Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Sponsorship-Fenster öffnen sich + PC sehr langsam (https://www.trojaner-board.de/141611-windows-7-sponsorship-fenster-oeffnen-pc-sehr-langsam.html)

Necky 15.09.2013 19:05
Windows 7: Sponsorship-Fenster öffnen sich + PC sehr langsam
 
Hallo,
ich bin neu hier und habe mich mit der Hoffnung angemeldet, dass Ihr mir helfen könnt.

Seit einigen Tagen ist mein PC sehr langsam. Immer wieder öffnen sich Browserfenster mit der Überschrift "Sponsorship" sowie Tabs, die anzeigen es wäre Spyware gefunden worden.

Mein Virenprogramm konnte allerdings nichts finden.

Wie werde ich das wieder los?

Schonmal Danke für jede Hilfe

Liebe Grüße

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-09-2013 05
Ran by Lisa (administrator) on ***** on 15-09-2013 19:08:40
Running from C:\Users\Lisa\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Woodtale Technology Inc) C:\Program Files (x86)\iSafe\iSafeSvc.exe
(Woodtale Technology Inc) C:\Program Files (x86)\iSafe\iSafeSvc2.exe
(Wsys Co., Ltd.) C:\ProgramData\eSafe\eGdpSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Woodtale Technology Inc) C:\Program Files (x86)\iSafe\iSafeTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
(Nero AG) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\ipmGui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-02-11] (Toshiba Europe GmbH)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-02-12] (Toshiba Europe GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
MountPoints2: {aa296e26-59fb-11e0-8e20-00266c624c75} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] - c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [starter4g] - C:\Windows\starter4g.exe [160992 2010-07-08] (4G Systems GmbH & Co. KG)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-07] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-06] (Avira Operations GmbH & Co. KG)
HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=401400266C624C75&affID=120524&tt=070813_wt3&tsp=4971
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope {9C2FD129-DF9C-4BD7-87C2-84C073477BA2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {DA841E46-0FB5-4258-9B14-9A53BAB652BC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=401400266C624C75&affID=120524&tt=070813_wt3&tsp=4971
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=401400266C624C75&affID=120524&tt=070813_wt3&tsp=4971
SearchScopes: HKCU - {2601D761-548E-4BBF-94F6-490AD272131B} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {47879C46-5CF4-4BDE-9C35-B594AFA238A4} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {7CAF86C0-79CD-4A13-8FAC-1B832C2E1CD1} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {7E68A907-5F91-41C4-B118-75F46581F8A7} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=B023FA32-AD3C-42FB-B625-C9BD9F156B21&apn_sauid=D1085754-2E55-4171-9D6B-C5F6EF1A910F
SearchScopes: HKCU - {9C2FD129-DF9C-4BD7-87C2-84C073477BA2} URL =
SearchScopes: HKCU - {A01B9552-44DF-44E7-9EC6-B2EA0B16ECB9} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {A18AAFD1-1843-43CF-9CA2-F9FE87A11C56} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {AF185623-6FC2-463D-9757-729F59706009} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {DA841E46-0FB5-4258-9B14-9A53BAB652BC} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: WEB.DE Toolbar BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: WEB.DE Toolbar BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - WEB.DE Toolbar - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - WEB.DE Toolbar - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU -  No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - WEB.DE Toolbar - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1

FireFox:
========
FF ProfilePath: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\sfiva5dq.default
FF user.js: detected! => C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\sfiva5dq.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @ei.Allin1Convert_8h.com/Plugin - C:\Program Files (x86)\Allin1Convert_8hEI\Installr\1.bin\NP8hEISB.dll (Allin1Convert)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\sfiva5dq.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\sfiva5dq.default\searchplugins\BrowserDefender.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Lyrics-Monkey - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\sfiva5dq.default\Extensions\126
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-06] (Avira Operations GmbH & Co. KG)
R2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [341320 2013-09-12] (Woodtale Technology Inc)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe [7599616 2009-08-18] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
R2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [301120 2013-08-16] (Wsys Co., Ltd.)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329168 2010-04-12] ()
R2 XS Stick Service; C:\Windows\service4g.exe [145120 2010-07-08] (4G Systems GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [1127032 2011-04-15] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [1127032 2011-04-15] (Symantec Corporation)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2012-07-12] (Mobile Connector)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2011-04-02] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2011-04-02] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2011-04-02] (Symantec Corporation)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [658432 2009-07-06] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [19456 2009-07-06] (Hauppauge Computer Works, Inc.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110428.002\IDSvia64.sys [476792 2011-03-14] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110428.002\IDSvia64.sys [476792 2011-03-14] (Symantec Corporation)
R3 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [188784 2013-09-12] (Woodtale Technology Inc)
R1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [44400 2013-09-12] (NetFilterSDK.com)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110428.034\ENG64.SYS [117880 2011-04-02] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110428.034\ENG64.SYS [117880 2011-04-02] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110428.034\EX64.SYS [1828984 2011-04-02] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110428.034\EX64.SYS [1828984 2011-04-02] (Symantec Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
S2 SSPORT; C:\Windows\SysWow64\Drivers\SSPORT.sys [11576 2009-09-10] (Samsung Electronics)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2010-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
S2 SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-15 19:07 - 2013-09-15 19:07 - 01951146 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64.exe
2013-09-15 19:07 - 2013-09-15 19:07 - 00000000 ____D C:\FRST
2013-09-15 19:06 - 2013-09-15 19:06 - 01084055 _____ (Farbar) C:\Users\Lisa\Downloads\FRST.exe
2013-09-15 19:05 - 2013-09-15 19:06 - 00000470 _____ C:\Users\Lisa\Downloads\defogger_disable.log
2013-09-15 19:05 - 2013-09-15 19:05 - 00000000 _____ C:\Users\Lisa\defogger_reenable
2013-09-15 19:02 - 2013-09-15 19:02 - 00050477 _____ C:\Users\Lisa\Downloads\Defogger.exe
2013-09-15 18:15 - 2013-09-15 18:15 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\eCyber
2013-09-15 15:07 - 2013-09-15 15:07 - 00000000 _____ C:\autoexec.bat
2013-09-15 15:02 - 2013-09-15 15:02 - 00001751 _____ C:\Users\Public\Desktop\iSafe.lnk
2013-09-15 15:00 - 2013-09-15 18:22 - 00000000 ____D C:\Program Files (x86)\iSafe
2013-09-15 15:00 - 2013-09-15 18:21 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\iSafe
2013-09-15 14:58 - 2013-09-15 14:58 - 00633672 _____ (Woodtale Technology Inc) C:\Users\Lisa\Downloads\iSafedl.exe
2013-09-15 14:50 - 2013-09-15 15:06 - 00000000 ____D C:\sh4ldr
2013-09-15 14:50 - 2013-09-15 14:50 - 00002263 _____ C:\Users\Lisa\Desktop\SpyHunter.lnk
2013-09-15 14:50 - 2013-09-15 14:50 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-09-15 14:50 - 2013-09-15 14:50 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-15 14:48 - 2013-09-15 14:51 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-15 14:44 - 2013-09-15 14:44 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Lisa\Downloads\SpyHunter-Installer.exe
2013-09-09 11:52 - 2013-09-09 11:52 - 96601965 _____ C:\Windows\SysWOW64\嘛샙᱄n
2013-09-08 14:05 - 2013-09-08 14:05 - 96559285 _____ C:\Windows\SysWOW64\䟑濲᱄W
2013-09-07 23:14 - 2013-09-07 23:16 - 00006468 _____ C:\Users\Lisa\Desktop\Neues Journal-Dokument.jnt
2013-09-06 13:57 - 2013-09-06 13:57 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Avira
2013-09-06 13:52 - 2013-09-06 13:51 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-06 13:39 - 2013-09-06 13:39 - 00000000 ____D C:\ProgramData\APN
2013-09-06 13:38 - 2013-09-06 13:38 - 00002037 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-06 13:37 - 2013-09-06 13:51 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-06 13:37 - 2013-09-06 13:51 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-06 13:37 - 2013-09-06 13:38 - 00000000 ____D C:\ProgramData\Avira
2013-09-06 13:37 - 2013-09-06 13:37 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-06 13:37 - 2013-03-06 16:13 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-06 13:14 - 2013-09-06 13:35 - 110344048 _____ C:\Users\Lisa\Downloads\nw_28498_avirafreeantivirusde.exe
2013-08-24 23:09 - 2013-08-24 23:11 - 03352020 _____ C:\Users\Lisa\Downloads\ProTeXt-3.1.3-060313.exe.part
2013-08-24 23:05 - 2013-08-24 23:05 - 00000000 ____D C:\Program Files (x86)\Allin1Convert_8hEI
2013-08-19 09:38 - 2013-08-19 09:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 10:54 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-16 10:54 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 10:54 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-16 10:54 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 10:54 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 10:54 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 10:54 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-16 10:54 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-16 10:54 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-16 10:54 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 10:54 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-16 10:54 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-16 10:54 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-16 10:54 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-16 10:54 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-16 10:54 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-16 10:54 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-16 10:54 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-16 10:54 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-16 10:54 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-16 10:53 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 10:53 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 10:53 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 10:53 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 10:53 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 10:53 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-16 10:53 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-16 10:53 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-16 10:53 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-16 10:53 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-16 10:53 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

