2016-02-03 20:09 - 2016-02-03 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-03 18:25 - 2016-02-03 18:25 - 00000000 ____D C:\Users\win_8\AppData\Roaming\Dropbox
2016-02-03 18:23 - 2016-02-17 22:28 - 00001222 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-02-03 18:23 - 2016-02-17 18:28 - 00001218 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-02-03 18:23 - 2016-02-03 20:09 - 00000000 ____D C:\Users\win_8\AppData\Local\Dropbox
2016-02-03 18:23 - 2016-02-03 20:09 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-02-03 18:23 - 2016-02-03 18:23 - 00690072 _____ (Dropbox, Inc.) C:\Users\win_8\Downloads\DropboxInstaller.exe
2016-02-03 18:23 - 2016-02-03 18:23 - 00004194 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-02-03 18:23 - 2016-02-03 18:23 - 00003958 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-02-03 18:23 - 2016-02-03 18:23 - 00000000 ____D C:\ProgramData\Dropbox
2016-02-03 18:14 - 2016-01-12 23:45 - 2648580096 _____ C:\Users\win_8\Desktop\000.ts
2016-02-01 20:03 - 2016-02-01 20:05 - 00083884 _____ C:\Users\win_8\Downloads\Uppgift 2 MV702(1).pdf
2016-01-30 18:35 - 2016-01-30 18:35 - 00083884 _____ C:\Users\win_8\Downloads\Uppgift 2 MV702.pdf
2016-01-29 15:49 - 2016-01-29 15:50 - 00151517 _____ C:\Users\win_8\Downloads\Kursplan_CourseSyllabus_1MU702(2).pdf
2016-01-29 15:48 - 2016-01-29 15:49 - 00076483 _____ C:\Users\win_8\Downloads\Studiehandledning 1MV702 vt 16.pdf
2016-01-29 15:41 - 2016-01-29 15:41 - 00086757 _____ C:\Users\win_8\Downloads\Uppgift 1. 1MV702. Vt 16.pdf
2016-01-20 22:16 - 2016-01-20 22:17 - 00004246 _____ C:\Users\win_8\Downloads\newocr.com-20160120211646.txt
2016-01-20 22:14 - 2016-01-20 22:14 - 00354251 _____ C:\Users\win_8\Downloads\2307_001.pdf
2016-01-20 20:44 - 2016-01-20 20:44 - 00000000 ____D C:\Users\win_8\Desktop\norrala_astro
2016-01-19 20:31 - 2016-01-19 20:31 - 35880416 _____ C:\Users\win_8\Downloads\BankID_installation_7_1_0.exe
2016-01-19 20:25 - 2016-01-19 20:25 - 00001868 _____ C:\Users\Public\Desktop\BankID säkerhetsprogram.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-17 23:16 - 2015-03-09 19:40 - 00000000 ____D C:\FRST
2016-02-17 22:52 - 2012-07-26 08:59 - 00000000 ____D C:\windows\CbsTemp
2016-02-15 21:10 - 2013-07-15 09:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-15 21:07 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-15 21:00 - 2013-08-12 17:52 - 00000000 ____D C:\Users\win_8\AppData\Local\ElevatedDiagnostics
2016-02-14 13:13 - 2013-09-10 17:06 - 00000000 ____D C:\audio
2016-02-14 11:34 - 2012-08-02 01:02 - 00712522 _____ C:\windows\system32\perfh01D.dat
2016-02-14 11:34 - 2012-08-02 01:02 - 00148908 _____ C:\windows\system32\perfc01D.dat
2016-02-14 11:34 - 2012-08-02 00:55 - 00440762 _____ C:\windows\system32\perfh014.dat
2016-02-14 11:34 - 2012-08-02 00:55 - 00076914 _____ C:\windows\system32\perfc014.dat
2016-02-14 11:34 - 2012-08-02 00:48 - 00426314 _____ C:\windows\system32\perfh00B.dat
2016-02-14 11:34 - 2012-08-02 00:48 - 00081450 _____ C:\windows\system32\perfc00B.dat
2016-02-14 11:34 - 2012-08-02 00:41 - 00455676 _____ C:\windows\system32\perfh006.dat
2016-02-14 11:34 - 2012-08-02 00:41 - 00079422 _____ C:\windows\system32\perfc006.dat
2016-02-14 11:34 - 2012-07-26 08:28 - 03259898 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-14 11:34 - 2012-07-26 06:37 - 00000000 ____D C:\windows\Inf
2016-02-13 04:31 - 2013-07-01 08:32 - 00000000 ___RD C:\download
2016-02-12 18:37 - 2015-02-14 09:54 - 00000000 ____D C:\Users\win_8\.mediathek3
2016-02-11 20:19 - 2013-06-26 18:28 - 00000000 ____D C:\Users\win_8\AppData\Roaming\vlc
2016-02-10 11:13 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent
2016-02-10 11:12 - 2012-07-26 09:12 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-07 22:31 - 2015-04-30 18:40 - 00062464 _____ C:\Users\win_8\Documents\ulrike_buchfuerung.xls
2016-02-07 20:12 - 2015-03-20 23:00 - 00000000 ____D C:\Users\win_8\REW
2016-02-07 20:12 - 2015-03-20 22:58 - 00000000 ___HD C:\jexepackres
2016-02-07 20:10 - 2014-07-20 11:57 - 00000000 ____D C:\svtplay_download
2016-02-05 00:30 - 2015-09-05 02:12 - 00001149 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-02-05 00:30 - 2015-07-02 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-02-05 00:30 - 2015-02-05 18:04 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-31 00:30 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI
2016-01-23 01:04 - 2014-05-26 21:36 - 00000000 ____D C:\Users\win_8\Desktop\platzt
2016-01-19 20:26 - 2014-11-02 19:26 - 00000000 ____D C:\Program Files (x86)\BankID
2016-01-19 20:25 - 2014-11-02 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BankID säkerhetsprogram

==================== Files in the root of some directories =======

2013-06-26 18:27 - 2013-06-26 18:27 - 0000027 _____ () C:\Program Files\plugins.dat

Some files in TEMP:
====================
C:\Users\win_8\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-13 03:20

==================== End of FRST.txt ============================

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by win_8 (2016-02-17 23:17:11)
Running from C:\Users\win_8\Downloads
Windows 8 (X64) (2013-06-24 16:23:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administratör (S-1-5-21-1609830323-765120689-1541722825-500 - Administrator - Disabled)
Gäst (S-1-5-21-1609830323-765120689-1541722825-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1609830323-765120689-1541722825-1003 - Limited - Enabled)
win_8 (S-1-5-21-1609830323-765120689-1541722825-1001 - Administrator - Enabled) => C:\Users\win_8

