Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: spam wird geschickt, entweder von mir oder vom smart phone oder router, jjstejjer(a)hotmail.com

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 17.02.2016, 23:35   #1
tom_sverige
 
spam wird geschickt, entweder von mir oder vom smart phone oder router, jjstejjer(a)hotmail.com - Standard

spam wird geschickt, entweder von mir oder vom smart phone oder router, jjstejjer(a)hotmail.com



Hallo,

ein Provider schaltet ab und zu den Anschluss ab, da Spam ausgeht, mit der im Betreff genannten email-adresse. Da nur ein Computer, ein Smartphone oder der Router (TP Link) überhaupt eingeschaltet sind, kann es nur eines dieser drei Komponenten sein. Beim Telefon ist ein Virenscanner drauf und beim Router weiss ich gar nicht wie das geht. Daher fangen wir mal mit dem Computer an:

hier die gewünschten Files:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
Ran by win_8 (administrator) on WIN8 (17-02-2016 23:16:02)
Running from C:\Users\win_8\Downloads
Loaded Profiles: win_8 (Available Profiles: win_8)
Platform: Windows 8 (X64) Language: Svenska (Sverige)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(VMLite, Inc.) C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Users\win_8\Desktop\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] ()
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UVS10 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-10] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313656 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952376 2015-12-22] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1609830323-765120689-1541722825-1001\...\MountPoints2: {0ac73d10-de8d-11e2-be87-7c05077950e8} - "E:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-10-12]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A9471BA8-D654-4208-A824-D1488EE72EC2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1609830323-765120689-1541722825-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1609830323-765120689-1541722825-1001 -> {C959D6CA-DD06-4623-BC24-B1A330093942} URL = 
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-26] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-26] ()
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.1.0.18 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [No File]
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.2.5.1 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [No File]
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.4.0.22 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-03] (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
FF Extension: 1-Click YouTube Video Downloader - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-05-30]
FF Extension: NoScript - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-02-12]
FF Extension: Video DownloadHelper - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-01]
FF Extension: Adblock Plus - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-02] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [249120 2016-01-05] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-03] (Dropbox, Inc.)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2013-08-22] (HP) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [120392 2015-11-17] (Toshiba Europe GmbH)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-29] (Ulead Systems, Inc.) [File not signed]
R2 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-02] (Avira Operations GmbH & Co. KG)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2014-03-17] (Focusrite Audio Engineering Limited.)
S3 MUSONIK_PHASE_X64_USB; C:\Windows\System32\Drivers\msnkphsu.sys [460352 2009-11-13] (Ploytec GmbH)
S3 MUSONIK_PHASE_X64_WDM; C:\Windows\system32\drivers\msnkphsa.sys [49216 2009-11-13] (Ploytec GmbH)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1816968 2010-04-16] (Syntek)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.)
R3 VBoxNetFlt; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.)
R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
R3 vmlitestor; C:\Windows\system32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-01-31] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [275712 2015-01-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-17 23:16 - 2016-02-17 23:16 - 00021778 _____ C:\Users\win_8\Downloads\FRST.txt
2016-02-17 23:14 - 2016-02-17 23:14 - 02371072 _____ (Farbar) C:\Users\win_8\Downloads\FRST64.exe
2016-02-12 17:59 - 2016-02-15 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-07 15:20 - 2016-02-07 15:20 - 00011264 _____ C:\Users\win_8\Downloads\export.xls
2016-02-06 23:47 - 2016-02-06 23:47 - 09460656 _____ C:\Users\win_8\Downloads\Bakgrundermp3.zip