==================== One Month Modified Files and Folders =======

2013-09-15 19:07 - 2013-09-15 19:07 - 01951146 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64.exe
2013-09-15 19:07 - 2013-09-15 19:07 - 00000000 ____D C:\FRST
2013-09-15 19:06 - 2013-09-15 19:06 - 01084055 _____ (Farbar) C:\Users\Lisa\Downloads\FRST.exe
2013-09-15 19:06 - 2013-09-15 19:05 - 00000470 _____ C:\Users\Lisa\Downloads\defogger_disable.log
2013-09-15 19:06 - 2013-06-19 13:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-15 19:05 - 2013-09-15 19:05 - 00000000 _____ C:\Users\Lisa\defogger_reenable
2013-09-15 19:05 - 2011-03-29 15:03 - 00000000 ____D C:\Users\Lisa
2013-09-15 19:02 - 2013-09-15 19:02 - 00050477 _____ C:\Users\Lisa\Downloads\Defogger.exe
2013-09-15 18:53 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-15 18:53 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-15 18:49 - 2010-05-14 19:42 - 01155616 _____ C:\Windows\WindowsUpdate.log
2013-09-15 18:24 - 2013-08-11 12:36 - 00000000 ____D C:\ProgramData\eSafe
2013-09-15 18:22 - 2013-09-15 15:00 - 00000000 ____D C:\Program Files (x86)\iSafe
2013-09-15 18:22 - 2011-08-26 12:44 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Dropbox
2013-09-15 18:21 - 2013-09-15 15:00 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\iSafe
2013-09-15 18:21 - 2011-08-26 12:46 - 00000000 ___RD C:\Users\Lisa\Dropbox
2013-09-15 18:15 - 2013-09-15 18:15 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\eCyber
2013-09-15 18:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-15 18:14 - 2009-07-14 06:51 - 00116878 _____ C:\Windows\setupact.log
2013-09-15 15:07 - 2013-09-15 15:07 - 00000000 _____ C:\autoexec.bat
2013-09-15 15:06 - 2013-09-15 14:50 - 00000000 ____D C:\sh4ldr
2013-09-15 15:02 - 2013-09-15 15:02 - 00001751 _____ C:\Users\Public\Desktop\iSafe.lnk
2013-09-15 14:58 - 2013-09-15 14:58 - 00633672 _____ (Woodtale Technology Inc) C:\Users\Lisa\Downloads\iSafedl.exe
2013-09-15 14:51 - 2013-09-15 14:48 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-15 14:50 - 2013-09-15 14:50 - 00002263 _____ C:\Users\Lisa\Desktop\SpyHunter.lnk
2013-09-15 14:50 - 2013-09-15 14:50 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-09-15 14:50 - 2013-09-15 14:50 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-15 14:44 - 2013-09-15 14:44 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Lisa\Downloads\SpyHunter-Installer.exe
2013-09-15 14:24 - 2009-07-14 19:58 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-09-15 14:24 - 2009-07-14 19:58 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-09-15 14:24 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-15 14:23 - 2013-06-19 13:40 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-15 14:22 - 2012-08-22 11:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-15 14:22 - 2012-08-22 11:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-15 13:52 - 2013-08-11 15:32 - 00000108 _____ C:\Users\Lisa\AppData\Roaming\WB.CFG
2013-09-15 13:52 - 2013-08-11 15:32 - 00000005 _____ C:\Users\Lisa\AppData\Roaming\WBPU-TTL.DAT
2013-09-15 13:17 - 2011-04-02 13:24 - 00000000 ____D C:\Users\Lisa\AppData\Local\CrashDumps
2013-09-10 21:39 - 2013-08-11 20:08 - 00000099 _____ C:\Users\Public\LMDebug.log
2013-09-09 11:52 - 2013-09-09 11:52 - 96601965 _____ C:\Windows\SysWOW64\嘛샙᱄n
2013-09-08 14:06 - 2013-08-11 20:07 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2013-09-08 14:05 - 2013-09-08 14:05 - 96559285 _____ C:\Windows\SysWOW64\䟑濲᱄W
2013-09-07 23:16 - 2013-09-07 23:14 - 00006468 _____ C:\Users\Lisa\Desktop\Neues Journal-Dokument.jnt
2013-09-07 09:43 - 2010-05-14 19:38 - 00165380 _____ C:\Windows\PFRO.log
2013-09-07 02:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-06 13:57 - 2013-09-06 13:57 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Avira
2013-09-06 13:51 - 2013-09-06 13:52 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-06 13:51 - 2013-09-06 13:37 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-06 13:51 - 2013-09-06 13:37 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-06 13:39 - 2013-09-06 13:39 - 00000000 ____D C:\ProgramData\APN
2013-09-06 13:38 - 2013-09-06 13:38 - 00002037 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-06 13:38 - 2013-09-06 13:37 - 00000000 ____D C:\ProgramData\Avira
2013-09-06 13:37 - 2013-09-06 13:37 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-06 13:35 - 2013-09-06 13:14 - 110344048 _____ C:\Users\Lisa\Downloads\nw_28498_avirafreeantivirusde.exe
2013-09-06 13:19 - 2013-01-03 19:25 - 00000000 ____D C:\Users\Lisa\Documents\Uni Chemie
2013-09-06 13:06 - 2010-04-08 10:01 - 00000000 ____D C:\ProgramData\Skype
2013-08-26 19:29 - 2012-01-05 12:18 - 00000000 ____D C:\Users\Lisa\Desktop\Neuer Ordner5
2013-08-24 23:11 - 2013-08-24 23:09 - 03352020 _____ C:\Users\Lisa\Downloads\ProTeXt-3.1.3-060313.exe.part
2013-08-24 23:05 - 2013-08-24 23:05 - 00000000 ____D C:\Program Files (x86)\Allin1Convert_8hEI
2013-08-19 16:51 - 2013-05-22 19:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 09:39 - 2013-08-19 09:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-18 14:59 - 2013-08-10 14:48 - 00000000 ____D C:\Users\Lisa\Desktop\Broadstairs
2013-08-17 12:38 - 2010-04-08 09:25 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-08-17 12:37 - 2013-08-11 11:41 - 00000000 ____D C:\Program Files (x86)\webcamXP5
2013-08-17 12:36 - 2012-04-06 13:01 - 00000000 ____D C:\Program Files (x86)\Sony
2013-08-17 12:32 - 2013-08-11 12:32 - 00000282 _____ C:\Windows\Tasks\DSite.job
2013-08-17 12:30 - 2011-03-29 16:26 - 00038194 _____ C:\Windows\Irremote.ini
2013-08-16 13:27 - 2011-03-26 18:47 - 00000000 ____D C:\Users\Lisa\Documents\Bewerbung2

Some content of TEMP:
====================
C:\Users\Lisa\AppData\Local\Temp\ApnStub.exe
C:\Users\Lisa\AppData\Local\Temp\DivXInstaller.exe
C:\Users\Lisa\AppData\Local\Temp\gbc8kqhu.dll
C:\Users\Lisa\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Lisa\AppData\Local\Temp\LyricsMonkey_1060-1053_v120.exe
C:\Users\Lisa\AppData\Local\Temp\LyriXtmp.exe
C:\Users\Lisa\AppData\Local\Temp\mltmp.exe
C:\Users\Lisa\AppData\Local\Temp\ncivo51f.dll
C:\Users\Lisa\AppData\Local\Temp\Notification.exe
C:\Users\Lisa\AppData\Local\Temp\SHSetup.exe
C:\Users\Lisa\AppData\Local\Temp\uninst1.exe
C:\Users\Lisa\AppData\Local\Temp\WEB.DE_Sicherheitsupdate_Sep2012_Setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-07 02:14

==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2013 05
Ran by Lisa at 2013-09-15 19:11:15
Running from C:\Users\Lisa\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe AIR (x32 Version: 3.7.0.1860)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.174)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader 9.3 - Deutsch (x32 Version: 9.3.0)
Advertising Center (x32 Version: 0.0.0.2)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.27)
Atheros Driver Installation Program (x32 Version: 5.0)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
B400 Series PCL Driver from OKI® Printing Solutions for Windows  (x32 Version: 102)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82)
Chuzzle Deluxe (x32 Version: 2.2.0.82)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.4518.1014)
Conexant HD Audio (Version: 4.111.0.64)
CVE-2012-4969
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82)
Dropbox (HKCU Version: 2.0.22)
Efficient Elements for presentations 1.5.0.77 (x32 Version: 1.5.0.77)
FATE (x32 Version: 2.2.0.82)
ICQ7.4 (x32 Version: 7.4)
ImagXpress (x32 Version: 7.0.74.0)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2086)
Intel® Matrix Storage Manager
iSafe (x32)
Java Auto Updater (x32 Version: 2.0.5.1)
Java(TM) 6 Update 26 (x32 Version: 6.0.260)
Jewel Quest II (x32 Version: 2.2.0.82)
Junk Mail filter update (x32 Version: 14.0.8089.726)
MediaPortal (x32 Version: 1.1.3)
Mein CEWE FOTOBUCH (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Silverlight (x32 Version: 3.0.40818.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MySQL Server 5.1 (Version: 5.1.38)
Nero 9 Essentials (x32)
Nero BackItUp (x32 Version: 5.2.21001)
Nero BackItUp and Burn (x32 Version: 1.2.0030)
Nero BurnRights (x32 Version: 3.4.13.100)
Nero BurnRights (x32 Version: 3.6.26001)
Nero BurnRights Help (x32 Version: 3.4.4.100)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero DiscSpeed (x32 Version: 5.4.13.100)
Nero DiscSpeed Help (x32 Version: 5.4.4.100)
Nero DriveSpeed (x32 Version: 4.4.12.100)
Nero DriveSpeed Help (x32 Version: 4.4.4.100)
Nero Express (x32 Version: 9.6.16000)
Nero Express Help (x32 Version: 9.4.34.100)
Nero InfoTool (x32 Version: 6.4.12.100)
Nero InfoTool Help (x32 Version: 6.4.4.100)
Nero Installer (x32 Version: 4.4.9.0)
Nero Online Upgrade (x32 Version: 1.3.0.0)
Nero RescueAgent (x32 Version: 2.6.25002)
Nero StartSmart (x32 Version: 9.4.37.100)
Nero StartSmart Help (x32 Version: 9.4.37.100)
NeroExpress (x32 Version: 9.4.34.100)
neroxml (x32 Version: 1.0.0)
Norton 360 (x32 Version: 5.2.2.3)
OKI Network Extension (x32 Version: 1.00.000)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Penguins! (x32 Version: 2.2.0.82)
Photo Service - powered by myphotobook (x32 Version: 1.0.7)
Photo Service - powered by myphotobook (x32 Version: 1.0.7-279)
Picasa 3 (x32 Version: 3.9)
Plants vs. Zombies (x32 Version: 2.2.0.82)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Polar Bowler (x32 Version: 2.2.0.82)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30111)
Sibelius Scorch (ActiveX Only) (x32 Version: 6.2.0)
Sony Ericsson Update Service (x32 Version: 2.11.12.5)
Sony PC Companion (x32 Version: 2.10.165)
SpyHunter (Version: 4.15.1.4270)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
Toshiba Assist (x32 Version: 3.00.11)
TOSHIBA Bulletin Board (Version: 1.6.07.64)
TOSHIBA Bulletin Board (x32 Version: 1.6.07.64)
TOSHIBA ConfigFree (x32 Version: 8.0.28)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA Hardware Setup (x32 Version: 2.00.06)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6)
Toshiba Manuals (x32 Version: 10.01)
TOSHIBA Media Controller (x32 Version: 1.0.80.3.64)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.4.9)
TOSHIBA Online Product Information (x32 Version: 2.09.0001)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 x64)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019)
TOSHIBA ReelTime (Version: 1.6.06.64)
TOSHIBA ReelTime (x32 Version: 1.6.06.64)
TOSHIBA Service Station (x32 Version: 2.1.40)
TOSHIBA Supervisor Password (x32 Version: 2.00.03)
Toshiba TEMPRO (x32 Version: 3.30)
TOSHIBA Value Added Package (Version: 1.3.3.64)
TOSHIBA Value Added Package (x32 Version: 1.3.3.64)
TRORMCLauncher (Version: 1.0.0.9)
TRORMCLauncher (x32 Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office Word 2007 (KB974631) (x32)
Update for Office 2007 (KB934528) (x32)
Update for Office System 2007 Setup (KB929722) (x32)
Update Installer for WildTangent Games App (x32)
VLC media player 2.0.1 (x32 Version: 2.0.1)
Wartung Samsung CLP-320 Series (x32)
WEB.DE Softwareaktualisierung (x32 Version: 2.0.4.0)
WEB.DE Toolbar für Internet Explorer (x32 Version: 1.7.0.0)
WEB.DE Toolbar MSVC100 CRT x64 (Version: 1.0.0)
WEB.DE Toolbar MSVC100 CRT x86 (x32 Version: 1.0.0)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.14)
WildTangent-Spiele (x32 Version: 1.0.0.80)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
XSManager (x32 Version: 3.0)
Zuma Deluxe (x32 Version: 2.2.0.82)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {1F1AFA1D-F056-439F-8810-86989C07E086} - System32\Tasks\DSite => C:\Users\Lisa\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [2013-08-11] ()
Task: {4229C9CC-E521-4810-B5ED-28D91A822EEC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {59EB5E08-5CE3-4620-969D-5DF40576BA93} - System32\Tasks\Symantec\Norton Error Processor 5.2.2.3 => C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {68C471D9-38DB-46B7-BB44-6F67CD54A6CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-15] (Adobe Systems Incorporated)
Task: {87A2FFBB-96BD-4597-8D42-A5472E5B0A9B} - System32\Tasks\Symantec\Norton Error Analyzer 5.2.2.3 => C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {AB55D55F-D1DF-402D-8510-F62C772A8DA6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {B12C4BDB-68D9-4D08-B824-1351A641EDB5} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-22] (TOSHIBA CORPORATION)
Task: {CDA303E6-01DD-47A7-9528-8F5724A8D656} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe
Task: {D838CA9F-5A12-453C-9E83-0765C6DA40AE} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2012-09-20] (1&1 Mail & Media GmbH)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DSite.job => C:\Users\Lisa\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE