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{ccdc9cfe-8ba7-4c6c-ac5f-b2d6cfa49efc}) (Version: 1.1.54.24924 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.54.24924 - Avira Operations GmbH & Co. KG) Hidden
BankID säkerhetsprogram (HKLM-x32\...\{1BDBF557-BA87-438F-9B28-AE4D836E35BA}) (Version: 7.1.0.20 - Finansiell ID-Teknik BID AB)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.0.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Compatibility Pack för Office 2007-systemet (HKLM-x32\...\{90120000-0020-041D-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.6 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
DVBT Driver (x32 Version: 1.1.3.1 - ) Hidden
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Color LaserJet Pro MFP M476 (HKLM-x32\...\{4b849805-3b07-4b35-874a-705c0d103672}) (Version: 10.0.13302.320 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPCLJProMFPM476 (HKLM-x32\...\{C44C593D-3009-4D03-910E-243050C5E193}) (Version: 0.05.0000 - Hewlett-Packard)
HPDXP (x32 Version: 3.0.26.15 - HP) Hidden
HPLJDXPHelper (x32 Version: 060.048.005 - HP) Hidden
HPLJUTCore (x32 Version: 008.000.0001 - HP) Hidden
HPLJUTM476 (x32 Version: 010.000.0001 - HP) Hidden
hppLaserJetService (x32 Version: 009.033.00906 - Hewlett-Packard) Hidden
hppM476LaserJetService (x32 Version: 001.034.00634 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 100.040.00198 - Hewlett Packard) Hidden
hpStatusAlertsM476 (x32 Version: 100.046.00121 - Hewlett-Packard) Hidden
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41663) (Version: 3.8.0.41663.61 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
LJDXPHelperUI (x32 Version: 060.048.005 - HP) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office 2000 Premium (HKLM-x32\...\{0000041D-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)
Microsoft RichCopy 4.0 (HKLM-x32\...\{86F4F32B-77C7-4951-B33C-05D41A8190C1}) (Version: 4.0.211 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
NetBeans IDE 7.4 (HKLM\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
PHASE X64 USB (HKLM\...\USB_AUDIO_DEusb-audio.dePhaseX64USB) (Version:  - )
Pirateplayer (HKLM-x32\...\Pirateplayer) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.6000 - DTS, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Room EQ Wizard V5 (HKLM-x32\...\RoomEQWizardV5) (Version:  - John Mulcahy)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6410 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.973 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{E4C7D9D7-19D4-4623-AF0C-EA313C466411}) (Version: 5.0.0 - Toshiba Europe GmbH)
Ulead VideoStudio SE DVD (HKLM-x32\...\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}) (Version: 10.0 - Ulead Systems)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
USB2.0 Grabber (HKLM-x32\...\{45518B6D-9DDF-4144-83E4-A56762524F35}) (Version: 7.12.000.002 - Youyan)
USB2.0 Grabber (HKLM-x32\...\USB2.0 Grabber) (Version:  - )
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Analyser 2011 (HKLM-x32\...\{BE2F9F39-9512-4DFD-A412-0355A2FE66D3}) (Version: 14.0.0.19 - Alfredo Accattatis)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VMLite Workstation (HKLM\...\{197F2BEF-2705-406E-8CEB-8E404FFFE414}) (Version: 3.2.6 - VMLite)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows-drivrutinspaket - Focusrite USB 2.0 Audio Driver (03/17/2014 2.5.128.1) (HKLM\...\D86E353566ECB4A7ADA159C02FE46D0BACC4FA6B) (Version: 03/17/2014 2.5.128.1 - Focusrite)
Windows-drivrutinspaket - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00D33521-7874-4CD6-8BB2-863C2C00EA3B} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe
Task: {0142B33C-E60B-4208-BE1B-BBE7F82EA304} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2013-04-16] (Hewlett Packard)
Task: {09928DDE-9D84-4891-93C7-0676062C66CC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {13F34040-20F2-4AA3-B808-7F7EED36A5F4} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2015-11-17] (Toshiba Europe GmbH)
Task: {3A549A00-7E23-47A4-907E-E9A5CEA74912} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-03] (Dropbox, Inc.)
Task: {6EAB019B-FFF9-4F3B-9061-53FC2DC5D1C4} - System32\Tasks\{128FE2DB-52E4-4D16-BA42-5F04D72A0C62} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsProgressBar
Task: {74118A71-CC1D-4C3B-888A-52D20702266F} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {7E2AB53E-B992-4373-8C7E-4662A968BEE1} - System32\Tasks\{E064D739-1F93-4F82-983F-2AF2EA6353CE} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsBing
Task: {BB829643-4E94-4DC8-B9CC-EB19809E272D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-03] (Dropbox, Inc.)
Task: {EB5ED57C-B450-4E90-B0C5-A5FDC3306643} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {EF1EAFEE-95F9-4987-ABA9-2460BF88F59B} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {F59F3CDE-905A-4317-8C70-BAC604AAF49C} - System32\Tasks\{7BE2C727-B857-4282-A9DE-8763EC92488D} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsProgressBar

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-10-13 13:38 - 2011-10-13 13:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2010-08-11 13:18 - 2010-08-11 13:18 - 00202344 _____ () C:\Program Files\VMLite\VMLite Workstation\VBoxDDU.dll
2010-08-11 13:18 - 2010-08-11 13:18 - 02725480 _____ () C:\Program Files\VMLite\VMLite Workstation\VBoxRT.dll
2009-03-26 21:03 - 2009-03-26 21:03 - 01289728 _____ () C:\Program Files\VMLite\VMLite Workstation\LIBEAY32.dll
2012-10-26 00:24 - 2012-10-24 06:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-25 21:44 - 2012-07-25 21:35 - 00129024 _____ () C:\windows\system32\WinMetadata\Windows.UI.winmd
2012-07-25 21:44 - 2012-07-25 21:35 - 00036864 _____ () C:\windows\system32\WinMetadata\Windows.Data.winmd
2012-07-25 21:44 - 2012-07-25 21:35 - 00022016 _____ () C:\windows\system32\WinMetadata\Windows.Foundation.winmd
2016-02-03 20:08 - 2015-12-21 20:42 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-02-03 20:08 - 2015-12-21 20:42 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-02-03 20:08 - 2015-12-22 01:22 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 01734984 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-02-03 20:08 - 2015-12-21 20:42 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-02-03 20:08 - 2015-12-22 01:22 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2013-05-03 22:20 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(R) center"
HKLM\...\StartupApproved\Run32: => "TCrdMain"
HKLM\...\StartupApproved\Run32: => "TODDMain"
HKLM\...\StartupApproved\Run32: => "TosWaitSrv"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{07E6D6A7-E7EF-4A4F-91A2-25057ED1E21F}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{7592F679-6BF6-4429-AE9D-FD49B0DAF795}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BBA0E0ED-E678-440F-875A-C9D4F54BF3E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{19A13C35-388E-4E86-9420-02D685842016}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{994898F5-8155-49AE-9555-B065D0B42A44}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CDC05EA5-8141-47CF-ADD5-A769C40A9DF5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{3684E08F-B4A3-44B7-9226-D72307472873}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M476\bin\SendAFax.exe
FirewallRules: [{F46CC2C9-0066-48EC-90C1-64AD85EE8141}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M476\bin\FaxPrinterUtility.exe
FirewallRules: [{022DC4B5-DC90-43F1-A200-76DD32B994F4}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M476\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{80FA8050-5DF8-4D12-8D7A-C14B43CB0171}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{7679322D-DD23-4374-9F98-D70FFC59AABE}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\bin\DigitalWizards.exe
FirewallRules: [{153558CE-EC42-4B7D-BC23-45BFE5425F7A}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\bin\FaxApplications.exe
FirewallRules: [{F42992A9-7B31-4780-8AB8-9B92E21702E3}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\bin\EWSProxy.exe
FirewallRules: [{6EE64FE9-1B06-4975-8817-B815CDEB30F6}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\4b849805-3b07-4b35-874a-705c0d103672\Installer\hpbcsiInstaller.exe
FirewallRules: [{D781D8C9-48F6-4CFC-ABA1-2E3026C388E7}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\4b849805-3b07-4b35-874a-705c0d103672\Installer\hpbcsiInstaller.exe
FirewallRules: [{5F3E864D-1096-4281-8EF3-82A5E024534F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{97E72214-DBB9-4C55-86A8-A90C9F3E2532}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F9115E09-425D-4CEE-A831-73B0D2FD5865}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