2016-02-03 20:09 - 2016-02-03 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-03 18:25 - 2016-02-03 18:25 - 00000000 ____D C:\Users\win_8\AppData\Roaming\Dropbox
2016-02-03 18:23 - 2016-02-17 22:28 - 00001222 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-02-03 18:23 - 2016-02-17 18:28 - 00001218 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-02-03 18:23 - 2016-02-03 20:09 - 00000000 ____D C:\Users\win_8\AppData\Local\Dropbox
2016-02-03 18:23 - 2016-02-03 20:09 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-02-03 18:23 - 2016-02-03 18:23 - 00690072 _____ (Dropbox, Inc.) C:\Users\win_8\Downloads\DropboxInstaller.exe
2016-02-03 18:23 - 2016-02-03 18:23 - 00004194 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-02-03 18:23 - 2016-02-03 18:23 - 00003958 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-02-03 18:23 - 2016-02-03 18:23 - 00000000 ____D C:\ProgramData\Dropbox
2016-02-03 18:14 - 2016-01-12 23:45 - 2648580096 _____ C:\Users\win_8\Desktop\000.ts
2016-02-01 20:03 - 2016-02-01 20:05 - 00083884 _____ C:\Users\win_8\Downloads\Uppgift 2 MV702(1).pdf
2016-01-30 18:35 - 2016-01-30 18:35 - 00083884 _____ C:\Users\win_8\Downloads\Uppgift 2 MV702.pdf
2016-01-29 15:49 - 2016-01-29 15:50 - 00151517 _____ C:\Users\win_8\Downloads\Kursplan_CourseSyllabus_1MU702(2).pdf
2016-01-29 15:48 - 2016-01-29 15:49 - 00076483 _____ C:\Users\win_8\Downloads\Studiehandledning 1MV702 vt 16.pdf
2016-01-29 15:41 - 2016-01-29 15:41 - 00086757 _____ C:\Users\win_8\Downloads\Uppgift 1. 1MV702. Vt 16.pdf
2016-01-20 22:16 - 2016-01-20 22:17 - 00004246 _____ C:\Users\win_8\Downloads\newocr.com-20160120211646.txt
2016-01-20 22:14 - 2016-01-20 22:14 - 00354251 _____ C:\Users\win_8\Downloads\2307_001.pdf
2016-01-20 20:44 - 2016-01-20 20:44 - 00000000 ____D C:\Users\win_8\Desktop\norrala_astro
2016-01-19 20:31 - 2016-01-19 20:31 - 35880416 _____ C:\Users\win_8\Downloads\BankID_installation_7_1_0.exe
2016-01-19 20:25 - 2016-01-19 20:25 - 00001868 _____ C:\Users\Public\Desktop\BankID säkerhetsprogram.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-17 23:16 - 2015-03-09 19:40 - 00000000 ____D C:\FRST
2016-02-17 22:52 - 2012-07-26 08:59 - 00000000 ____D C:\windows\CbsTemp
2016-02-15 21:10 - 2013-07-15 09:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-15 21:07 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-15 21:00 - 2013-08-12 17:52 - 00000000 ____D C:\Users\win_8\AppData\Local\ElevatedDiagnostics
2016-02-14 13:13 - 2013-09-10 17:06 - 00000000 ____D C:\audio
2016-02-14 11:34 - 2012-08-02 01:02 - 00712522 _____ C:\windows\system32\perfh01D.dat
2016-02-14 11:34 - 2012-08-02 01:02 - 00148908 _____ C:\windows\system32\perfc01D.dat
2016-02-14 11:34 - 2012-08-02 00:55 - 00440762 _____ C:\windows\system32\perfh014.dat
2016-02-14 11:34 - 2012-08-02 00:55 - 00076914 _____ C:\windows\system32\perfc014.dat
2016-02-14 11:34 - 2012-08-02 00:48 - 00426314 _____ C:\windows\system32\perfh00B.dat
2016-02-14 11:34 - 2012-08-02 00:48 - 00081450 _____ C:\windows\system32\perfc00B.dat
2016-02-14 11:34 - 2012-08-02 00:41 - 00455676 _____ C:\windows\system32\perfh006.dat
2016-02-14 11:34 - 2012-08-02 00:41 - 00079422 _____ C:\windows\system32\perfc006.dat
2016-02-14 11:34 - 2012-07-26 08:28 - 03259898 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-14 11:34 - 2012-07-26 06:37 - 00000000 ____D C:\windows\Inf
2016-02-13 04:31 - 2013-07-01 08:32 - 00000000 ___RD C:\download
2016-02-12 18:37 - 2015-02-14 09:54 - 00000000 ____D C:\Users\win_8\.mediathek3
2016-02-11 20:19 - 2013-06-26 18:28 - 00000000 ____D C:\Users\win_8\AppData\Roaming\vlc
2016-02-10 11:13 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent
2016-02-10 11:12 - 2012-07-26 09:12 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-07 22:31 - 2015-04-30 18:40 - 00062464 _____ C:\Users\win_8\Documents\ulrike_buchfuerung.xls
2016-02-07 20:12 - 2015-03-20 23:00 - 00000000 ____D C:\Users\win_8\REW
2016-02-07 20:12 - 2015-03-20 22:58 - 00000000 ___HD C:\jexepackres
2016-02-07 20:10 - 2014-07-20 11:57 - 00000000 ____D C:\svtplay_download
2016-02-05 00:30 - 2015-09-05 02:12 - 00001149 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-02-05 00:30 - 2015-07-02 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-02-05 00:30 - 2015-02-05 18:04 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-31 00:30 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI
2016-01-23 01:04 - 2014-05-26 21:36 - 00000000 ____D C:\Users\win_8\Desktop\platzt
2016-01-19 20:26 - 2014-11-02 19:26 - 00000000 ____D C:\Program Files (x86)\BankID
2016-01-19 20:25 - 2014-11-02 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BankID säkerhetsprogram