==================== Loaded Modules (whitelisted) =============

2013-05-29 14:27 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2009-07-14 02:22 - 2009-07-14 03:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2009-07-14 01:37 - 2009-07-14 03:39 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Dwm.exe
2011-04-27 10:10 - 2011-02-25 08:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\Explorer.EXE
2013-05-25 02:36 - 2013-05-25 02:36 - 00164016 _____ (Dropbox, Inc.) C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
2012-06-13 12:23 - 2011-03-25 08:10 - 02477424 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine64\5.2.2.3\buShell.dll
2012-06-13 12:23 - 2011-04-17 02:57 - 01031040 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine64\5.2.2.3\ccL100U.dll
2012-06-13 12:23 - 2011-06-01 18:16 - 00086952 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine64\5.2.2.3\EFACli64.dll
2010-03-18 01:22 - 2010-03-18 01:22 - 00166424 _____ (Intel Corporation) C:\Windows\System32\igfxtray.exe
2010-02-20 08:46 - 2010-02-20 08:46 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2010-03-18 01:22 - 2010-03-18 01:22 - 00391192 _____ (Intel Corporation) C:\Windows\System32\hkcmd.exe
2010-03-18 01:22 - 2010-03-18 01:22 - 00410648 _____ (Intel Corporation) C:\Windows\System32\igfxpers.exe
2010-04-08 09:32 - 2010-03-10 15:43 - 00520760 _____ (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
2009-11-05 22:05 - 2009-11-05 22:05 - 00505696 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2009-11-05 22:08 - 2009-11-05 22:08 - 00119808 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrReg.dll
2009-11-05 22:08 - 2009-11-05 22:08 - 00122880 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrFunc.dll
2009-11-05 22:08 - 2009-11-05 22:08 - 00260096 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TCooling.dll
2009-11-05 22:08 - 2009-11-05 22:08 - 00283136 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TtosFunc.dll
2009-11-05 22:08 - 2009-11-05 22:08 - 00298496 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TOddPwr.dll
2009-11-05 22:08 - 2009-11-05 22:08 - 00055808 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrSrv.dll
2009-11-05 22:08 - 2009-11-05 22:08 - 00261632 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\T1394Pwr.dll
2009-11-05 22:08 - 2009-11-05 22:08 - 00267776 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TKBLEDPwr.dll
2009-11-05 22:08 - 2009-11-05 22:08 - 00261632 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TSDPwr.dll
2009-11-05 22:08 - 2009-11-05 22:08 - 00260608 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPCIePwr.dll
2013-09-15 15:01 - 2013-09-12 12:21 - 00315040 _____ (Woodtale Technology Inc) C:\Program Files (x86)\iSafe\iSafeTray.exe
2009-08-13 12:31 - 2009-08-13 12:31 - 00570680 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
2010-03-03 14:15 - 2010-03-03 14:15 - 00913720 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
2013-05-29 14:29 - 2013-04-13 07:49 - 00308736 _____ (Microsoft Corporation) C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
2010-03-03 14:15 - 2010-03-03 14:15 - 00162104 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.dll
2010-03-12 15:38 - 2010-03-12 15:38 - 00059704 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdEvnt.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00265016 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\FnPRTSC.dll
2008-07-14 10:33 - 2008-07-14 10:33 - 00134456 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\FnSticky.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-05 22:08 - 2009-11-05 22:08 - 00264704 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TFunctab.DLL
2008-07-14 10:35 - 2008-07-14 10:35 - 00107832 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00055608 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnEsc.dll
2009-11-03 13:26 - 2009-11-03 13:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2008-07-14 10:34 - 2008-07-14 10:34 - 00053560 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF1.dll
2009-11-05 22:08 - 2009-11-05 22:08 - 00268288 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TFunc2.DLL
2008-07-14 10:34 - 2008-07-14 10:34 - 00054072 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF3.dll
2008-07-14 10:34 - 2008-07-14 10:34 - 00054072 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF4.dll
2010-01-20 13:47 - 2010-01-20 13:47 - 00116568 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF5.dll
2009-07-16 15:27 - 2009-07-16 15:27 - 00077624 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF67.dll
2009-08-19 20:36 - 2009-08-19 20:36 - 00369008 _____ (TOSHIBA Corporation.) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF8Dll.dll
2008-07-14 10:34 - 2008-07-14 10:34 - 00057656 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF9.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2009-10-23 14:24 - 2009-10-23 14:24 - 00076120 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnSpace.dll
2010-04-08 09:25 - 2009-06-22 14:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-14 19:02 - 2009-07-14 19:02 - 00018352 _____ (TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\ConfigFree\x64\CFNotify64.dll
2007-12-11 09:42 - 2007-12-11 09:42 - 00017784 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\NotifyTZU.dll
2009-07-25 16:38 - 2009-07-25 16:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2008-07-14 10:35 - 2008-07-14 10:35 - 00233272 _____ (TOSHIBA Corp.) C:\Program Files\TOSHIBA\Utilities\NotifyX.dll
2010-03-10 18:46 - 2010-03-10 18:46 - 02052392 _____ (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2010-03-10 18:46 - 2010-03-10 18:46 - 00396584 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2010-03-10 18:46 - 2010-03-10 18:46 - 00207144 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2010-03-03 12:28 - 2010-03-03 12:28 - 00035672 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
2010-03-03 12:29 - 2010-03-03 12:29 - 00066904 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\ReelTimeRemoteStorage.dll
2010-03-03 12:29 - 2010-03-03 12:29 - 00327000 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\DataProcess.dll
2010-03-19 14:27 - 2010-03-19 14:27 - 00595816 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
2010-03-19 14:28 - 2010-03-19 14:28 - 03409256 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll
2010-03-10 18:46 - 2010-03-10 18:46 - 00121128 _____ (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2010-02-11 02:40 - 2010-02-11 02:40 - 01050072 _____ (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
2010-02-11 02:40 - 2010-02-11 02:40 - 00058824 _____ (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproCommon.dll
2010-02-11 02:40 - 2010-02-11 02:40 - 07239112 _____ (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproUI.dll
2010-02-11 02:40 - 2010-02-11 02:40 - 00050632 _____ (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\de\TemproUI.resources.dll
2010-04-08 10:01 - 2010-02-12 10:55 - 00136136 _____ (Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
2010-04-08 10:01 - 2010-02-12 10:55 - 00036808 _____ (Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaCommon.dll
2010-04-08 10:01 - 2010-02-12 10:55 - 00054736 _____ (Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\de\ToshibaReminder.resources.dll
2013-05-25 02:47 - 2013-05-25 02:47 - 27776968 _____ (Dropbox, Inc.) C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
2010-03-18 01:22 - 2010-03-18 01:22 - 00223768 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2010-03-18 01:22 - 2010-03-18 01:22 - 00511000 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2010-03-09 02:23 - 2010-03-09 02:23 - 01086760 _____ (Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
2012-07-12 19:38 - 2010-07-08 19:05 - 00160992 ____R (4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
2013-08-11 20:06 - 2010-06-07 12:15 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2011-05-25 09:16 - 2010-11-20 15:25 - 00464384 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2010-02-22 13:23 - 2010-02-22 13:23 - 00304496 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
2013-08-11 20:06 - 2009-09-30 06:51 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2012-06-13 12:23 - 2011-04-17 02:45 - 00130008 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
2009-07-28 20:26 - 2009-07-28 20:26 - 00062848 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
2010-02-05 17:44 - 2010-02-05 17:44 - 01147224 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2010-02-05 17:45 - 2010-02-05 17:45 - 00265072 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TReport.dll
2013-07-17 16:04 - 2013-07-17 16:04 - 07529344 _____ (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
2013-07-17 16:04 - 2013-07-17 16:04 - 00721792 _____ (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll
2013-07-17 16:04 - 2013-07-17 16:04 - 03017088 _____ (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll
2013-07-17 16:04 - 2013-07-17 16:04 - 01190272 _____ (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll
2013-07-17 16:04 - 2013-07-17 16:04 - 00546688 _____ (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\Common.dll
2012-06-24 14:39 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-11 14:06 - 2013-09-11 14:06 - 01862024 _____ (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
2013-09-15 19:07 - 2013-09-15 19:07 - 01951146 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64.exe
2013-09-15 15:01 - 2013-09-12 12:22 - 01663816 _____ (Woodtale Technology Inc.) C:\Program Files (x86)\iSafe\ouilibx.dll
2013-09-15 15:01 - 2013-09-12 12:22 - 00187208 _____ () C:\Program Files (x86)\iSafe\libpng.dll
2013-09-15 15:01 - 2013-09-12 12:22 - 00053576 _____ (Woodtale Technology Inc) C:\Program Files (x86)\iSafe\iCommu.dll
2013-05-25 02:36 - 2013-05-25 02:36 - 00130736 _____ (Dropbox, Inc.) C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2012-11-14 01:32 - 2012-11-14 01:32 - 03558400 _____ (wxWidgets development team) C:\Users\Lisa\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Lisa\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 09956864 _____ (The ICU Project) C:\Users\Lisa\AppData\Roaming\Dropbox\bin\icudt.dll
2011-01-17 16:19 - 2011-03-29 17:19 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-06-13 12:23 - 2011-04-17 02:57 - 00675712 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccL100U.dll
2010-01-18 12:03 - 2010-01-18 12:03 - 04490536 ____R (BCGSoft Ltd) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\BCGCBPRO100u80.dll
2010-03-09 02:23 - 2010-03-09 02:23 - 01426728 _____ (Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NB.dll
2010-03-09 17:59 - 2010-03-09 17:59 - 06112552 _____ (Nero AG) c:\Program Files (x86)\Common Files\Nero\AdvrCntr4\AdvrCntr4.dll
2010-03-09 02:23 - 2010-03-09 02:23 - 00472360 _____ (Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\LBFC.dll
2010-03-09 02:23 - 2010-03-09 02:23 - 00304424 _____ (Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBRes-DEU.nls
2010-03-09 03:25 - 2010-03-09 03:25 - 00128304 _____ (Prolific Technology Inc.) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\PL2571.dll
2010-03-09 03:25 - 2010-03-09 03:25 - 00079152 _____ (JMicron Technology Co.) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\JMUsbDll.dll
2010-03-09 03:25 - 2010-03-09 03:25 - 00128304 _____ (Prolific Technology Inc.) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\PLX507.dll
2010-03-09 03:25 - 2010-03-09 03:25 - 00181544 _____ (Sunplus Technology Inc.) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\sp216.dll
2010-03-09 03:25 - 2010-03-09 03:25 - 00239008 _____ (ALi) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\PushButtonStatus.dll
2010-03-09 02:23 - 2010-03-09 02:23 - 00120104 _____ (Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBTask.dll
2010-03-09 02:23 - 2010-03-09 02:23 - 00292136 _____ (Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBBurn.dll
2009-08-27 13:42 - 2009-08-27 13:42 - 00197928 ____R (Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NeroAPIGlueLayerUnicode.dll
2009-12-25 10:53 - 2009-12-25 10:53 - 00136584 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSParts.dll
2010-01-29 15:33 - 2010-01-29 15:33 - 00304536 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSAPI.dll
2010-01-29 16:19 - 2010-01-29 16:19 - 00071032 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFWLAPI.dll
2009-07-27 18:57 - 2009-07-27 18:57 - 01561984 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSMUI.dll
2012-06-13 12:23 - 2011-04-17 02:45 - 00085376 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccVrTrst.dll
2012-06-13 12:23 - 2011-06-01 18:16 - 00064936 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\EFACli.dll
2012-06-13 12:23 - 2011-04-17 02:45 - 00141184 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvc.dll
2012-06-13 12:24 - 2011-04-05 03:25 - 00389560 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\srtsp32.dll
2012-06-13 12:23 - 2011-04-17 02:45 - 00158592 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccIPC.dll
2012-06-13 12:24 - 2012-06-08 02:02 - 00368088 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\5.2.2.3\NPCTRAY.DLL
2012-06-13 12:23 - 2011-04-17 02:45 - 00268672 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSet.dll
2012-06-13 12:24 - 2012-06-08 02:02 - 00733656 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\isDataPr.dll
2012-06-13 12:23 - 2012-06-08 02:02 - 00413144 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\5.2.2.3\ASHELPER.DLL
2012-06-13 12:23 - 2011-03-25 08:09 - 00118128 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\buDataCl.dll
2012-06-13 12:24 - 2012-06-08 02:02 - 00769496 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\NPC360ui.dll
2012-06-13 12:23 - 2012-06-08 02:02 - 00413144 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\5.2.2.3\ASOEHOOK.DLL
2012-06-13 12:23 - 2011-04-17 02:45 - 00291712 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccGEvt.dll
2012-06-13 12:23 - 2012-01-06 18:51 - 00126920 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\cltLMC.dll
2012-06-13 12:23 - 2012-06-08 02:02 - 00386008 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\5.2.2.3\AVPAPP32.DLL
2012-06-13 12:23 - 2012-01-06 18:51 - 00151496 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\cltElPrv.dll
2012-06-13 12:23 - 2012-06-08 02:02 - 00471512 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\AVIfc.dll
2012-06-13 12:23 - 2011-04-17 02:45 - 00387968 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccJobMgr.dll
2012-06-13 12:23 - 2011-03-25 08:09 - 00111984 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\5.2.2.3\BUUIPLG.DLL
2012-06-13 12:23 - 2012-06-07 14:46 - 00388064 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coDataPr.dll
2012-06-13 12:23 - 2012-01-06 18:51 - 00838088 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\5.2.2.3\CLTALDIS.DLL
2012-02-10 13:44 - 2012-02-08 13:21 - 01045432 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\MUI\5.2.0.13\07\01\cltRes.loc
2012-06-13 12:24 - 2012-06-08 02:02 - 00292312 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\5.2.2.3\FWSESAL.DLL
2012-06-13 12:23 - 2012-06-07 14:46 - 01207776 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\5.2.2.3\ACCTMGR.DLL
2012-06-13 12:24 - 2012-06-08 02:03 - 00145368 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\5.2.2.3\QSPLUGIN.DLL
2012-06-13 12:24 - 2011-02-16 12:18 - 00338360 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\5.2.2.3\SDKCMN.DLL
2012-06-13 12:24 - 2012-06-08 02:03 - 00650712 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\5.2.2.3\UIALERT.DLL
2012-06-13 12:24 - 2011-04-16 00:15 - 00097648 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\tuDataPr.dll
2012-06-13 12:23 - 2012-01-06 18:52 - 00137672 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\cltWzHlp.dll
2011-03-30 17:01 - 2010-12-04 13:37 - 00914360 _____ (Symantec Corporation) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\CLT\cltLMSx.dll
2012-06-13 12:23 - 2012-01-06 18:51 - 00052680 ____R (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\cltRDUrl.dll
2012-06-13 12:23 - 2012-06-07 14:46 - 00194016 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\5.2.2.3\coParse.dll
2013-08-19 09:38 - 2013-08-19 09:39 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-11 14:06 - 2013-09-11 14:06 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2013 06:44:17 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.  (HRESULT : 0x8007045d) (0x8007045d)