06-02-2016 04:54:38 Schemalagd kontrollpunkt
09-02-2016 08:52:38 Windows Update
12-02-2016 16:53:26 Windows Update
15-02-2016 17:33:14 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2016 09:23:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: TCrdMain_Win8.exe, version 2.0.7.64, tidsstämpel 0x5091827a
, felet uppstod i modulen med namn: SynCOM.dll_unloaded, version 0.0.0.0, tidsstämpel 0x50b86421
Undantagskod: 0xc0000005
Felförskjutning: 0x000000001001f368
Process-ID: 0xde0
Programmets starttid: 0xTCrdMain_Win8.exe0
Sökväg till program: TCrdMain_Win8.exe1
Sökväg till modul: TCrdMain_Win8.exe2
Rapport-ID: TCrdMain_Win8.exe3
Fullständigt namn på felaktigt paket: TCrdMain_Win8.exe4
Program-ID relativt till felaktigt paket: TCrdMain_Win8.exe5

Error: (02/06/2016 04:43:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: plugin-container.exe, version 43.0.4.5848, tidsstämpel 0x568c88bd
, felet uppstod i modulen med namn: mozglue.dll, version 43.0.4.5848, tidsstämpel 0x568c7b16
Undantagskod: 0x80000003
Felförskjutning: 0x0000ed44
Process-ID: 0x8f0
Programmets starttid: 0xplugin-container.exe0
Sökväg till program: plugin-container.exe1
Sökväg till modul: plugin-container.exe2
Rapport-ID: plugin-container.exe3
Fullständigt namn på felaktigt paket: plugin-container.exe4
Program-ID relativt till felaktigt paket: plugin-container.exe5

Error: (01/26/2016 05:52:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: TCrdMain_Win8.exe, version 2.0.7.64, tidsstämpel 0x5091827a
, felet uppstod i modulen med namn: SynCOM.dll_unloaded, version 0.0.0.0, tidsstämpel 0x50b86421
Undantagskod: 0xc0000005
Felförskjutning: 0x000000001001f368
Process-ID: 0xef8
Programmets starttid: 0xTCrdMain_Win8.exe0
Sökväg till program: TCrdMain_Win8.exe1
Sökväg till modul: TCrdMain_Win8.exe2
Rapport-ID: TCrdMain_Win8.exe3
Fullständigt namn på felaktigt paket: TCrdMain_Win8.exe4
Program-ID relativt till felaktigt paket: TCrdMain_Win8.exe5

Error: (01/20/2016 10:31:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Det gick inte att skapa aktiveringskontext för C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest1. Det finns ett fel i manifest- eller principfilen C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest2 på rad C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest3.
En komponentversion som krävs av programmet står i konflikt med en annan komponentversion som redan är aktiv.
Följande komponenter orsakar konflikten:
Komponent 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest.
Komponent 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_8935f06086091acc.manifest.

Error: (01/20/2016 10:10:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: TCrdMain_Win8.exe, version 2.0.7.64, tidsstämpel 0x5091827a
, felet uppstod i modulen med namn: SynCOM.dll_unloaded, version 0.0.0.0, tidsstämpel 0x50b86421
Undantagskod: 0xc0000005
Felförskjutning: 0x000000001001f368
Process-ID: 0xff4
Programmets starttid: 0xTCrdMain_Win8.exe0
Sökväg till program: TCrdMain_Win8.exe1
Sökväg till modul: TCrdMain_Win8.exe2
Rapport-ID: TCrdMain_Win8.exe3
Fullständigt namn på felaktigt paket: TCrdMain_Win8.exe4
Program-ID relativt till felaktigt paket: TCrdMain_Win8.exe5

Error: (01/15/2016 05:11:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: TCrdMain_Win8.exe, version 2.0.7.64, tidsstämpel 0x5091827a
, felet uppstod i modulen med namn: SynCOM.dll_unloaded, version 0.0.0.0, tidsstämpel 0x50b86421
Undantagskod: 0xc0000005
Felförskjutning: 0x000000001001f368
Process-ID: 0xa0c
Programmets starttid: 0xTCrdMain_Win8.exe0
Sökväg till program: TCrdMain_Win8.exe1
Sökväg till modul: TCrdMain_Win8.exe2
Rapport-ID: TCrdMain_Win8.exe3
Fullständigt namn på felaktigt paket: TCrdMain_Win8.exe4
Program-ID relativt till felaktigt paket: TCrdMain_Win8.exe5

Error: (01/13/2016 05:56:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: DiagTrackRunner.exe, version 10.0.10041.0, tidsstämpel 0x5503b990
, felet uppstod i modulen med namn: diagtrack.dll, version 10.0.10033.0, tidsstämpel 0x54f65c93
Undantagskod: 0xc0000005
Felförskjutning: 0x0000000000031388
Process-ID: 0x13214
Programmets starttid: 0xDiagTrackRunner.exe0
Sökväg till program: DiagTrackRunner.exe1
Sökväg till modul: DiagTrackRunner.exe2
Rapport-ID: DiagTrackRunner.exe3
Fullständigt namn på felaktigt paket: DiagTrackRunner.exe4
Program-ID relativt till felaktigt paket: DiagTrackRunner.exe5

Error: (01/11/2016 08:23:10 PM) (Source: VSS) (EventID: 12344) (User: )
Description: Volume Shadow Copy-fel: Felet 0x00000000c000014d påträffades medan Registry Writer förberedde registret för en
skuggkopia.  Kontrollera i loggböckerna Program och System om det finns några relaterade fel.


Åtgärd:
   Händelsen OnFreeze
   Händelsen Freeze

Kontext:
   Körningskontext: Registry Writer
   Körningskontext: Writer
   Skrivarklass-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Skrivarnamn: Registry Writer
   Skrivarinstans-ID: {ce0fee1f-131f-4924-a9db-60ed88a92cc4}

Error: (01/02/2016 03:34:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: plugin-container.exe, version 43.0.1.5828, tidsstämpel 0x56723a12
, felet uppstod i modulen med namn: mozglue.dll, version 43.0.1.5828, tidsstämpel 0x56722c0b
Undantagskod: 0x80000003
Felförskjutning: 0x0000ed63
Process-ID: 0x12a4
Programmets starttid: 0xplugin-container.exe0
Sökväg till program: plugin-container.exe1
Sökväg till modul: plugin-container.exe2
Rapport-ID: plugin-container.exe3
Fullständigt namn på felaktigt paket: plugin-container.exe4
Program-ID relativt till felaktigt paket: plugin-container.exe5

Error: (01/02/2016 03:22:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: spoolsv.exe, version 6.2.9200.16384, tidsstämpel 0x501080ef
, felet uppstod i modulen med namn: unknown, version 0.0.0.0, tidsstämpel 0x00000000
Undantagskod: 0xc0000005
Felförskjutning: 0x00000000013f6420
Process-ID: 0x5f4
Programmets starttid: 0xspoolsv.exe0
Sökväg till program: spoolsv.exe1
Sökväg till modul: spoolsv.exe2
Rapport-ID: spoolsv.exe3
Fullständigt namn på felaktigt paket: spoolsv.exe4
Program-ID relativt till felaktigt paket: spoolsv.exe5


System errors:
=============
Error: (02/16/2016 04:59:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten Dnscache.