==================== Files in the root of some directories =======

2013-06-26 18:27 - 2013-06-26 18:27 - 0000027 _____ () C:\Program Files\plugins.dat

Some files in TEMP:
====================
C:\Users\win_8\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-13 03:20

==================== End of FRST.txt ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by win_8 (2016-02-17 23:17:11)
Running from C:\Users\win_8\Downloads
Windows 8 (X64) (2013-06-24 16:23:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administratör (S-1-5-21-1609830323-765120689-1541722825-500 - Administrator - Disabled)
Gäst (S-1-5-21-1609830323-765120689-1541722825-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1609830323-765120689-1541722825-1003 - Limited - Enabled)
win_8 (S-1-5-21-1609830323-765120689-1541722825-1001 - Administrator - Enabled) => C:\Users\win_8

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{ccdc9cfe-8ba7-4c6c-ac5f-b2d6cfa49efc}) (Version: 1.1.54.24924 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.54.24924 - Avira Operations GmbH & Co. KG) Hidden
BankID säkerhetsprogram (HKLM-x32\...\{1BDBF557-BA87-438F-9B28-AE4D836E35BA}) (Version: 7.1.0.20 - Finansiell ID-Teknik BID AB)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.0.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Compatibility Pack för Office 2007-systemet (HKLM-x32\...\{90120000-0020-041D-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.6 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
DVBT Driver (x32 Version: 1.1.3.1 - ) Hidden
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Color LaserJet Pro MFP M476 (HKLM-x32\...\{4b849805-3b07-4b35-874a-705c0d103672}) (Version: 10.0.13302.320 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPCLJProMFPM476 (HKLM-x32\...\{C44C593D-3009-4D03-910E-243050C5E193}) (Version: 0.05.0000 - Hewlett-Packard)
HPDXP (x32 Version: 3.0.26.15 - HP) Hidden
HPLJDXPHelper (x32 Version: 060.048.005 - HP) Hidden
HPLJUTCore (x32 Version: 008.000.0001 - HP) Hidden
HPLJUTM476 (x32 Version: 010.000.0001 - HP) Hidden
hppLaserJetService (x32 Version: 009.033.00906 - Hewlett-Packard) Hidden
hppM476LaserJetService (x32 Version: 001.034.00634 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 100.040.00198 - Hewlett Packard) Hidden
hpStatusAlertsM476 (x32 Version: 100.046.00121 - Hewlett-Packard) Hidden
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41663) (Version: 3.8.0.41663.61 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
LJDXPHelperUI (x32 Version: 060.048.005 - HP) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office 2000 Premium (HKLM-x32\...\{0000041D-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)
Microsoft RichCopy 4.0 (HKLM-x32\...\{86F4F32B-77C7-4951-B33C-05D41A8190C1}) (Version: 4.0.211 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
NetBeans IDE 7.4 (HKLM\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