Error: (09/15/2013 06:44:17 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.  (HRESULT : 0x8007045d) (0x8007045d)

Error: (09/15/2013 06:44:17 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.  (HRESULT : 0x8007045d) (0x8007045d)

Error: (09/15/2013 06:44:17 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.  (HRESULT : 0x8007045d) (0x8007045d)

Error: (09/15/2013 06:42:45 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.  (HRESULT : 0x8007045d) (0x8007045d)

Error: (09/15/2013 06:42:45 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.  (HRESULT : 0x8007045d) (0x8007045d)

Error: (09/15/2013 06:42:45 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.  (HRESULT : 0x8007045d) (0x8007045d)

Error: (09/15/2013 06:42:45 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.  (HRESULT : 0x8007045d) (0x8007045d)

Error: (09/15/2013 06:41:32 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.  (HRESULT : 0x8007045d) (0x8007045d)

Error: (09/15/2013 06:41:32 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.  (HRESULT : 0x8007045d) (0x8007045d)


System errors:
=============
Error: (09/15/2013 06:44:17 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 7 Mal passiert.

Error: (09/15/2013 06:44:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%1117

Error: (09/15/2013 06:42:46 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.

Error: (09/15/2013 06:42:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%1117

Error: (09/15/2013 06:41:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (09/15/2013 06:41:51 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (09/15/2013 06:41:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (09/15/2013 06:41:51 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (09/15/2013 06:41:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (09/15/2013 06:41:51 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 70%
Total physical RAM: 1915.97 MB
Available physical RAM: 568.07 MB
Total Pagefile: 3831.94 MB
Available Pagefile: 1514.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:148.81 GB) (Free:98.61 GB) NTFS
Drive d: (Data) (Fixed) (Total:148.88 GB) (Free:141.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 94F2FB85)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 15.09.2013 19:42
hi,

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Necky 15.09.2013 21:46
Lieben Dank für die Antwort.
Ich habe soweit alles ausgeführt.

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.15.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Lisa :: ***** [Administrator]

15.09.2013 21:16:03
mbam-log-2013-09-15 (21-16-03).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 228610
Laufzeit: 24 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\ProgramData\eSafe\eGdpSvc.exe (Trojan.Staser) -> 1088 -> Löschen bei Neustart.
C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Esafe.A) -> 1088 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 9
HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc (Trojan.Staser) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc (PUP.Optional.Esafe.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\delta LTD (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\babylontoolbar (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc|ImagePath (PUP.Optional.Esafe.A) -> Daten: C:\ProgramData\eSafe\eGdpSvc.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=401400266C624C75&affID=120524&tt=070813_wt3&tsp=4971) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 18
C:\Users\Lisa\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.22.0 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\Install (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\language (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\language\en_us (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\language\es_es (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\language\pt_br (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\language\tr_tr (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\language\zh_cn (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\language\zh_tw (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\layout (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\layout\default (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\style (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 58
C:\ProgramData\eSafe\eGdpSvc.exe (Trojan.Staser) -> Löschen bei Neustart.
C:\Users\Lisa\AppData\Local\Temp\LyricsMonkey_1060-1053_v120.exe (PUP.Optional.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\LyriXtmp.exe (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\mltmp.exe (PUP.Optional.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\uxr7B0.tmp (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\358E59A6-BAB0-7891-BA78-16F6AE3B3446\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\358E59A6-BAB0-7891-BA78-16F6AE3B3446\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\358E59A6-BAB0-7891-BA78-16F6AE3B3446\NTRedirect.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\C7303F68-BAB0-7891-AC20-E686E1A346B0\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\C7303F68-BAB0-7891-AC20-E686E1A346B0\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\C7303F68-BAB0-7891-AC20-E686E1A346B0\Latest\NTRedirect.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\C7303F68-BAB0-7891-AC20-E686E1A346B0\Latest\Setup.exe (PUP.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\eInstall.exe (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\DM\Setup.exe\cadc4507a4b34fa48e24a78ed57c3f98\Setup.exe (Adware.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\is357113909\606867_Setup.EXE (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\is357113909\DeltaTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\is357113909\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\is357113909\wajam_validate.exe (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\Downloads\iLividSetup-r1035-t-bf.exe (PUP.Optional.Bandoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Esafe.A) -> Löschen bei Neustart.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\main (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\msvcp100.dll (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\msvcr100.dll (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\segoeui.ttf (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\segoeuib.ttf (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\app_icon.png (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\change_skin.png (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\combo_skin.png (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\edit_skin.png (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\install_back.png (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\install_button_skin.png (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\install_check_checked.png (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\install_check_intermediate.png (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\install_check_uncheck.png (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\install_logo.png (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\install_resource.xml (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\patch_file_icon.png (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\pic-error.png (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\pic-info.png (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\pic-question.png (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\pic-warning.png (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\popup_dialog_bk.png (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\progressbar_bk.png (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\progressbar_image.png (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\radio_normal.png (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\radio_selected.png (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\image\default\sys_close.png (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\Install\edesk.inst (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\language\protocol.txt (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\language\en_us\install_lang.ini (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\language\es_es\install_lang.ini (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\language\pt_br\install_lang.ini (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\language\tr_tr\install_lang.ini (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\layout\default\eDeskInstall.xml (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\layout\default\install_msgbox.xml (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\layout\default\languageSelect.xml (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\Local\Temp\Desk365\eInstall\style\install_style.xml (PUP.Optional.Desk365.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
# AdwCleaner v3.004 - Bericht erstellt am 15/09/2013 um 22:06:40
# Updated 15/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Lisa - *****
# Gestartet von : C:\Users\Lisa\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\Users\Lisa\Qtrax
Ordner Gelöscht : C:\Users\Lisa\AppData\Local\Temp\Desk365
Ordner Gelöscht : C:\Users\Lisa\AppData\Roaming\DSite
Datei Gelöscht : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\sfiva5dq.default\\invalidprefs.js
Datei Gelöscht : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\sfiva5dq.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\sfiva5dq.default\searchplugins\BrowserDefender.xml
Datei Gelöscht : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\sfiva5dq.default\user.js
Datei Gelöscht : C:\Windows\Tasks\DSite.job
Datei Gelöscht : C:\Windows\System32\Tasks\DSite