Error: (02/16/2016 04:59:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten Dnscache.

Error: (02/16/2016 04:58:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten LanmanWorkstation.

Error: (02/16/2016 04:58:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten NlaSvc.

Error: (02/15/2016 09:07:05 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Den senaste avstängningen av datorn vid 21:06:11 den ‎15.‎02.‎2016 skedde oväntat.

Error: (02/14/2016 03:33:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten NlaSvc.

Error: (02/11/2016 05:19:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten NlaSvc.

Error: (02/10/2016 07:43:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Den senaste avstängningen av datorn vid 11:07:19 den ‎10.‎02.‎2016 skedde oväntat.

Error: (02/04/2016 07:59:58 PM) (Source: DCOM) (EventID: 10010) (User: NT instans)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/04/2016 07:59:51 PM) (Source: DCOM) (EventID: 10010) (User: NT instans)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU 1000M @ 1.80GHz
Percentage of memory in use: 55%
Total physical RAM: 3979.21 MB
Available physical RAM: 1784.87 MB
Total Virtual: 6667.21 MB
Available Virtual: 3883.65 MB

==================== Drives ================================

Drive c: (TI31061100A) (Fixed) (Total:286.29 GB) (Free:43.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

cosinus · 18.02.2016, 11:07

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

tom_sverige · 18.02.2016, 14:55

nein, ausser vielleicht von Avira. Gibt es eine Möglichkeit, die Avira Funde zu posten, oder ist das nicht von Interesse?

cosinus · 18.02.2016, 15:26

Link dazu wurde in meiner letzten Antwort gepostet

tom_sverige · 18.02.2016, 15:55

Hallo,

hier die Fund aus Avira:

Code:

ATTFilter

Exportierte Ereignisse:

21.01.2016 06:34 [System-Scanner] Malware gefunden
      Die Datei 'C:\download\haemtade_filer\FreeYouTubeDownload3.2.44.820.exe'
      enthielt einen Virus oder unerwünschtes Programm 'PUA/OpenCandy.Gen' [riskware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ab7eccd.qua' 
      verschoben!

20.01.2016 22:12 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\extens
      ions\_dzMembers_@www.pconverter.com\bootstrap.js'
      enthielt einen Virus oder unerwünschtes Programm 'PUA/MyWebSearch.U.344' 
      [riskware].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler 
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
      Die Quelldatei konnte nicht gefunden werden.
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
      Fehler in der ARK Library.

20.01.2016 22:11 [Echtzeit-Scanner] Malware gefunden
      In der Datei 
      'C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\extens
      ions\_dzMembers_@www.pconverter.com\bootstrap.js'
      wurde ein Virus oder unerwünschtes Programm 'PUA/MyWebSearch.U.344' [riskware] 
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

20.01.2016 22:11 [Echtzeit-Scanner] Malware gefunden
      In der Datei 
      'C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\extens
      ions\_dzMembers_@www.pconverter.com\bootstrap.js'
      wurde ein Virus oder unerwünschtes Programm 'PUA/MyWebSearch.U.344' [riskware] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

cosinus · 18.02.2016, 15:57

Ok, nur Werbemüll. Bekommen wir weg. Aber erstmal:

Bitte Avira deinstallieren. Das Teil empfehlen wir schon seit Jahren aus mehreren Gründen nicht mehr. Ein Grund ist ne rel. hohe Fehlalarmquote, der zweite Hauptgrund ist, dass die immer noch mit ASK zusammenarbeiten (Avira Suchfunktion geht über ASK). Auch andere Freewareanbieter wie AVG, Avast oder Panda sprangen auf diesen Zug auf - so etwas ist bei Sicherheitssoftware einfach inakzeptabel. Vgl. Antivirensoftware: Schutz für Ihre Dateien, aber auf Kosten Ihrer Privatsphäre? | Emsisoft Blog

Wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen.

Gib Bescheid wenn Avira weg ist.

tom_sverige · 18.02.2016, 21:52

Hallo,

habe Avira jetzt deinstalliert. Soll ich den Windows Defender dafür einschalten? Oder erst mal ganz ohne Schutz?

cosinus · 18.02.2016, 22:30

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

tom_sverige · 21.02.2016, 10:41

Hallo,

das Programm fror beim ersten Mal ein, daher liess ich es nach herausnehmen der Batterie ein zweites Mal laufen. Ein Neustart erfolgte danach nicht da das Programm nichts fand.

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.02.20.04
  rootkit: v2016.02.17.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.17377
win_8 :: WIN8 [administrator]

21.02.2016 01:38:11
mbar-log-2016-02-21 (01-38-11).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 49315
Time elapsed: 14 minute(s), 50 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.02.20.04
  rootkit: v2016.02.17.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.17377
win_8 :: WIN8 [administrator]

21.02.2016 02:11:04
mbar-log-2016-02-21 (02-11-04).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 346102
Time elapsed: 30 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 21.02.2016, 15:29

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

tom_sverige · 21.02.2016, 15:59

Code:

ATTFilter

# AdwCleaner v5.035 - Logfile created 21/02/2016 at 15:55:21
# Updated 18/02/2016 by Xplode
# Database : 2016-02-20.3 [Server]
# Operating system : Windows 8  (x64)
# Username : win_8 - WIN8
# Running from : C:\Users\win_8\Desktop\AdwCleaner_5.035.exe
# Option : Cleaning
# Support : hxxp://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Applian Technologies
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Proxy settings cleared
:: Winsock settings cleared
:: Chrome policies deleted

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [866 bytes] ##########

cosinus · 21.02.2016, 16:02

hast du alle geforderten Optionen im adwcleaner angehakt?

tom_sverige · 21.02.2016, 16:16

ja, aber es war auf Englisch. Kann es daran liegen dass es ein schwedisches Windiws ist?

Im Augenblick läuft JRT...