PHASE X64 USB (HKLM\...\USB_AUDIO_DEusb-audio.dePhaseX64USB) (Version:  - )
Pirateplayer (HKLM-x32\...\Pirateplayer) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.6000 - DTS, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Room EQ Wizard V5 (HKLM-x32\...\RoomEQWizardV5) (Version:  - John Mulcahy)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6410 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.973 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{E4C7D9D7-19D4-4623-AF0C-EA313C466411}) (Version: 5.0.0 - Toshiba Europe GmbH)
Ulead VideoStudio SE DVD (HKLM-x32\...\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}) (Version: 10.0 - Ulead Systems)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
USB2.0 Grabber (HKLM-x32\...\{45518B6D-9DDF-4144-83E4-A56762524F35}) (Version: 7.12.000.002 - Youyan)
USB2.0 Grabber (HKLM-x32\...\USB2.0 Grabber) (Version:  - )
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Analyser 2011 (HKLM-x32\...\{BE2F9F39-9512-4DFD-A412-0355A2FE66D3}) (Version: 14.0.0.19 - Alfredo Accattatis)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VMLite Workstation (HKLM\...\{197F2BEF-2705-406E-8CEB-8E404FFFE414}) (Version: 3.2.6 - VMLite)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows-drivrutinspaket - Focusrite USB 2.0 Audio Driver (03/17/2014 2.5.128.1) (HKLM\...\D86E353566ECB4A7ADA159C02FE46D0BACC4FA6B) (Version: 03/17/2014 2.5.128.1 - Focusrite)
Windows-drivrutinspaket - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00D33521-7874-4CD6-8BB2-863C2C00EA3B} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe
Task: {0142B33C-E60B-4208-BE1B-BBE7F82EA304} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2013-04-16] (Hewlett Packard)
Task: {09928DDE-9D84-4891-93C7-0676062C66CC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {13F34040-20F2-4AA3-B808-7F7EED36A5F4} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2015-11-17] (Toshiba Europe GmbH)
Task: {3A549A00-7E23-47A4-907E-E9A5CEA74912} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-03] (Dropbox, Inc.)
Task: {6EAB019B-FFF9-4F3B-9061-53FC2DC5D1C4} - System32\Tasks\{128FE2DB-52E4-4D16-BA42-5F04D72A0C62} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsProgressBar
Task: {74118A71-CC1D-4C3B-888A-52D20702266F} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {7E2AB53E-B992-4373-8C7E-4662A968BEE1} - System32\Tasks\{E064D739-1F93-4F82-983F-2AF2EA6353CE} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsBing
Task: {BB829643-4E94-4DC8-B9CC-EB19809E272D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-03] (Dropbox, Inc.)
Task: {EB5ED57C-B450-4E90-B0C5-A5FDC3306643} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {EF1EAFEE-95F9-4987-ABA9-2460BF88F59B} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {F59F3CDE-905A-4317-8C70-BAC604AAF49C} - System32\Tasks\{7BE2C727-B857-4282-A9DE-8763EC92488D} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsProgressBar