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\5f6dfdde03aba10
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Lyrics_Monkey
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\lyrixeeker
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\Software\V9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DomaIQ

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\sfiva5dq.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.bbDpng", "11");
Zeile gelöscht : user_pref("extensions.delta.cntry", "DE");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.hdrMd5", "9F5387195C234641111AE7ECFE3DCFB2");
Zeile gelöscht : user_pref("extensions.delta.id", "4014d6fa00000000000000266c624c75");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15928");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.22.012:36:12");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.sg", "tzb");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.22.0");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.22.012:36:12");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.22.0");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=120524&tt=070813_wt3&tsp=4971");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");

*************************

AdwCleaner[R0].txt - [5452 octets] - [15/09/2013 22:05:07]
AdwCleaner[S0].txt - [4990 octets] - [15/09/2013 22:06:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5050 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Lisa on 15.09.2013 at 22:28:44,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] isafekrnl
Failed to stop: [Service] isafeservice



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\qtrax
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2817999375-3352939516-3499679069-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\isafe
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7E68A907-5F91-41C4-B118-75F46581F8A7}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Lisa\AppData\Roaming\isafe"
Successfully deleted: [Folder] "C:\Program Files (x86)\isafe"



~~~ FireFox

Successfully deleted: [File] C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\sfiva5dq.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\sfiva5dq.default\searchplugins\babylon.xml
Emptied folder: C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\sfiva5dq.default\minidumps [72 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.09.2013 at 22:39:14,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-09-2013 05
Ran by Lisa (administrator) on ***** on 15-09-2013 22:43:30
Running from C:\Users\Lisa\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
(Nero AG) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
() C:\Program Files (x86)\XSManager\WTGService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Dropbox, Inc.) C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\ipmGui.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-02-11] (Toshiba Europe GmbH)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-02-12] (Toshiba Europe GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
MountPoints2: {aa296e26-59fb-11e0-8e20-00266c624c75} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] - c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [starter4g] - C:\Windows\starter4g.exe [160992 2010-07-08] (4G Systems GmbH & Co. KG)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-07] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-06] (Avira Operations GmbH & Co. KG)
HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope {9C2FD129-DF9C-4BD7-87C2-84C073477BA2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {DA841E46-0FB5-4258-9B14-9A53BAB652BC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL =
SearchScopes: HKCU - {2601D761-548E-4BBF-94F6-490AD272131B} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {47879C46-5CF4-4BDE-9C35-B594AFA238A4} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {7CAF86C0-79CD-4A13-8FAC-1B832C2E1CD1} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {9C2FD129-DF9C-4BD7-87C2-84C073477BA2} URL =
SearchScopes: HKCU - {A01B9552-44DF-44E7-9EC6-B2EA0B16ECB9} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {A18AAFD1-1843-43CF-9CA2-F9FE87A11C56} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {AF185623-6FC2-463D-9757-729F59706009} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {DA841E46-0FB5-4258-9B14-9A53BAB652BC} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: WEB.DE Toolbar BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: WEB.DE Toolbar BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - WEB.DE Toolbar - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - WEB.DE Toolbar - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - WEB.DE Toolbar - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1

FireFox:
========
FF ProfilePath: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\sfiva5dq.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @ei.Allin1Convert_8h.com/Plugin - C:\Program Files (x86)\Allin1Convert_8hEI\Installr\1.bin\NP8hEISB.dll (Allin1Convert)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\sfiva5dq.default\searchplugins\BrowserDefender.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Lyrics-Monkey - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\sfiva5dq.default\Extensions\126
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-06] (Avira Operations GmbH & Co. KG)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe [7599616 2009-08-18] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329168 2010-04-12] ()
R2 XS Stick Service; C:\Windows\service4g.exe [145120 2010-07-08] (4G Systems GmbH & Co. KG)
S2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [1127032 2011-04-15] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [1127032 2011-04-15] (Symantec Corporation)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2012-07-12] (Mobile Connector)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2011-04-02] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2011-04-02] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2011-04-02] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [658432 2009-07-06] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [19456 2009-07-06] (Hauppauge Computer Works, Inc.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110428.002\IDSvia64.sys [476792 2011-03-14] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110428.002\IDSvia64.sys [476792 2011-03-14] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110428.034\ENG64.SYS [117880 2011-04-02] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110428.034\ENG64.SYS [117880 2011-04-02] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110428.034\EX64.SYS [1828984 2011-04-02] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110428.034\EX64.SYS [1828984 2011-04-02] (Symantec Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
S2 SSPORT; C:\Windows\SysWow64\Drivers\SSPORT.sys [11576 2009-09-10] (Samsung Electronics)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2010-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
S3 iSafeKrnl; \??\C:\Program Files (x86)\iSafe\iSafeKrnl.sys [x]
R1 iSafeNetFilter; \??\C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [x]
S2 SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-15 22:39 - 2013-09-15 22:39 - 00002020 _____ C:\Users\Lisa\Desktop\JRT.txt
2013-09-15 22:28 - 2013-09-15 22:28 - 01029675 _____ (Thisisu) C:\Users\Lisa\Downloads\JRT.exe
2013-09-15 22:28 - 2013-09-15 22:28 - 00000000 ____D C:\Windows\ERUNT
2013-09-15 22:15 - 2013-09-15 22:40 - 00005134 _____ C:\Users\Lisa\Desktop\AdwCleaner[S0].txt
2013-09-15 22:04 - 2013-09-15 22:06 - 00000000 ____D C:\AdwCleaner
2013-09-15 22:04 - 2013-09-15 22:04 - 01039554 _____ C:\Users\Lisa\Downloads\adwcleaner.exe
2013-09-15 21:02 - 2013-09-15 21:02 - 00001080 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-15 21:02 - 2013-09-15 21:02 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Malwarebytes
2013-09-15 21:02 - 2013-09-15 21:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-15 21:02 - 2013-09-15 21:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-15 21:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-15 21:01 - 2013-09-15 21:01 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Lisa\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-15 19:42 - 2013-09-15 19:43 - 00277104 _____ C:\Windows\Minidump\091513-124722-01.dmp
2013-09-15 19:42 - 2013-09-15 19:42 - 00000000 ____D C:\Windows\Minidump
2013-09-15 19:41 - 2013-09-15 19:41 - 287037893 _____ C:\Windows\MEMORY.DMP
2013-09-15 19:30 - 2013-09-15 19:30 - 00377856 _____ C:\Users\Lisa\Downloads\gmer_2.1.19163.exe
2013-09-15 19:24 - 2013-09-15 19:24 - 00050477 _____ C:\Users\Lisa\Downloads\Defogger(1).exe
2013-09-15 19:19 - 2013-09-15 19:51 - 00037012 _____ C:\Users\Lisa\Desktop\FRST2.txt
2013-09-15 19:19 - 2013-09-15 19:19 - 00036673 _____ C:\Users\Lisa\Desktop\Addition2.txt
2013-09-15 19:15 - 2013-09-15 19:15 - 97671483 _____ C:\Windows\SysWOW64\ⴧ兀᱄‘
2013-09-15 19:11 - 2013-09-15 19:13 - 00036673 _____ C:\Users\Lisa\Downloads\Addition.txt
2013-09-15 19:07 - 2013-09-15 19:07 - 01951146 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64.exe
2013-09-15 19:07 - 2013-09-15 19:07 - 00000000 ____D C:\FRST
2013-09-15 19:06 - 2013-09-15 19:06 - 01084055 _____ (Farbar) C:\Users\Lisa\Downloads\FRST.exe
2013-09-15 19:05 - 2013-09-15 19:26 - 00000470 _____ C:\Users\Lisa\Downloads\defogger_disable.log
2013-09-15 19:05 - 2013-09-15 19:05 - 00000000 _____ C:\Users\Lisa\defogger_reenable
2013-09-15 19:02 - 2013-09-15 19:02 - 00050477 _____ C:\Users\Lisa\Downloads\Defogger.exe
2013-09-15 18:15 - 2013-09-15 18:15 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\eCyber
2013-09-15 15:07 - 2013-09-15 15:07 - 00000000 _____ C:\autoexec.bat
2013-09-15 15:02 - 2013-09-15 15:02 - 00001751 _____ C:\Users\Public\Desktop\iSafe.lnk
2013-09-15 14:58 - 2013-09-15 14:58 - 00633672 _____ (Woodtale Technology Inc) C:\Users\Lisa\Downloads\iSafedl.exe
2013-09-15 14:50 - 2013-09-15 15:06 - 00000000 ____D C:\sh4ldr
2013-09-15 14:50 - 2013-09-15 14:50 - 00002263 _____ C:\Users\Lisa\Desktop\SpyHunter.lnk
2013-09-15 14:50 - 2013-09-15 14:50 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-09-15 14:50 - 2013-09-15 14:50 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-15 14:48 - 2013-09-15 19:22 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-15 14:44 - 2013-09-15 14:44 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Lisa\Downloads\SpyHunter-Installer.exe
2013-09-09 11:52 - 2013-09-09 11:52 - 96601965 _____ C:\Windows\SysWOW64\嘛샙᱄n
2013-09-08 14:05 - 2013-09-08 14:05 - 96559285 _____ C:\Windows\SysWOW64\䟑濲᱄W
2013-09-07 23:14 - 2013-09-07 23:16 - 00006468 _____ C:\Users\Lisa\Desktop\Neues Journal-Dokument.jnt
2013-09-06 13:57 - 2013-09-06 13:57 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Avira
2013-09-06 13:52 - 2013-09-06 13:51 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-06 13:38 - 2013-09-06 13:38 - 00002037 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-06 13:37 - 2013-09-06 13:51 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-06 13:37 - 2013-09-06 13:51 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-06 13:37 - 2013-09-06 13:38 - 00000000 ____D C:\ProgramData\Avira