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 8 x64 
Ran by win_8 (Administrator) on 21.02.2016 at 16:04:51,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 40 

Successfully deleted: C:\Users\win_8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\020FVY0C (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\win_8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4I4WJXHS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\win_8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4YYR1N5W (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\win_8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7I7A61I7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\win_8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8450CI0T (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\win_8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AN8TGDP9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\win_8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CIKL8LV0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\win_8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CIWWV79Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\win_8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFF6R2EK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\win_8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EM28BXHZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\win_8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EY89YOLC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\win_8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8WM9I6Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\win_8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FOJVXBCC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\win_8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZDUCRRJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\win_8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKYZZXUZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\win_8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9U0ROSR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\win_8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5X7GJXE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\win_8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PT43CYGU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\win_8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UH13Z7EY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\win_8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHLDXVXI (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\020FVY0C (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4I4WJXHS (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4YYR1N5W (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7I7A61I7 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8450CI0T (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AN8TGDP9 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CIKL8LV0 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CIWWV79Y (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFF6R2EK (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EM28BXHZ (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EY89YOLC (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8WM9I6Z (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FOJVXBCC (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZDUCRRJ (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKYZZXUZ (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9U0ROSR (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5X7GJXE (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PT43CYGU (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UH13Z7EY (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHLDXVXI (Temporary Internet Files Folder) 

Deleted the following from C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\prefs.js
user_pref(browser.urlbar.suggest.searches, true);



Registry: 1 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C959D6CA-DD06-4623-BC24-B1A330093942} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.02.2016 at 16:08:31,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016
Ran by win_8 (administrator) on WIN8 (21-02-2016 16:12:31)
Running from C:\Users\win_8\Desktop
Loaded Profiles: win_8 (Available Profiles: win_8)
Platform: Windows 8 0(X64) Language: Svenska (Sverige)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(VMLite, Inc.) C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17280_none_6224eed751126779\TiWorker.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] ()
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UVS10 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-10] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313656 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25122080 2016-02-16] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1609830323-765120689-1541722825-1001\...\MountPoints2: {0ac73d10-de8d-11e2-be87-7c05077950e8} - "E:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-10-12]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A9471BA8-D654-4208-A824-D1488EE72EC2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1609830323-765120689-1541722825-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-26] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-26] ()
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.1.0.18 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [No File]
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.2.5.1 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [No File]
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.4.0.22 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-03] (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
FF Extension: 1-Click YouTube Video Downloader - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-05-30]
FF Extension: NoScript - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-02-12]
FF Extension: Video DownloadHelper - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-01]
FF Extension: Adblock Plus - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-03] (Dropbox, Inc.)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2013-08-22] (HP) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [120392 2015-11-17] (Toshiba Europe GmbH)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-29] (Ulead Systems, Inc.) [File not signed]
R2 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2014-03-17] (Focusrite Audio Engineering Limited.)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [109272 2016-02-21] (Malwarebytes)
S3 MUSONIK_PHASE_X64_USB; C:\Windows\System32\Drivers\msnkphsu.sys [460352 2009-11-13] (Ploytec GmbH)
S3 MUSONIK_PHASE_X64_WDM; C:\Windows\system32\drivers\msnkphsa.sys [49216 2009-11-13] (Ploytec GmbH)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1816968 2010-04-16] (Syntek)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.)
R3 VBoxNetFlt; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.)
R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
R3 vmlitestor; C:\Windows\system32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-01-31] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [275712 2015-01-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-21 16:12 - 2016-02-21 16:12 - 00018600 _____ C:\Users\win_8\Desktop\FRST.txt
2016-02-21 16:08 - 2016-02-21 16:08 - 00007397 _____ C:\Users\win_8\Desktop\JRT.txt
2016-02-21 16:00 - 2016-02-21 16:00 - 01609216 _____ (Malwarebytes) C:\Users\win_8\Desktop\JRT.exe
2016-02-21 15:50 - 2016-02-21 15:55 - 00000000 ____D C:\AdwCleaner
2016-02-21 15:49 - 2016-02-21 15:49 - 01511424 _____ C:\Users\win_8\Desktop\AdwCleaner_5.035.exe
2016-02-21 01:37 - 2016-02-21 10:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-02-21 01:35 - 2016-02-21 10:35 - 00000000 ____D C:\Users\win_8\Desktop\mbar
2016-02-21 01:33 - 2016-02-21 01:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-21 01:32 - 2016-02-21 01:32 - 16563352 _____ (Malwarebytes Corp.) C:\Users\win_8\Desktop\mbar-1.09.3.1001.exe
2016-02-17 23:17 - 2016-02-17 23:18 - 00037796 _____ C:\Users\win_8\Downloads\Addition.txt
2016-02-17 23:16 - 2016-02-17 23:18 - 00028811 _____ C:\Users\win_8\Downloads\FRST.txt
2016-02-17 23:14 - 2016-02-17 23:14 - 02371072 _____ (Farbar) C:\Users\win_8\Downloads\FRST64.exe
2016-02-12 17:59 - 2016-02-19 15:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-07 15:20 - 2016-02-07 15:20 - 00011264 _____ C:\Users\win_8\Downloads\export.xls
2016-02-06 23:47 - 2016-02-06 23:47 - 09460656 _____ C:\Users\win_8\Downloads\Bakgrundermp3.zip
2016-02-03 18:25 - 2016-02-03 18:25 - 00000000 ____D C:\Users\win_8\AppData\Roaming\Dropbox
2016-02-03 18:23 - 2016-02-21 15:57 - 00001218 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-02-03 18:23 - 2016-02-21 15:28 - 00001222 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-02-03 18:23 - 2016-02-21 01:33 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-02-03 18:23 - 2016-02-03 20:09 - 00000000 ____D C:\Users\win_8\AppData\Local\Dropbox
2016-02-03 18:23 - 2016-02-03 18:23 - 00690072 _____ (Dropbox, Inc.) C:\Users\win_8\Downloads\DropboxInstaller.exe
2016-02-03 18:23 - 2016-02-03 18:23 - 00004194 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-02-03 18:23 - 2016-02-03 18:23 - 00003958 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-02-03 18:23 - 2016-02-03 18:23 - 00000000 ____D C:\ProgramData\Dropbox
2016-02-03 18:14 - 2016-01-12 23:45 - 2648580096 _____ C:\Users\win_8\Desktop\000.ts
2016-02-01 20:03 - 2016-02-01 20:05 - 00083884 _____ C:\Users\win_8\Downloads\Uppgift 2 MV702(1).pdf
2016-01-30 18:35 - 2016-01-30 18:35 - 00083884 _____ C:\Users\win_8\Downloads\Uppgift 2 MV702.pdf
2016-01-29 15:49 - 2016-01-29 15:50 - 00151517 _____ C:\Users\win_8\Downloads\Kursplan_CourseSyllabus_1MU702(2).pdf
2016-01-29 15:48 - 2016-01-29 15:49 - 00076483 _____ C:\Users\win_8\Downloads\Studiehandledning 1MV702 vt 16.pdf
2016-01-29 15:41 - 2016-01-29 15:41 - 00086757 _____ C:\Users\win_8\Downloads\Uppgift 1. 1MV702. Vt 16.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-21 16:12 - 2015-03-11 22:42 - 00000000 ____D C:\Users\win_8\Desktop\FRST-OlderVersion
2016-02-21 16:12 - 2015-03-09 19:40 - 00000000 ____D C:\FRST
2016-02-21 16:12 - 2015-03-09 19:38 - 02371072 _____ (Farbar) C:\Users\win_8\Desktop\FRST64.exe
2016-02-21 15:57 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-21 15:56 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI
2016-02-21 11:31 - 2012-07-26 08:59 - 00000000 ____D C:\windows\CbsTemp
2016-02-21 02:10 - 2015-03-10 17:40 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-21 01:38 - 2015-03-10 17:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-21 01:35 - 2015-03-10 17:39 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-02-21 01:13 - 2012-08-02 01:02 - 00712522 _____ C:\windows\system32\perfh01D.dat
2016-02-21 01:13 - 2012-08-02 01:02 - 00148908 _____ C:\windows\system32\perfc01D.dat
2016-02-21 01:13 - 2012-08-02 00:55 - 00440762 _____ C:\windows\system32\perfh014.dat
2016-02-21 01:13 - 2012-08-02 00:55 - 00076914 _____ C:\windows\system32\perfc014.dat
2016-02-21 01:13 - 2012-08-02 00:48 - 00426314 _____ C:\windows\system32\perfh00B.dat
2016-02-21 01:13 - 2012-08-02 00:48 - 00081450 _____ C:\windows\system32\perfc00B.dat
2016-02-21 01:13 - 2012-08-02 00:41 - 00455676 _____ C:\windows\system32\perfh006.dat
2016-02-21 01:13 - 2012-08-02 00:41 - 00079422 _____ C:\windows\system32\perfc006.dat
2016-02-21 01:13 - 2012-07-26 08:28 - 03259898 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-21 01:13 - 2012-07-26 06:37 - 00000000 ____D C:\windows\Inf
2016-02-21 00:50 - 2013-07-01 08:32 - 00000000 ___RD C:\download
2016-02-20 15:36 - 2013-06-26 18:28 - 00000000 ____D C:\Users\win_8\AppData\Roaming\vlc
2016-02-19 15:35 - 2013-09-10 17:06 - 00000000 ____D C:\audio
2016-02-19 15:31 - 2013-06-24 17:31 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1609830323-765120689-1541722825-1001
2016-02-19 15:19 - 2013-07-15 09:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-19 15:19 - 2013-06-26 17:15 - 00000000 ____D C:\Program Files (x86)\Avira
2016-02-18 21:51 - 2015-02-05 18:04 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-18 21:51 - 2013-06-26 17:15 - 00000000 ____D C:\ProgramData\Avira
2016-02-18 21:50 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2016-02-15 21:00 - 2013-08-12 17:52 - 00000000 ____D C:\Users\win_8\AppData\Local\ElevatedDiagnostics
2016-02-12 18:37 - 2015-02-14 09:54 - 00000000 ____D C:\Users\win_8\.mediathek3
2016-02-10 11:13 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent
2016-02-10 11:12 - 2012-07-26 09:12 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-07 22:31 - 2015-04-30 18:40 - 00062464 _____ C:\Users\win_8\Documents\ulrike_buchfuerung.xls
2016-02-07 20:12 - 2015-03-20 23:00 - 00000000 ____D C:\Users\win_8\REW
2016-02-07 20:12 - 2015-03-20 22:58 - 00000000 ___HD C:\jexepackres
2016-02-07 20:10 - 2014-07-20 11:57 - 00000000 ____D C:\svtplay_download
2016-01-23 01:04 - 2014-05-26 21:36 - 00000000 ____D C:\Users\win_8\Desktop\platzt