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-10-13 13:38 - 2011-10-13 13:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2010-08-11 13:18 - 2010-08-11 13:18 - 00202344 _____ () C:\Program Files\VMLite\VMLite Workstation\VBoxDDU.dll
2010-08-11 13:18 - 2010-08-11 13:18 - 02725480 _____ () C:\Program Files\VMLite\VMLite Workstation\VBoxRT.dll
2009-03-26 21:03 - 2009-03-26 21:03 - 01289728 _____ () C:\Program Files\VMLite\VMLite Workstation\LIBEAY32.dll
2012-10-26 00:24 - 2012-10-24 06:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-25 21:44 - 2012-07-25 21:35 - 00129024 _____ () C:\windows\system32\WinMetadata\Windows.UI.winmd
2012-07-25 21:44 - 2012-07-25 21:35 - 00036864 _____ () C:\windows\system32\WinMetadata\Windows.Data.winmd
2012-07-25 21:44 - 2012-07-25 21:35 - 00022016 _____ () C:\windows\system32\WinMetadata\Windows.Foundation.winmd
2016-02-03 20:08 - 2015-12-21 20:42 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-02-03 20:08 - 2015-12-21 20:42 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-02-03 20:08 - 2015-12-22 01:22 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 01734984 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-02-03 20:08 - 2015-12-21 20:42 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-02-03 20:08 - 2015-12-22 01:22 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-02-03 20:08 - 2015-12-21 20:42 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-02-03 20:08 - 2015-12-22 01:22 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2013-05-03 22:20 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(R) center"
HKLM\...\StartupApproved\Run32: => "TCrdMain"
HKLM\...\StartupApproved\Run32: => "TODDMain"
HKLM\...\StartupApproved\Run32: => "TosWaitSrv"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{07E6D6A7-E7EF-4A4F-91A2-25057ED1E21F}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{7592F679-6BF6-4429-AE9D-FD49B0DAF795}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BBA0E0ED-E678-440F-875A-C9D4F54BF3E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{19A13C35-388E-4E86-9420-02D685842016}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{994898F5-8155-49AE-9555-B065D0B42A44}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CDC05EA5-8141-47CF-ADD5-A769C40A9DF5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{3684E08F-B4A3-44B7-9226-D72307472873}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M476\bin\SendAFax.exe
FirewallRules: [{F46CC2C9-0066-48EC-90C1-64AD85EE8141}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M476\bin\FaxPrinterUtility.exe
FirewallRules: [{022DC4B5-DC90-43F1-A200-76DD32B994F4}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M476\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{80FA8050-5DF8-4D12-8D7A-C14B43CB0171}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{7679322D-DD23-4374-9F98-D70FFC59AABE}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\bin\DigitalWizards.exe
FirewallRules: [{153558CE-EC42-4B7D-BC23-45BFE5425F7A}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\bin\FaxApplications.exe
FirewallRules: [{F42992A9-7B31-4780-8AB8-9B92E21702E3}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\bin\EWSProxy.exe
FirewallRules: [{6EE64FE9-1B06-4975-8817-B815CDEB30F6}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\4b849805-3b07-4b35-874a-705c0d103672\Installer\hpbcsiInstaller.exe
FirewallRules: [{D781D8C9-48F6-4CFC-ABA1-2E3026C388E7}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\4b849805-3b07-4b35-874a-705c0d103672\Installer\hpbcsiInstaller.exe
FirewallRules: [{5F3E864D-1096-4281-8EF3-82A5E024534F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{97E72214-DBB9-4C55-86A8-A90C9F3E2532}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F9115E09-425D-4CEE-A831-73B0D2FD5865}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

06-02-2016 04:54:38 Schemalagd kontrollpunkt
09-02-2016 08:52:38 Windows Update
12-02-2016 16:53:26 Windows Update
15-02-2016 17:33:14 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2016 09:23:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: TCrdMain_Win8.exe, version 2.0.7.64, tidsstämpel 0x5091827a
, felet uppstod i modulen med namn: SynCOM.dll_unloaded, version 0.0.0.0, tidsstämpel 0x50b86421
Undantagskod: 0xc0000005
Felförskjutning: 0x000000001001f368
Process-ID: 0xde0
Programmets starttid: 0xTCrdMain_Win8.exe0
Sökväg till program: TCrdMain_Win8.exe1
Sökväg till modul: TCrdMain_Win8.exe2
Rapport-ID: TCrdMain_Win8.exe3
Fullständigt namn på felaktigt paket: TCrdMain_Win8.exe4
Program-ID relativt till felaktigt paket: TCrdMain_Win8.exe5