2013-09-06 13:37 - 2013-09-06 13:37 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-06 13:37 - 2013-03-06 16:13 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-06 13:14 - 2013-09-06 13:35 - 110344048 _____ C:\Users\Lisa\Downloads\nw_28498_avirafreeantivirusde.exe
2013-08-24 23:09 - 2013-08-24 23:11 - 03352020 _____ C:\Users\Lisa\Downloads\ProTeXt-3.1.3-060313.exe.part
2013-08-24 23:05 - 2013-08-24 23:05 - 00000000 ____D C:\Program Files (x86)\Allin1Convert_8hEI
2013-08-19 09:38 - 2013-08-19 09:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 10:54 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-16 10:54 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 10:54 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-16 10:54 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 10:54 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 10:54 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 10:54 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-16 10:54 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-16 10:54 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-16 10:54 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 10:54 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-16 10:54 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-16 10:54 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-16 10:54 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-16 10:54 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-16 10:54 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-16 10:54 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-16 10:54 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-16 10:54 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-16 10:54 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-16 10:53 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 10:53 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 10:53 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 10:53 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 10:53 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 10:53 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-16 10:53 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-16 10:53 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-16 10:53 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-16 10:53 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-16 10:53 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

==================== One Month Modified Files and Folders =======

2013-09-15 22:40 - 2013-09-15 22:15 - 00005134 _____ C:\Users\Lisa\Desktop\AdwCleaner[S0].txt
2013-09-15 22:39 - 2013-09-15 22:39 - 00002020 _____ C:\Users\Lisa\Desktop\JRT.txt
2013-09-15 22:28 - 2013-09-15 22:28 - 01029675 _____ (Thisisu) C:\Users\Lisa\Downloads\JRT.exe
2013-09-15 22:28 - 2013-09-15 22:28 - 00000000 ____D C:\Windows\ERUNT
2013-09-15 22:26 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-15 22:26 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-15 22:17 - 2011-08-26 12:46 - 00000000 ___RD C:\Users\Lisa\Dropbox
2013-09-15 22:17 - 2011-08-26 12:44 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Dropbox
2013-09-15 22:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-15 22:11 - 2009-07-14 06:51 - 00117046 _____ C:\Windows\setupact.log
2013-09-15 22:07 - 2010-05-14 19:42 - 01250139 _____ C:\Windows\WindowsUpdate.log
2013-09-15 22:06 - 2013-09-15 22:04 - 00000000 ____D C:\AdwCleaner
2013-09-15 22:06 - 2013-06-19 13:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-15 22:06 - 2011-03-29 15:03 - 00000000 ____D C:\Users\Lisa
2013-09-15 22:04 - 2013-09-15 22:04 - 01039554 _____ C:\Users\Lisa\Downloads\adwcleaner.exe
2013-09-15 21:47 - 2010-05-14 19:38 - 00186614 _____ C:\Windows\PFRO.log
2013-09-15 21:02 - 2013-09-15 21:02 - 00001080 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-15 21:02 - 2013-09-15 21:02 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Malwarebytes
2013-09-15 21:02 - 2013-09-15 21:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-15 21:02 - 2013-09-15 21:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-15 21:01 - 2013-09-15 21:01 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Lisa\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-15 21:00 - 2009-07-14 19:58 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-09-15 21:00 - 2009-07-14 19:58 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-09-15 21:00 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-15 19:51 - 2013-09-15 19:19 - 00037012 _____ C:\Users\Lisa\Desktop\FRST2.txt
2013-09-15 19:43 - 2013-09-15 19:42 - 00277104 _____ C:\Windows\Minidump\091513-124722-01.dmp
2013-09-15 19:42 - 2013-09-15 19:42 - 00000000 ____D C:\Windows\Minidump
2013-09-15 19:41 - 2013-09-15 19:41 - 287037893 _____ C:\Windows\MEMORY.DMP
2013-09-15 19:30 - 2013-09-15 19:30 - 00377856 _____ C:\Users\Lisa\Downloads\gmer_2.1.19163.exe
2013-09-15 19:26 - 2013-09-15 19:05 - 00000470 _____ C:\Users\Lisa\Downloads\defogger_disable.log
2013-09-15 19:24 - 2013-09-15 19:24 - 00050477 _____ C:\Users\Lisa\Downloads\Defogger(1).exe
2013-09-15 19:22 - 2013-09-15 14:48 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-15 19:19 - 2013-09-15 19:19 - 00036673 _____ C:\Users\Lisa\Desktop\Addition2.txt
2013-09-15 19:15 - 2013-09-15 19:15 - 97671483 _____ C:\Windows\SysWOW64\ⴧ兀᱄‘
2013-09-15 19:13 - 2013-09-15 19:11 - 00036673 _____ C:\Users\Lisa\Downloads\Addition.txt
2013-09-15 19:07 - 2013-09-15 19:07 - 01951146 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64.exe
2013-09-15 19:07 - 2013-09-15 19:07 - 00000000 ____D C:\FRST
2013-09-15 19:06 - 2013-09-15 19:06 - 01084055 _____ (Farbar) C:\Users\Lisa\Downloads\FRST.exe
2013-09-15 19:05 - 2013-09-15 19:05 - 00000000 _____ C:\Users\Lisa\defogger_reenable
2013-09-15 19:02 - 2013-09-15 19:02 - 00050477 _____ C:\Users\Lisa\Downloads\Defogger.exe
2013-09-15 18:15 - 2013-09-15 18:15 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\eCyber
2013-09-15 15:07 - 2013-09-15 15:07 - 00000000 _____ C:\autoexec.bat
2013-09-15 15:06 - 2013-09-15 14:50 - 00000000 ____D C:\sh4ldr
2013-09-15 15:02 - 2013-09-15 15:02 - 00001751 _____ C:\Users\Public\Desktop\iSafe.lnk
2013-09-15 14:58 - 2013-09-15 14:58 - 00633672 _____ (Woodtale Technology Inc) C:\Users\Lisa\Downloads\iSafedl.exe
2013-09-15 14:50 - 2013-09-15 14:50 - 00002263 _____ C:\Users\Lisa\Desktop\SpyHunter.lnk
2013-09-15 14:50 - 2013-09-15 14:50 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-09-15 14:50 - 2013-09-15 14:50 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-15 14:44 - 2013-09-15 14:44 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Lisa\Downloads\SpyHunter-Installer.exe
2013-09-15 14:23 - 2013-06-19 13:40 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-15 14:22 - 2012-08-22 11:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-15 14:22 - 2012-08-22 11:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-15 13:52 - 2013-08-11 15:32 - 00000108 _____ C:\Users\Lisa\AppData\Roaming\WB.CFG
2013-09-15 13:52 - 2013-08-11 15:32 - 00000005 _____ C:\Users\Lisa\AppData\Roaming\WBPU-TTL.DAT
2013-09-15 13:17 - 2011-04-02 13:24 - 00000000 ____D C:\Users\Lisa\AppData\Local\CrashDumps
2013-09-10 21:39 - 2013-08-11 20:08 - 00000099 _____ C:\Users\Public\LMDebug.log
2013-09-09 11:52 - 2013-09-09 11:52 - 96601965 _____ C:\Windows\SysWOW64\嘛샙᱄n
2013-09-08 14:06 - 2013-08-11 20:07 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2013-09-08 14:05 - 2013-09-08 14:05 - 96559285 _____ C:\Windows\SysWOW64\䟑濲᱄W
2013-09-07 23:16 - 2013-09-07 23:14 - 00006468 _____ C:\Users\Lisa\Desktop\Neues Journal-Dokument.jnt
2013-09-07 02:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-06 13:57 - 2013-09-06 13:57 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Avira
2013-09-06 13:51 - 2013-09-06 13:52 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-06 13:51 - 2013-09-06 13:37 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-06 13:51 - 2013-09-06 13:37 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-06 13:38 - 2013-09-06 13:38 - 00002037 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-06 13:38 - 2013-09-06 13:37 - 00000000 ____D C:\ProgramData\Avira
2013-09-06 13:37 - 2013-09-06 13:37 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-06 13:35 - 2013-09-06 13:14 - 110344048 _____ C:\Users\Lisa\Downloads\nw_28498_avirafreeantivirusde.exe
2013-09-06 13:19 - 2013-01-03 19:25 - 00000000 ____D C:\Users\Lisa\Documents\Uni Chemie
2013-09-06 13:06 - 2010-04-08 10:01 - 00000000 ____D C:\ProgramData\Skype
2013-08-26 19:29 - 2012-01-05 12:18 - 00000000 ____D C:\Users\Lisa\Desktop\Neuer Ordner5
2013-08-24 23:11 - 2013-08-24 23:09 - 03352020 _____ C:\Users\Lisa\Downloads\ProTeXt-3.1.3-060313.exe.part
2013-08-24 23:05 - 2013-08-24 23:05 - 00000000 ____D C:\Program Files (x86)\Allin1Convert_8hEI
2013-08-19 16:51 - 2013-05-22 19:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 09:39 - 2013-08-19 09:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-18 14:59 - 2013-08-10 14:48 - 00000000 ____D C:\Users\Lisa\Desktop\Broadstairs
2013-08-17 12:38 - 2010-04-08 09:25 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-08-17 12:37 - 2013-08-11 11:41 - 00000000 ____D C:\Program Files (x86)\webcamXP5
2013-08-17 12:36 - 2012-04-06 13:01 - 00000000 ____D C:\Program Files (x86)\Sony
2013-08-17 12:30 - 2011-03-29 16:26 - 00038194 _____ C:\Windows\Irremote.ini
2013-08-16 13:27 - 2011-03-26 18:47 - 00000000 ____D C:\Users\Lisa\Documents\Bewerbung2

Some content of TEMP:
====================
C:\Users\Lisa\AppData\Local\Temp\ApnStub.exe
C:\Users\Lisa\AppData\Local\Temp\DivXInstaller.exe
C:\Users\Lisa\AppData\Local\Temp\gbc8kqhu.dll
C:\Users\Lisa\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Lisa\AppData\Local\Temp\ncivo51f.dll
C:\Users\Lisa\AppData\Local\Temp\Notification.exe
C:\Users\Lisa\AppData\Local\Temp\Quarantine.exe
C:\Users\Lisa\AppData\Local\Temp\SHSetup.exe
C:\Users\Lisa\AppData\Local\Temp\uninst1.exe
C:\Users\Lisa\AppData\Local\Temp\WEB.DE_Sicherheitsupdate_Sep2012_Setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-07 02:14

==================== End Of Log ============================
--- --- ---

schrauber 16.09.2013 10:21

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Necky 16.09.2013 19:19
Hier der ESET log:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2bb8c19337be5f49a4862b42697f560d
# engine=15147
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-16 05:10:49
# local_time=2013-09-16 07:10:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 86187 244774739 27876 0
# compatibility_mode=3589 16777213 100 80 29229733 130013945 0 0
# compatibility_mode=5893 16776574 100 94 1140709 130981299 0 0
# scanned=217028
# found=2
# cleaned=0
# scan_time=25166
sh=942FD61DDAB86F56533E9FE2506CB0FDD576948B ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.L application" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\che5C72.tmp"
sh=A5BB586A7266F0749B91480D836E672D0A17BDDC ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.L application" ac=I fn="C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\sfiva5dq.default\extensions\126\chrome\content\main.js"
Der SecurityCheck:

Code:
Results of screen317's Security Check version 0.99.73 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
Norton 360     
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java(TM) 6 Update 26 
