Alles nach Anleitung durchgeführt:
Malwarebyte-Log: Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2014.01.23.04
Windows 8 x86 NTFS
Internet Explorer 11.0.9600.16476
Timo :: LAPTOP [Administrator]
Schutz: Aktiviert
23.01.2014 15:57:20
mbam-log-2014-01-23 (15-57-20).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213965
Laufzeit: 24 Minute(n), 23 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 4
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\ProgramData\InstallMate\{3218A904-104A-4639-A4D2-5868E9FB8BF2}\Custom.dll (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
adwcleaner log: Code:
# AdwCleaner v3.017 - Bericht erstellt am 23/01/2014 um 16:59:22
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro (32 bits)
# Benutzername : Timo - LAPTOP
# Gestartet von : C:\Users\Timo\Desktop\System\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\safee, suave
Datei Gelöscht : C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Timo\Desktop\Startfenster.lnk
Datei Gelöscht : C:\WINDOWS\System32\Tasks\EPUpdater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2AA21B0-4BE6-4323-86D5-768320FD4B8C}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2AA21B0-4BE6-4323-86D5-768320FD4B8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\d
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\5d55dddae56fec17
Schlüssel Gelöscht : HKLM\SOFTWARE\5d55dddae56fec17
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsWoofer
Schlüssel Gelöscht : HKLM\Software\DataMngr
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16384
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\62q7im3k.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.bbDpng", "11");
Zeile gelöscht : user_pref("extensions.delta.cntry", "DE");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.hdrMd5", "7733BEF0DE0674DC9A3CA6888D2AC168");
Zeile gelöscht : user_pref("extensions.delta.id", "6c33ac0f000000000000120e8e309126");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15904");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.21.522:15:51");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.sg", "azb");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.515:18:30");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4947");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
-\\ Google Chrome v32.0.1700.76
[ Datei : C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : icon_url
Gelöscht : search_url
Gelöscht : keyword
*************************
AdwCleaner[R0].txt - [4505 octets] - [23/01/2014 16:58:00]
AdwCleaner[S0].txt - [4465 octets] - [23/01/2014 16:59:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4525 octets] ##########
JRT.txt: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 8.1 Pro x86
Ran by Timo on 23.01.2014 at 17:26:44,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1557550318-1369658305-2422123886-1001\Software\sweetim
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
~~~ Files
Successfully deleted: [File] "C:\Users\Timo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user pinned\taskbar\startfenster.lnk"
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\62q7im3k.default\minidumps [71 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.01.2014 at 17:39:18,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-01-2014
Ran by Timo (administrator) on LAPTOP on 23-01-2014 17:59:05
Running from C:\Users\Timo\Desktop\System
Microsoft Windows 8.1 Pro (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe
(Dropbox, Inc.) C:\Users\Timo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Deutsche Telekom AG) C:\Users\Timo\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16470_none_9e05f679e2df8b7c\TiWorker.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AgentMonitor] - C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] ()
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [HP Officejet 6500 E710a-f (NET)] - C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
Startup: C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Timo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk
ShortcutTarget: Mediencenter.lnk -> C:\Users\Timo\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\62q7im3k.default
FF NewTab: www.google.com
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: www.google.com
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\62q7im3k.default\searchplugins\imdb-1.xml
FF SearchPlugin: C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\62q7im3k.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: SoundCloud Downloader - Technowise - C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\62q7im3k.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2013-03-21]
Chrome:
=======
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: hxxp://www.google.com
========================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1210368 2013-10-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 athr; C:\Windows\system32\DRIVERS\athwn.sys [2795520 2013-06-18] (Qualcomm Atheros Communications, Inc.)