Error: (02/06/2016 04:43:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: plugin-container.exe, version 43.0.4.5848, tidsstämpel 0x568c88bd
, felet uppstod i modulen med namn: mozglue.dll, version 43.0.4.5848, tidsstämpel 0x568c7b16
Undantagskod: 0x80000003
Felförskjutning: 0x0000ed44
Process-ID: 0x8f0
Programmets starttid: 0xplugin-container.exe0
Sökväg till program: plugin-container.exe1
Sökväg till modul: plugin-container.exe2
Rapport-ID: plugin-container.exe3
Fullständigt namn på felaktigt paket: plugin-container.exe4
Program-ID relativt till felaktigt paket: plugin-container.exe5

Error: (01/26/2016 05:52:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: TCrdMain_Win8.exe, version 2.0.7.64, tidsstämpel 0x5091827a
, felet uppstod i modulen med namn: SynCOM.dll_unloaded, version 0.0.0.0, tidsstämpel 0x50b86421
Undantagskod: 0xc0000005
Felförskjutning: 0x000000001001f368
Process-ID: 0xef8
Programmets starttid: 0xTCrdMain_Win8.exe0
Sökväg till program: TCrdMain_Win8.exe1
Sökväg till modul: TCrdMain_Win8.exe2
Rapport-ID: TCrdMain_Win8.exe3
Fullständigt namn på felaktigt paket: TCrdMain_Win8.exe4
Program-ID relativt till felaktigt paket: TCrdMain_Win8.exe5

Error: (01/20/2016 10:31:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Det gick inte att skapa aktiveringskontext för C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest1. Det finns ett fel i manifest- eller principfilen C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest2 på rad C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest3.
En komponentversion som krävs av programmet står i konflikt med en annan komponentversion som redan är aktiv.
Följande komponenter orsakar konflikten:
Komponent 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest.
Komponent 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_8935f06086091acc.manifest.

Error: (01/20/2016 10:10:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: TCrdMain_Win8.exe, version 2.0.7.64, tidsstämpel 0x5091827a
, felet uppstod i modulen med namn: SynCOM.dll_unloaded, version 0.0.0.0, tidsstämpel 0x50b86421
Undantagskod: 0xc0000005
Felförskjutning: 0x000000001001f368
Process-ID: 0xff4
Programmets starttid: 0xTCrdMain_Win8.exe0
Sökväg till program: TCrdMain_Win8.exe1
Sökväg till modul: TCrdMain_Win8.exe2
Rapport-ID: TCrdMain_Win8.exe3
Fullständigt namn på felaktigt paket: TCrdMain_Win8.exe4
Program-ID relativt till felaktigt paket: TCrdMain_Win8.exe5

Error: (01/15/2016 05:11:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: TCrdMain_Win8.exe, version 2.0.7.64, tidsstämpel 0x5091827a
, felet uppstod i modulen med namn: SynCOM.dll_unloaded, version 0.0.0.0, tidsstämpel 0x50b86421
Undantagskod: 0xc0000005
Felförskjutning: 0x000000001001f368
Process-ID: 0xa0c
Programmets starttid: 0xTCrdMain_Win8.exe0
Sökväg till program: TCrdMain_Win8.exe1
Sökväg till modul: TCrdMain_Win8.exe2
Rapport-ID: TCrdMain_Win8.exe3
Fullständigt namn på felaktigt paket: TCrdMain_Win8.exe4
Program-ID relativt till felaktigt paket: TCrdMain_Win8.exe5