 Java version out of Date!
 Adobe Flash Player 11.8.800.168 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Und der FSRT log:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 01
Ran by Lisa (administrator) on ***** on 16-09-2013 20:16:46
Running from C:\Users\Lisa\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
(Nero AG) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Farbar) C:\Users\Lisa\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-02-11] (Toshiba Europe GmbH)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-02-12] (Toshiba Europe GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
MountPoints2: {aa296e26-59fb-11e0-8e20-00266c624c75} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] - c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [starter4g] - C:\Windows\starter4g.exe [160992 2010-07-08] (4G Systems GmbH & Co. KG)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-07] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-06] (Avira Operations GmbH & Co. KG)
HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope {9C2FD129-DF9C-4BD7-87C2-84C073477BA2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {DA841E46-0FB5-4258-9B14-9A53BAB652BC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL =
SearchScopes: HKCU - {2601D761-548E-4BBF-94F6-490AD272131B} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {47879C46-5CF4-4BDE-9C35-B594AFA238A4} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {7CAF86C0-79CD-4A13-8FAC-1B832C2E1CD1} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {9C2FD129-DF9C-4BD7-87C2-84C073477BA2} URL =
SearchScopes: HKCU - {A01B9552-44DF-44E7-9EC6-B2EA0B16ECB9} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {A18AAFD1-1843-43CF-9CA2-F9FE87A11C56} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {AF185623-6FC2-463D-9757-729F59706009} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {DA841E46-0FB5-4258-9B14-9A53BAB652BC} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: WEB.DE Toolbar BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: WEB.DE Toolbar BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - WEB.DE Toolbar - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - WEB.DE Toolbar - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - WEB.DE Toolbar - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1

FireFox:
========
FF ProfilePath: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\sfiva5dq.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @ei.Allin1Convert_8h.com/Plugin - C:\Program Files (x86)\Allin1Convert_8hEI\Installr\1.bin\NP8hEISB.dll (Allin1Convert)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\sfiva5dq.default\searchplugins\BrowserDefender.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Lyrics-Monkey - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\sfiva5dq.default\Extensions\126
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-06] (Avira Operations GmbH & Co. KG)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe [7599616 2009-08-18] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329168 2010-04-12] ()
R2 XS Stick Service; C:\Windows\service4g.exe [145120 2010-07-08] (4G Systems GmbH & Co. KG)
S2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [1127032 2011-04-15] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [1127032 2011-04-15] (Symantec Corporation)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2012-07-12] (Mobile Connector)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2011-04-02] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2011-04-02] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2011-04-02] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [658432 2009-07-06] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [19456 2009-07-06] (Hauppauge Computer Works, Inc.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110428.002\IDSvia64.sys [476792 2011-03-14] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110428.002\IDSvia64.sys [476792 2011-03-14] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110428.034\ENG64.SYS [117880 2011-04-02] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110428.034\ENG64.SYS [117880 2011-04-02] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110428.034\EX64.SYS [1828984 2011-04-02] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110428.034\EX64.SYS [1828984 2011-04-02] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
S2 SSPORT; C:\Windows\SysWow64\Drivers\SSPORT.sys [11576 2009-09-10] (Samsung Electronics)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2010-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
S3 iSafeKrnl; \??\C:\Program Files (x86)\iSafe\iSafeKrnl.sys [x]
S1 iSafeNetFilter; \??\C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [x]
S2 SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-16 20:00 - 2013-09-16 20:00 - 01951150 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64(1).exe
2013-09-16 19:51 - 2013-09-16 19:52 - 00891144 _____ C:\Users\Lisa\Downloads\SecurityCheck.exe
2013-09-16 15:27 - 2013-09-16 15:27 - 97787879 _____ C:\Windows\SysWOW64\嗘迉᱄š
2013-09-16 12:00 - 2013-09-16 12:00 - 02347384 _____ (ESET) C:\Users\Lisa\Downloads\esetsmartinstaller_enu.exe
2013-09-16 09:51 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-16 09:51 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-16 09:51 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-16 09:51 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-16 09:51 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-16 09:51 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-16 09:51 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-16 09:51 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-16 09:51 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-16 09:51 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-16 09:51 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-16 09:51 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-16 09:51 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-16 09:51 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-16 09:51 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-16 09:51 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-16 09:51 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-16 09:51 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-16 09:51 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-16 09:51 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-16 09:51 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-16 09:51 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-16 09:51 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-16 09:51 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-16 09:51 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-16 09:51 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-16 09:51 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-16 09:51 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-16 09:51 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-16 09:51 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-16 09:51 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-15 22:46 - 2013-09-15 22:46 - 00038550 _____ C:\Users\Lisa\Desktop\FRST.txt
2013-09-15 22:39 - 2013-09-15 22:39 - 00002020 _____ C:\Users\Lisa\Desktop\JRT.txt
2013-09-15 22:28 - 2013-09-15 22:28 - 01029675 _____ (Thisisu) C:\Users\Lisa\Downloads\JRT.exe
2013-09-15 22:28 - 2013-09-15 22:28 - 00000000 ____D C:\Windows\ERUNT
2013-09-15 22:15 - 2013-09-15 22:40 - 00005134 _____ C:\Users\Lisa\Desktop\AdwCleaner[S0].txt
2013-09-15 22:04 - 2013-09-15 22:06 - 00000000 ____D C:\AdwCleaner
2013-09-15 22:04 - 2013-09-15 22:04 - 01039554 _____ C:\Users\Lisa\Downloads\adwcleaner.exe
2013-09-15 21:02 - 2013-09-15 21:02 - 00001080 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-15 21:02 - 2013-09-15 21:02 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Malwarebytes
2013-09-15 21:02 - 2013-09-15 21:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-15 21:02 - 2013-09-15 21:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-15 21:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-15 21:01 - 2013-09-15 21:01 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Lisa\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-15 19:42 - 2013-09-15 19:43 - 00277104 _____ C:\Windows\Minidump\091513-124722-01.dmp
2013-09-15 19:42 - 2013-09-15 19:42 - 00000000 ____D C:\Windows\Minidump
2013-09-15 19:41 - 2013-09-15 19:41 - 287037893 _____ C:\Windows\MEMORY.DMP
2013-09-15 19:30 - 2013-09-15 19:30 - 00377856 _____ C:\Users\Lisa\Downloads\gmer_2.1.19163.exe
2013-09-15 19:24 - 2013-09-15 19:24 - 00050477 _____ C:\Users\Lisa\Downloads\Defogger(1).exe
2013-09-15 19:19 - 2013-09-15 19:51 - 00037012 _____ C:\Users\Lisa\Desktop\FRST2.txt
2013-09-15 19:19 - 2013-09-15 19:19 - 00036673 _____ C:\Users\Lisa\Desktop\Addition2.txt
2013-09-15 19:15 - 2013-09-15 19:15 - 97671483 _____ C:\Windows\SysWOW64\ⴧ兀᱄‘
2013-09-15 19:11 - 2013-09-15 19:13 - 00036673 _____ C:\Users\Lisa\Downloads\Addition.txt
2013-09-15 19:07 - 2013-09-15 19:07 - 01951146 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64.exe
2013-09-15 19:07 - 2013-09-15 19:07 - 00000000 ____D C:\FRST
2013-09-15 19:06 - 2013-09-15 19:06 - 01084055 _____ (Farbar) C:\Users\Lisa\Downloads\FRST.exe
2013-09-15 19:05 - 2013-09-15 19:26 - 00000470 _____ C:\Users\Lisa\Downloads\defogger_disable.log
2013-09-15 19:05 - 2013-09-15 19:05 - 00000000 _____ C:\Users\Lisa\defogger_reenable
2013-09-15 19:02 - 2013-09-15 19:02 - 00050477 _____ C:\Users\Lisa\Downloads\Defogger.exe
2013-09-15 18:15 - 2013-09-15 18:15 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\eCyber
2013-09-15 15:07 - 2013-09-15 15:07 - 00000000 _____ C:\autoexec.bat
2013-09-15 15:02 - 2013-09-15 15:02 - 00001751 _____ C:\Users\Public\Desktop\iSafe.lnk
2013-09-15 14:58 - 2013-09-15 14:58 - 00633672 _____ (Woodtale Technology Inc) C:\Users\Lisa\Downloads\iSafedl.exe
2013-09-15 14:50 - 2013-09-15 15:06 - 00000000 ____D C:\sh4ldr
2013-09-15 14:50 - 2013-09-15 14:50 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-09-15 14:50 - 2013-09-15 14:50 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-15 14:48 - 2013-09-15 19:22 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-15 14:44 - 2013-09-15 14:44 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Lisa\Downloads\SpyHunter-Installer.exe
2013-09-15 14:01 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-15 14:01 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-15 14:01 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-15 14:01 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-15 14:01 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-15 14:01 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-15 14:01 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-15 14:01 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-15 14:01 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-15 14:01 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-15 14:01 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-15 14:01 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-15 14:01 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-15 14:01 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-15 14:01 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-15 14:01 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-15 14:01 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-15 14:01 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-15 14:01 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-15 14:01 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-15 14:01 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-15 13:26 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-15 13:26 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-15 13:26 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-15 13:25 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-15 13:25 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-15 13:24 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-09 11:52 - 2013-09-09 11:52 - 96601965 _____ C:\Windows\SysWOW64\嘛샙᱄n