==================== Files in the root of some directories =======

2013-06-26 18:27 - 2013-06-26 18:27 - 0000027 _____ () C:\Program Files\plugins.dat

Some files in TEMP:
====================
C:\Users\win_8\AppData\Local\Temp\avgnt.exe
C:\Users\win_8\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-21 03:00

==================== End of FRST.txt ============================

--- --- ---

--- --- ---

[CODE]Additional
FRST Logfile:

FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:21-02-2016
Ran by win_8 (2016-02-21 16:13:54)
Running from C:\Users\win_8\Desktop
Windows 8 0(X64) (2013-06-24 16:23:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administratör (S-1-5-21-1609830323-765120689-1541722825-500 - Administrator - Disabled)
Gäst (S-1-5-21-1609830323-765120689-1541722825-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1609830323-765120689-1541722825-1003 - Limited - Enabled)
win_8 (S-1-5-21-1609830323-765120689-1541722825-1001 - Administrator - Enabled) => C:\Users\win_8

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
BankID säkerhetsprogram (HKLM-x32\...\{1BDBF557-BA87-438F-9B28-AE4D836E35BA}) (Version: 7.1.0.20 - Finansiell ID-Teknik BID AB)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.0.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Compatibility Pack för Office 2007-systemet (HKLM-x32\...\{90120000-0020-041D-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
DVBT Driver (x32 Version: 1.1.3.1 - ) Hidden
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Color LaserJet Pro MFP M476 (HKLM-x32\...\{4b849805-3b07-4b35-874a-705c0d103672}) (Version: 10.0.13302.320 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPCLJProMFPM476 (HKLM-x32\...\{C44C593D-3009-4D03-910E-243050C5E193}) (Version: 0.05.0000 - Hewlett-Packard)
HPDXP (x32 Version: 3.0.26.15 - HP) Hidden
HPLJDXPHelper (x32 Version: 060.048.005 - HP) Hidden
HPLJUTCore (x32 Version: 008.000.0001 - HP) Hidden
HPLJUTM476 (x32 Version: 010.000.0001 - HP) Hidden
hppLaserJetService (x32 Version: 009.033.00906 - Hewlett-Packard) Hidden
hppM476LaserJetService (x32 Version: 001.034.00634 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 100.040.00198 - Hewlett Packard) Hidden
hpStatusAlertsM476 (x32 Version: 100.046.00121 - Hewlett-Packard) Hidden
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41663) (Version: 3.8.0.41663.61 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
LJDXPHelperUI (x32 Version: 060.048.005 - HP) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office 2000 Premium (HKLM-x32\...\{0000041D-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)
Microsoft RichCopy 4.0 (HKLM-x32\...\{86F4F32B-77C7-4951-B33C-05D41A8190C1}) (Version: 4.0.211 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
NetBeans IDE 7.4 (HKLM\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
PHASE X64 USB (HKLM\...\USB_AUDIO_DEusb-audio.dePhaseX64USB) (Version:  - )
Pirateplayer (HKLM-x32\...\Pirateplayer) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.6000 - DTS, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Room EQ Wizard V5 (HKLM-x32\...\RoomEQWizardV5) (Version:  - John Mulcahy)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6410 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.973 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{E4C7D9D7-19D4-4623-AF0C-EA313C466411}) (Version: 5.0.0 - Toshiba Europe GmbH)
Ulead VideoStudio SE DVD (HKLM-x32\...\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}) (Version: 10.0 - Ulead Systems)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
USB2.0 Grabber (HKLM-x32\...\{45518B6D-9DDF-4144-83E4-A56762524F35}) (Version: 7.12.000.002 - Youyan)
USB2.0 Grabber (HKLM-x32\...\USB2.0 Grabber) (Version:  - )
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Analyser 2011 (HKLM-x32\...\{BE2F9F39-9512-4DFD-A412-0355A2FE66D3}) (Version: 14.0.0.19 - Alfredo Accattatis)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VMLite Workstation (HKLM\...\{197F2BEF-2705-406E-8CEB-8E404FFFE414}) (Version: 3.2.6 - VMLite)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows-drivrutinspaket - Focusrite USB 2.0 Audio Driver (03/17/2014 2.5.128.1) (HKLM\...\D86E353566ECB4A7ADA159C02FE46D0BACC4FA6B) (Version: 03/17/2014 2.5.128.1 - Focusrite)
Windows-drivrutinspaket - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00D33521-7874-4CD6-8BB2-863C2C00EA3B} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe
Task: {0142B33C-E60B-4208-BE1B-BBE7F82EA304} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2013-04-16] (Hewlett Packard)
Task: {09928DDE-9D84-4891-93C7-0676062C66CC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {13F34040-20F2-4AA3-B808-7F7EED36A5F4} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2015-11-17] (Toshiba Europe GmbH)
Task: {3A549A00-7E23-47A4-907E-E9A5CEA74912} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-03] (Dropbox, Inc.)
Task: {6EAB019B-FFF9-4F3B-9061-53FC2DC5D1C4} - System32\Tasks\{128FE2DB-52E4-4D16-BA42-5F04D72A0C62} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsProgressBar
Task: {74118A71-CC1D-4C3B-888A-52D20702266F} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {7E2AB53E-B992-4373-8C7E-4662A968BEE1} - System32\Tasks\{E064D739-1F93-4F82-983F-2AF2EA6353CE} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsBing
Task: {BB829643-4E94-4DC8-B9CC-EB19809E272D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-03] (Dropbox, Inc.)
Task: {EB5ED57C-B450-4E90-B0C5-A5FDC3306643} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {EF1EAFEE-95F9-4987-ABA9-2460BF88F59B} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {F59F3CDE-905A-4317-8C70-BAC604AAF49C} - System32\Tasks\{7BE2C727-B857-4282-A9DE-8763EC92488D} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsProgressBar

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-10-13 13:38 - 2011-10-13 13:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2010-08-11 13:18 - 2010-08-11 13:18 - 00202344 _____ () C:\Program Files\VMLite\VMLite Workstation\VBoxDDU.dll
2010-08-11 13:18 - 2010-08-11 13:18 - 02725480 _____ () C:\Program Files\VMLite\VMLite Workstation\VBoxRT.dll
2009-03-26 21:03 - 2009-03-26 21:03 - 01289728 _____ () C:\Program Files\VMLite\VMLite Workstation\LIBEAY32.dll
2012-10-31 15:15 - 2012-10-31 15:15 - 02565544 _____ () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-07-25 21:44 - 2012-07-25 21:35 - 00129024 _____ () C:\windows\system32\WinMetadata\Windows.UI.winmd
2012-07-25 21:44 - 2012-07-25 21:35 - 00036864 _____ () C:\windows\system32\WinMetadata\Windows.Data.winmd
2012-07-25 21:44 - 2012-07-25 21:35 - 00022016 _____ () C:\windows\system32\WinMetadata\Windows.Foundation.winmd
2013-05-03 22:20 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(R) center"
HKLM\...\StartupApproved\Run32: => "TCrdMain"
HKLM\...\StartupApproved\Run32: => "TODDMain"
HKLM\...\StartupApproved\Run32: => "TosWaitSrv"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{07E6D6A7-E7EF-4A4F-91A2-25057ED1E21F}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{7592F679-6BF6-4429-AE9D-FD49B0DAF795}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BBA0E0ED-E678-440F-875A-C9D4F54BF3E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{19A13C35-388E-4E86-9420-02D685842016}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{994898F5-8155-49AE-9555-B065D0B42A44}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CDC05EA5-8141-47CF-ADD5-A769C40A9DF5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{3684E08F-B4A3-44B7-9226-D72307472873}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M476\bin\SendAFax.exe
FirewallRules: [{F46CC2C9-0066-48EC-90C1-64AD85EE8141}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M476\bin\FaxPrinterUtility.exe
FirewallRules: [{022DC4B5-DC90-43F1-A200-76DD32B994F4}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M476\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{80FA8050-5DF8-4D12-8D7A-C14B43CB0171}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{7679322D-DD23-4374-9F98-D70FFC59AABE}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\bin\DigitalWizards.exe
FirewallRules: [{153558CE-EC42-4B7D-BC23-45BFE5425F7A}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\bin\FaxApplications.exe
FirewallRules: [{F42992A9-7B31-4780-8AB8-9B92E21702E3}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\bin\EWSProxy.exe
FirewallRules: [{6EE64FE9-1B06-4975-8817-B815CDEB30F6}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\4b849805-3b07-4b35-874a-705c0d103672\Installer\hpbcsiInstaller.exe
FirewallRules: [{D781D8C9-48F6-4CFC-ABA1-2E3026C388E7}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\4b849805-3b07-4b35-874a-705c0d103672\Installer\hpbcsiInstaller.exe
FirewallRules: [{5F3E864D-1096-4281-8EF3-82A5E024534F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{97E72214-DBB9-4C55-86A8-A90C9F3E2532}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A1913B69-0242-43F0-9B71-F50D1D779F63}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

12-02-2016 16:53:26 Windows Update
15-02-2016 17:33:14 Windows Update
18-02-2016 19:56:24 Windows Update
21-02-2016 16:04:07 JRT Pre-Junkware Removal
21-02-2016 16:04:51 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/19/2016 07:12:20 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/15/2016 09:23:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: TCrdMain_Win8.exe, version 2.0.7.64, tidsstämpel 0x5091827a
, felet uppstod i modulen med namn: SynCOM.dll_unloaded, version 0.0.0.0, tidsstämpel 0x50b86421
Undantagskod: 0xc0000005
Felförskjutning: 0x000000001001f368
Process-ID: 0xde0
Programmets starttid: 0xTCrdMain_Win8.exe0
Sökväg till program: TCrdMain_Win8.exe1
Sökväg till modul: TCrdMain_Win8.exe2
Rapport-ID: TCrdMain_Win8.exe3
Fullständigt namn på felaktigt paket: TCrdMain_Win8.exe4
Program-ID relativt till felaktigt paket: TCrdMain_Win8.exe5

Error: (02/06/2016 04:43:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: plugin-container.exe, version 43.0.4.5848, tidsstämpel 0x568c88bd
, felet uppstod i modulen med namn: mozglue.dll, version 43.0.4.5848, tidsstämpel 0x568c7b16
Undantagskod: 0x80000003
Felförskjutning: 0x0000ed44
Process-ID: 0x8f0
Programmets starttid: 0xplugin-container.exe0
Sökväg till program: plugin-container.exe1
Sökväg till modul: plugin-container.exe2
Rapport-ID: plugin-container.exe3
Fullständigt namn på felaktigt paket: plugin-container.exe4
Program-ID relativt till felaktigt paket: plugin-container.exe5

Error: (01/26/2016 05:52:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: TCrdMain_Win8.exe, version 2.0.7.64, tidsstämpel 0x5091827a
, felet uppstod i modulen med namn: SynCOM.dll_unloaded, version 0.0.0.0, tidsstämpel 0x50b86421
Undantagskod: 0xc0000005
Felförskjutning: 0x000000001001f368
Process-ID: 0xef8
Programmets starttid: 0xTCrdMain_Win8.exe0
Sökväg till program: TCrdMain_Win8.exe1
Sökväg till modul: TCrdMain_Win8.exe2
Rapport-ID: TCrdMain_Win8.exe3
Fullständigt namn på felaktigt paket: TCrdMain_Win8.exe4
Program-ID relativt till felaktigt paket: TCrdMain_Win8.exe5

Error: (01/20/2016 10:31:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Det gick inte att skapa aktiveringskontext för C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest1. Det finns ett fel i manifest- eller principfilen C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest2 på rad C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest3.
En komponentversion som krävs av programmet står i konflikt med en annan komponentversion som redan är aktiv.
Följande komponenter orsakar konflikten:
Komponent 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest.
Komponent 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_8935f06086091acc.manifest.