Error: (01/13/2016 05:56:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: DiagTrackRunner.exe, version 10.0.10041.0, tidsstämpel 0x5503b990
, felet uppstod i modulen med namn: diagtrack.dll, version 10.0.10033.0, tidsstämpel 0x54f65c93
Undantagskod: 0xc0000005
Felförskjutning: 0x0000000000031388
Process-ID: 0x13214
Programmets starttid: 0xDiagTrackRunner.exe0
Sökväg till program: DiagTrackRunner.exe1
Sökväg till modul: DiagTrackRunner.exe2
Rapport-ID: DiagTrackRunner.exe3
Fullständigt namn på felaktigt paket: DiagTrackRunner.exe4
Program-ID relativt till felaktigt paket: DiagTrackRunner.exe5

Error: (01/11/2016 08:23:10 PM) (Source: VSS) (EventID: 12344) (User: )
Description: Volume Shadow Copy-fel: Felet 0x00000000c000014d påträffades medan Registry Writer förberedde registret för en
skuggkopia.  Kontrollera i loggböckerna Program och System om det finns några relaterade fel.


Åtgärd:
   Händelsen OnFreeze
   Händelsen Freeze

Kontext:
   Körningskontext: Registry Writer
   Körningskontext: Writer
   Skrivarklass-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Skrivarnamn: Registry Writer
   Skrivarinstans-ID: {ce0fee1f-131f-4924-a9db-60ed88a92cc4}

Error: (01/02/2016 03:34:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: plugin-container.exe, version 43.0.1.5828, tidsstämpel 0x56723a12
, felet uppstod i modulen med namn: mozglue.dll, version 43.0.1.5828, tidsstämpel 0x56722c0b
Undantagskod: 0x80000003
Felförskjutning: 0x0000ed63
Process-ID: 0x12a4
Programmets starttid: 0xplugin-container.exe0
Sökväg till program: plugin-container.exe1
Sökväg till modul: plugin-container.exe2
Rapport-ID: plugin-container.exe3
Fullständigt namn på felaktigt paket: plugin-container.exe4
Program-ID relativt till felaktigt paket: plugin-container.exe5

Error: (01/02/2016 03:22:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: spoolsv.exe, version 6.2.9200.16384, tidsstämpel 0x501080ef
, felet uppstod i modulen med namn: unknown, version 0.0.0.0, tidsstämpel 0x00000000
Undantagskod: 0xc0000005
Felförskjutning: 0x00000000013f6420
Process-ID: 0x5f4
Programmets starttid: 0xspoolsv.exe0
Sökväg till program: spoolsv.exe1
Sökväg till modul: spoolsv.exe2
Rapport-ID: spoolsv.exe3
Fullständigt namn på felaktigt paket: spoolsv.exe4
Program-ID relativt till felaktigt paket: spoolsv.exe5


System errors:
=============
Error: (02/16/2016 04:59:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten Dnscache.

Error: (02/16/2016 04:59:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten Dnscache.

Error: (02/16/2016 04:58:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten LanmanWorkstation.

Error: (02/16/2016 04:58:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten NlaSvc.

Error: (02/15/2016 09:07:05 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Den senaste avstängningen av datorn vid 21:06:11 den ‎15.‎02.‎2016 skedde oväntat.

Error: (02/14/2016 03:33:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten NlaSvc.

Error: (02/11/2016 05:19:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten NlaSvc.

Error: (02/10/2016 07:43:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Den senaste avstängningen av datorn vid 11:07:19 den ‎10.‎02.‎2016 skedde oväntat.