2013-09-08 14:05 - 2013-09-08 14:05 - 96559285 _____ C:\Windows\SysWOW64\䟑濲᱄W
2013-09-07 23:14 - 2013-09-07 23:16 - 00006468 _____ C:\Users\Lisa\Desktop\Neues Journal-Dokument.jnt
2013-09-06 13:57 - 2013-09-06 13:57 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Avira
2013-09-06 13:52 - 2013-09-06 13:51 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-06 13:38 - 2013-09-06 13:38 - 00002037 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-06 13:37 - 2013-09-06 13:51 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-06 13:37 - 2013-09-06 13:51 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-06 13:37 - 2013-09-06 13:38 - 00000000 ____D C:\ProgramData\Avira
2013-09-06 13:37 - 2013-09-06 13:37 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-06 13:37 - 2013-03-06 16:13 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-06 13:14 - 2013-09-06 13:35 - 110344048 _____ C:\Users\Lisa\Downloads\nw_28498_avirafreeantivirusde.exe
2013-08-24 23:09 - 2013-08-24 23:11 - 03352020 _____ C:\Users\Lisa\Downloads\ProTeXt-3.1.3-060313.exe.part
2013-08-24 23:05 - 2013-08-24 23:05 - 00000000 ____D C:\Program Files (x86)\Allin1Convert_8hEI
2013-08-19 09:38 - 2013-08-19 09:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-09-16 20:07 - 2013-06-19 13:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-16 20:00 - 2013-09-16 20:00 - 01951150 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64(1).exe
2013-09-16 19:52 - 2013-09-16 19:51 - 00891144 _____ C:\Users\Lisa\Downloads\SecurityCheck.exe
2013-09-16 18:35 - 2011-04-02 13:24 - 00000000 ____D C:\Users\Lisa\AppData\Local\CrashDumps
2013-09-16 15:27 - 2013-09-16 15:27 - 97787879 _____ C:\Windows\SysWOW64\嗘迉᱄š
2013-09-16 13:43 - 2010-05-14 19:42 - 01349764 _____ C:\Windows\WindowsUpdate.log
2013-09-16 12:00 - 2013-09-16 12:00 - 02347384 _____ (ESET) C:\Users\Lisa\Downloads\esetsmartinstaller_enu.exe
2013-09-16 11:58 - 2009-07-14 19:58 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-09-16 11:58 - 2009-07-14 19:58 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-09-16 11:58 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-16 11:54 - 2011-08-26 12:44 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Dropbox
2013-09-16 11:53 - 2011-08-26 12:46 - 00000000 ___RD C:\Users\Lisa\Dropbox
2013-09-16 11:47 - 2011-03-29 15:06 - 00000000 ___RD C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-16 11:47 - 2011-03-29 15:03 - 00000000 ___RD C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-16 11:46 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-16 11:46 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-16 11:32 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-16 11:32 - 2009-07-14 06:45 - 00388792 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-16 11:31 - 2009-07-14 06:51 - 00117158 _____ C:\Windows\setupact.log
2013-09-15 22:46 - 2013-09-15 22:46 - 00038550 _____ C:\Users\Lisa\Desktop\FRST.txt
2013-09-15 22:40 - 2013-09-15 22:15 - 00005134 _____ C:\Users\Lisa\Desktop\AdwCleaner[S0].txt
2013-09-15 22:39 - 2013-09-15 22:39 - 00002020 _____ C:\Users\Lisa\Desktop\JRT.txt
2013-09-15 22:28 - 2013-09-15 22:28 - 01029675 _____ (Thisisu) C:\Users\Lisa\Downloads\JRT.exe
2013-09-15 22:28 - 2013-09-15 22:28 - 00000000 ____D C:\Windows\ERUNT
2013-09-15 22:06 - 2013-09-15 22:04 - 00000000 ____D C:\AdwCleaner
2013-09-15 22:06 - 2011-03-29 15:03 - 00000000 ____D C:\Users\Lisa
2013-09-15 22:04 - 2013-09-15 22:04 - 01039554 _____ C:\Users\Lisa\Downloads\adwcleaner.exe
2013-09-15 21:47 - 2010-05-14 19:38 - 00186614 _____ C:\Windows\PFRO.log
2013-09-15 21:02 - 2013-09-15 21:02 - 00001080 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-15 21:02 - 2013-09-15 21:02 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Malwarebytes
2013-09-15 21:02 - 2013-09-15 21:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-15 21:02 - 2013-09-15 21:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-15 21:01 - 2013-09-15 21:01 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Lisa\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-15 19:51 - 2013-09-15 19:19 - 00037012 _____ C:\Users\Lisa\Desktop\FRST2.txt
2013-09-15 19:43 - 2013-09-15 19:42 - 00277104 _____ C:\Windows\Minidump\091513-124722-01.dmp
2013-09-15 19:42 - 2013-09-15 19:42 - 00000000 ____D C:\Windows\Minidump
2013-09-15 19:41 - 2013-09-15 19:41 - 287037893 _____ C:\Windows\MEMORY.DMP
2013-09-15 19:30 - 2013-09-15 19:30 - 00377856 _____ C:\Users\Lisa\Downloads\gmer_2.1.19163.exe
2013-09-15 19:26 - 2013-09-15 19:05 - 00000470 _____ C:\Users\Lisa\Downloads\defogger_disable.log
2013-09-15 19:24 - 2013-09-15 19:24 - 00050477 _____ C:\Users\Lisa\Downloads\Defogger(1).exe
2013-09-15 19:22 - 2013-09-15 14:48 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-15 19:19 - 2013-09-15 19:19 - 00036673 _____ C:\Users\Lisa\Desktop\Addition2.txt
2013-09-15 19:15 - 2013-09-15 19:15 - 97671483 _____ C:\Windows\SysWOW64\ⴧ兀᱄‘
2013-09-15 19:13 - 2013-09-15 19:11 - 00036673 _____ C:\Users\Lisa\Downloads\Addition.txt
2013-09-15 19:07 - 2013-09-15 19:07 - 01951146 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64.exe
2013-09-15 19:07 - 2013-09-15 19:07 - 00000000 ____D C:\FRST
2013-09-15 19:06 - 2013-09-15 19:06 - 01084055 _____ (Farbar) C:\Users\Lisa\Downloads\FRST.exe
2013-09-15 19:05 - 2013-09-15 19:05 - 00000000 _____ C:\Users\Lisa\defogger_reenable
2013-09-15 19:02 - 2013-09-15 19:02 - 00050477 _____ C:\Users\Lisa\Downloads\Defogger.exe
2013-09-15 18:15 - 2013-09-15 18:15 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\eCyber
2013-09-15 15:07 - 2013-09-15 15:07 - 00000000 _____ C:\autoexec.bat
2013-09-15 15:06 - 2013-09-15 14:50 - 00000000 ____D C:\sh4ldr
2013-09-15 15:02 - 2013-09-15 15:02 - 00001751 _____ C:\Users\Public\Desktop\iSafe.lnk
2013-09-15 14:58 - 2013-09-15 14:58 - 00633672 _____ (Woodtale Technology Inc) C:\Users\Lisa\Downloads\iSafedl.exe
2013-09-15 14:50 - 2013-09-15 14:50 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-09-15 14:50 - 2013-09-15 14:50 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-15 14:44 - 2013-09-15 14:44 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Lisa\Downloads\SpyHunter-Installer.exe
2013-09-15 14:23 - 2013-06-19 13:40 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-15 14:22 - 2012-08-22 11:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-15 14:22 - 2012-08-22 11:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-15 13:52 - 2013-08-11 15:32 - 00000108 _____ C:\Users\Lisa\AppData\Roaming\WB.CFG
2013-09-15 13:52 - 2013-08-11 15:32 - 00000005 _____ C:\Users\Lisa\AppData\Roaming\WBPU-TTL.DAT
2013-09-10 21:39 - 2013-08-11 20:08 - 00000099 _____ C:\Users\Public\LMDebug.log
2013-09-09 11:52 - 2013-09-09 11:52 - 96601965 _____ C:\Windows\SysWOW64\嘛샙᱄n
2013-09-08 14:06 - 2013-08-11 20:07 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2013-09-08 14:05 - 2013-09-08 14:05 - 96559285 _____ C:\Windows\SysWOW64\䟑濲᱄W
2013-09-07 23:16 - 2013-09-07 23:14 - 00006468 _____ C:\Users\Lisa\Desktop\Neues Journal-Dokument.jnt
2013-09-07 02:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-06 13:57 - 2013-09-06 13:57 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Avira
2013-09-06 13:51 - 2013-09-06 13:52 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-06 13:51 - 2013-09-06 13:37 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-06 13:51 - 2013-09-06 13:37 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-06 13:38 - 2013-09-06 13:38 - 00002037 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-06 13:38 - 2013-09-06 13:37 - 00000000 ____D C:\ProgramData\Avira
2013-09-06 13:37 - 2013-09-06 13:37 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-06 13:35 - 2013-09-06 13:14 - 110344048 _____ C:\Users\Lisa\Downloads\nw_28498_avirafreeantivirusde.exe
2013-09-06 13:19 - 2013-01-03 19:25 - 00000000 ____D C:\Users\Lisa\Documents\Uni Chemie
2013-09-06 13:06 - 2010-04-08 10:01 - 00000000 ____D C:\ProgramData\Skype
2013-08-26 19:29 - 2012-01-05 12:18 - 00000000 ____D C:\Users\Lisa\Desktop\Neuer Ordner5
2013-08-24 23:11 - 2013-08-24 23:09 - 03352020 _____ C:\Users\Lisa\Downloads\ProTeXt-3.1.3-060313.exe.part
2013-08-24 23:05 - 2013-08-24 23:05 - 00000000 ____D C:\Program Files (x86)\Allin1Convert_8hEI
2013-08-19 16:51 - 2013-05-22 19:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 09:39 - 2013-08-19 09:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-18 14:59 - 2013-08-10 14:48 - 00000000 ____D C:\Users\Lisa\Desktop\Broadstairs
2013-08-17 12:38 - 2010-04-08 09:25 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-08-17 12:37 - 2013-08-11 11:41 - 00000000 ____D C:\Program Files (x86)\webcamXP5
2013-08-17 12:36 - 2012-04-06 13:01 - 00000000 ____D C:\Program Files (x86)\Sony
2013-08-17 12:30 - 2011-03-29 16:26 - 00038194 _____ C:\Windows\Irremote.ini

Some content of TEMP:
====================
C:\Users\Lisa\AppData\Local\Temp\ApnStub.exe
C:\Users\Lisa\AppData\Local\Temp\DivXInstaller.exe
C:\Users\Lisa\AppData\Local\Temp\gbc8kqhu.dll
C:\Users\Lisa\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Lisa\AppData\Local\Temp\ncivo51f.dll
C:\Users\Lisa\AppData\Local\Temp\Notification.exe
C:\Users\Lisa\AppData\Local\Temp\Quarantine.exe
C:\Users\Lisa\AppData\Local\Temp\SHSetup.exe
C:\Users\Lisa\AppData\Local\Temp\uninst1.exe
C:\Users\Lisa\AppData\Local\Temp\WEB.DE_Sicherheitsupdate_Sep2012_Setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-07 02:14

==================== End Of Log ============================
--- --- ---



Soweit hat alles geklappt. Der PC scheint allerdings immer noch relativ langsam und hängt sich häufiger auf.

schrauber 16.09.2013 20:33
Java und Adobe updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Deinstallier alles was Du nicht brauchst, räum den Autostart auf und teste nochmal.

Necky 16.09.2013 21:28
Nachdem der Computer sich aufgehängt hat, fährt er nun nicht mehr richtig hoch. Windows kann nicht mehr gestartet werden. Was nun?

Neuaufsetzung funktooniert auch nicht. Scheint wohl die Festplatte den Geist aufgegeben zu haben...

schrauber 17.09.2013 12:32
Das würde auch den Speed erklären. Wann genau ist das passiert?

Necky 18.09.2013 15:26
Kurz nachdem ich die Logs hier gepostet habe und den Rechner runterfahren wollte...

schrauber 18.09.2013 19:56
Neuaufsetzen geht tatsähclich nicht? Kommt en fehlermeldung?

Necky 19.09.2013 11:55
Ne, geht nicht... Er bootet von der CD und lädt die Dateien, dann kommt nur ein schwarzer Bildschirm und nichts passiert mehr.

schrauber 19.09.2013 17:01
Festplatte....


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131