Error: (01/20/2016 10:10:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: TCrdMain_Win8.exe, version 2.0.7.64, tidsstämpel 0x5091827a
, felet uppstod i modulen med namn: SynCOM.dll_unloaded, version 0.0.0.0, tidsstämpel 0x50b86421
Undantagskod: 0xc0000005
Felförskjutning: 0x000000001001f368
Process-ID: 0xff4
Programmets starttid: 0xTCrdMain_Win8.exe0
Sökväg till program: TCrdMain_Win8.exe1
Sökväg till modul: TCrdMain_Win8.exe2
Rapport-ID: TCrdMain_Win8.exe3
Fullständigt namn på felaktigt paket: TCrdMain_Win8.exe4
Program-ID relativt till felaktigt paket: TCrdMain_Win8.exe5

Error: (01/15/2016 05:11:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: TCrdMain_Win8.exe, version 2.0.7.64, tidsstämpel 0x5091827a
, felet uppstod i modulen med namn: SynCOM.dll_unloaded, version 0.0.0.0, tidsstämpel 0x50b86421
Undantagskod: 0xc0000005
Felförskjutning: 0x000000001001f368
Process-ID: 0xa0c
Programmets starttid: 0xTCrdMain_Win8.exe0
Sökväg till program: TCrdMain_Win8.exe1
Sökväg till modul: TCrdMain_Win8.exe2
Rapport-ID: TCrdMain_Win8.exe3
Fullständigt namn på felaktigt paket: TCrdMain_Win8.exe4
Program-ID relativt till felaktigt paket: TCrdMain_Win8.exe5

Error: (01/13/2016 05:56:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: DiagTrackRunner.exe, version 10.0.10041.0, tidsstämpel 0x5503b990
, felet uppstod i modulen med namn: diagtrack.dll, version 10.0.10033.0, tidsstämpel 0x54f65c93
Undantagskod: 0xc0000005
Felförskjutning: 0x0000000000031388
Process-ID: 0x13214
Programmets starttid: 0xDiagTrackRunner.exe0
Sökväg till program: DiagTrackRunner.exe1
Sökväg till modul: DiagTrackRunner.exe2
Rapport-ID: DiagTrackRunner.exe3
Fullständigt namn på felaktigt paket: DiagTrackRunner.exe4
Program-ID relativt till felaktigt paket: DiagTrackRunner.exe5

Error: (01/11/2016 08:23:10 PM) (Source: VSS) (EventID: 12344) (User: )
Description: Volume Shadow Copy-fel: Felet 0x00000000c000014d påträffades medan Registry Writer förberedde registret för en
skuggkopia.  Kontrollera i loggböckerna Program och System om det finns några relaterade fel.


Åtgärd:
   Händelsen OnFreeze
   Händelsen Freeze

Kontext:
   Körningskontext: Registry Writer
   Körningskontext: Writer
   Skrivarklass-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Skrivarnamn: Registry Writer
   Skrivarinstans-ID: {ce0fee1f-131f-4924-a9db-60ed88a92cc4}

Error: (01/02/2016 03:34:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: plugin-container.exe, version 43.0.1.5828, tidsstämpel 0x56723a12
, felet uppstod i modulen med namn: mozglue.dll, version 43.0.1.5828, tidsstämpel 0x56722c0b
Undantagskod: 0x80000003
Felförskjutning: 0x0000ed63
Process-ID: 0x12a4
Programmets starttid: 0xplugin-container.exe0
Sökväg till program: plugin-container.exe1
Sökväg till modul: plugin-container.exe2
Rapport-ID: plugin-container.exe3
Fullständigt namn på felaktigt paket: plugin-container.exe4
Program-ID relativt till felaktigt paket: plugin-container.exe5


System errors:
=============
Error: (02/21/2016 03:56:20 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT instans)
Description: Modulen för WLAN-utökningsmöjligheter stoppades oväntat.

Modulsökväg: C:\windows\system32\Rtlihvs.dll

Error: (02/21/2016 03:56:20 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT instans)
Description: Modulen för WLAN-utökningsmöjligheter stoppades oväntat.

Modulsökväg: C:\windows\system32\Rtlihvs.dll

Error: (02/21/2016 03:56:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT instans)
Description: Modulen för WLAN-utökningsmöjligheter stoppades oväntat.

Modulsökväg: C:\windows\system32\Rtlihvs.dll

Error: (02/21/2016 03:56:05 PM) (Source: DCOM) (EventID: 10010) (User: win8)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (02/21/2016 03:55:47 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Tjänsthanteraren försökte utföra en korrigeringsåtgärd (Starta om tjänsten) efter att tjänsten Windows Search avslutats oväntat, men denna åtgärd misslyckades med följande fel: 
%%1056

Error: (02/21/2016 03:55:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten TEMPRO Service avslutades oväntat. Detta har skett 1 gånger.

Error: (02/21/2016 03:55:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten TMachInfo avslutades oväntat. Detta har skett 1 gånger.

Error: (02/21/2016 03:55:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten TPCH Service avslutades oväntat. Detta har skett 1 gånger.

Error: (02/21/2016 03:55:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjänsten Windows Media Player Network Sharing Service avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 30000 millisekunder: Starta om tjänsten.

Error: (02/21/2016 03:55:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten Intel(R) Management and Security Application User Notification Service avslutades oväntat. Detta har skett 1 gånger.


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU 1000M @ 1.80GHz
Percentage of memory in use: 38%
Total physical RAM: 3979.21 MB
Available physical RAM: 2457.63 MB
Total Virtual: 6667.21 MB
Available Virtual: 5001.89 MB

==================== Drives ================================

Drive c: (TI31061100A) (Fixed) (Total:286.29 GB) (Free:42.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

--- --- ---

--- --- ---

cosinus · 21.02.2016, 16:30

Zitat:

:: "Tracing" keys removed
:: Proxy settings cleared
:: Winsock settings cleared
:: Chrome policies deleted

Reset IE policies fehlt da...

tom_sverige · 21.02.2016, 17:10

Soll ich das Programm noch einmal laufen lassen?
Oder sogar alle drei?

18.02.2016, 15:26	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	spam wird geschickt, entweder von mir oder vom smart phone oder router, jjstejjer(a)hotmail.com Link dazu wurde in meiner letzten Antwort gepostet __________________ Logfiles bitte immer in CODE-Tags posten

21.02.2016, 16:02	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	spam wird geschickt, entweder von mir oder vom smart phone oder router, jjstejjer(a)hotmail.com hast du alle geforderten Optionen im adwcleaner angehakt? __________________ Logfiles bitte immer in CODE-Tags posten

spam wird geschickt, entweder von mir oder vom smart phone oder router, jjstejjer(a)hotmail.com

Log-Analyse und Auswertung: spam wird geschickt, entweder von mir oder vom smart phone oder router, jjstejjer(a)hotmail.com