Error: (02/04/2016 07:59:58 PM) (Source: DCOM) (EventID: 10010) (User: NT instans)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/04/2016 07:59:51 PM) (Source: DCOM) (EventID: 10010) (User: NT instans)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU 1000M @ 1.80GHz
Percentage of memory in use: 55%
Total physical RAM: 3979.21 MB
Available physical RAM: 1784.87 MB
Total Virtual: 6667.21 MB
Available Virtual: 3883.65 MB

==================== Drives ================================

Drive c: (TI31061100A) (Fixed) (Total:286.29 GB) (Free:43.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
         

 

Themen zu spam wird geschickt, entweder von mir oder vom smart phone oder router, jjstejjer(a)hotmail.com
adware, antivir, antivirus, avira, browser, computer, cpu, cubase, desktop, device driver, dnsapi.dll, downloader, email-client, excel, firefox, flash player, installation, mozilla, proxy, realtek, registry, router, scan, security, smartphone, software, spam, svchost.exe, system, udp, windows




Ähnliche Themen: spam wird geschickt, entweder von mir oder vom smart phone oder router, jjstejjer(a)hotmail.com


  1. Virus oder Impfstoff? WiFatch befällt Router und schützt vor Malware
    Nachrichten - 03.10.2015 (0)
  2. Plus500 Smart Installer - Malware oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 27.07.2015 (2)
  3. viren befall ?? oder malware oder unerwuenschte software ?? oder ....
    Plagegeister aller Art und deren Bekämpfung - 20.05.2015 (6)
  4. Windows 7: C:\PROGRA~2\SEARCH~1\bin\VC32LO~.DLL ist entweder nicht für die Ausführung unter Windows vorgesehn oder enthält einen Fehler...
    Log-Analyse und Auswertung - 03.04.2015 (11)
  5. Spam-Trojaner oder Mailkontenmissbrauch oder keins von beiden?
    Plagegeister aller Art und deren Bekämpfung - 16.05.2014 (18)
  6. Wird von meinem PC SPAM versendet oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 30.04.2014 (9)
  7. c:\progra~3\browse~1\261339~1.144\{c16c1~1\brose~1.dll ist entweder nicht für die Ausführung unter Windows vorgesehen oder..
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (23)
  8. windows vista: entweder kein Startbildschirm oder GVU Zahlungsaufforderung
    Log-Analyse und Auswertung - 29.06.2013 (18)
  9. c:\progra~3\browse~1\261339~1.144\{c16c1~1\brose~1.dll ist entweder nicht für die Ausführung unter Windows vorgesehen oder enthält Fehler
    Plagegeister aller Art und deren Bekämpfung - 28.06.2013 (11)
  10. C:\Windows\system32\d3dx9_37.dll ist entweder nicht für die Ausführung unter Windows vorgesehen oder enthält einen Fehler.
    Alles rund um Windows - 23.03.2013 (3)
  11. Überreste von SMART HDD oder ähnlichem
    Plagegeister aller Art und deren Bekämpfung - 19.10.2012 (34)
  12. Unbekannte Vireninfektion (möglicherweise Smart Fortress 2012) - Gelöst oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 30.05.2012 (3)
  13. Kein Internetzugang oder Zugriff auf Router mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 12.12.2011 (22)
  14. Mozilla Firefox stürzt andauernd ab entweder beim starten oder nach einer Stunde
    Alles rund um Windows - 28.03.2010 (8)
  15. Entweder hat eScan ein Problem oder ich....
    Log-Analyse und Auswertung - 20.06.2007 (10)
  16. Netzwerk Unter Vista Oder Router Anleitung
    Diskussionsforum - 12.02.2007 (1)
  17. Router + svc2kxp.cmd mit oder ohne XP-Firewall?
    Antiviren-, Firewall- und andere Schutzprogramme - 06.12.2006 (2)

Zum Thema spam wird geschickt, entweder von mir oder vom smart phone oder router, jjstejjer(a)hotmail.com - Hallo, ein Provider schaltet ab und zu den Anschluss ab, da Spam ausgeht, mit der im Betreff genannten email-adresse. Da nur ein Computer, ein Smartphone oder der Router (TP Link) - spam wird geschickt, entweder von mir oder vom smart phone oder router, jjstejjer(a)hotmail.com...
Archiv
Du betrachtest: spam wird geschickt, entweder von mir oder vom smart phone oder router, jjstejjer(a)hotmail.com auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.