S0 Avgbootx; C:\Windows\System32\DRIVERS\avgbootx.sys [17424 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimw8x.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpx; C:\Windows\system32\DRIVERS\avgwfpx.sys [196920 2013-10-21] (AVG Technologies CZ, s.r.o.)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2013-08-22] (Microsoft Corporation)
S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation)
R3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-23 17:39 - 2014-01-23 17:39 - 00001150 _____ C:\Users\Timo\Desktop\JRT.txt
2014-01-23 17:26 - 2014-01-23 17:26 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-23 16:57 - 2014-01-23 16:59 - 00000000 ____D C:\AdwCleaner
2014-01-23 14:18 - 2014-01-23 14:18 - 00000470 _____ C:\Users\Timo\Downloads\defogger_disable.log
2014-01-23 14:18 - 2014-01-23 14:18 - 00000000 _____ C:\Users\Timo\defogger_reenable
2014-01-23 14:17 - 2014-01-23 14:17 - 00050477 _____ C:\Users\Timo\Downloads\Defogger.exe
2014-01-23 14:12 - 2014-01-23 14:12 - 00370971 _____ C:\Users\Timo\Downloads\gmer_2.1.19355.zip
2014-01-23 13:40 - 2014-01-23 13:40 - 00000000 ____D C:\FRST
2014-01-23 13:35 - 2014-01-23 13:35 - 00000000 ____D C:\Users\Timo\AppData\Roaming\Malwarebytes
2014-01-23 13:35 - 2014-01-23 13:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-23 13:35 - 2014-01-23 13:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-23 13:35 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-23 13:30 - 2014-01-23 13:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Timo\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-23 13:28 - 2014-01-23 13:28 - 02800104 _____ (AVAST Software) C:\Users\Timo\Downloads\avast-browser-cleanup.exe
2014-01-23 07:49 - 2013-12-09 00:43 - 00609792 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-23 07:49 - 2013-11-27 15:09 - 02872688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-23 07:49 - 2013-11-27 11:46 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-23 07:49 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-23 07:49 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-23 07:49 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-23 07:49 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-23 06:50 - 2014-01-23 17:59 - 00000000 ____D C:\Users\Timo\Desktop\System
2014-01-23 06:50 - 2014-01-23 06:50 - 00000000 ____D C:\Users\Timo\Desktop\Grafik
2014-01-23 06:33 - 2014-01-23 06:33 - 00000000 ____D C:\Users\Timo\AppData\Roaming\AVG2014
2014-01-23 06:31 - 2014-01-23 06:31 - 00000000 ____D C:\Users\Timo\AppData\Roaming\TuneUp Software
2014-01-23 06:26 - 2014-01-23 06:32 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-23 06:26 - 2014-01-23 06:26 - 00000000 ___HD C:\$AVG
2014-01-23 06:26 - 2014-01-23 06:26 - 00000000 ____D C:\Users\Timo\Downloads\20140121115652_200496
2014-01-23 06:24 - 2014-01-23 06:24 - 00000000 ____D C:\Program Files\AVG
2014-01-23 06:23 - 2014-01-23 06:23 - 00832256 _____ C:\Users\Timo\Downloads\20140121115652_200496.zip
2014-01-23 06:19 - 2014-01-23 17:39 - 00000000 ____D C:\ProgramData\MFAData
2014-01-23 06:19 - 2014-01-23 06:58 - 00000000 ____D C:\Users\Timo\AppData\Local\Avg2014
2014-01-23 06:19 - 2014-01-23 06:19 - 00000000 ____D C:\Users\Timo\AppData\Local\MFAData
2014-01-23 06:07 - 2014-01-23 06:13 - 137189352 _____ (AVG Technologies) C:\Users\Timo\Downloads\avg_free_x86_all_2014_4259a6848.exe
2014-01-23 05:49 - 2014-01-23 05:49 - 02278856 _____ C:\Users\Timo\Downloads\avira_pc_cleaner_de.exe
2014-01-07 10:13 - 2014-01-07 10:14 - 00000000 ____D C:\Users\Timo\Logitech
2014-01-07 10:13 - 2014-01-07 10:13 - 00002323 _____ C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk
2014-01-07 10:11 - 2014-01-07 10:12 - 00000000 ____D C:\Program Files\Common Files\Remote Control Software Common
2014-01-07 10:11 - 2014-01-07 10:11 - 00000000 ____D C:\Program Files\Logitech
2014-01-07 10:11 - 2014-01-07 10:11 - 00000000 ____D C:\Program Files\Common Files\Remote Control USB Driver
2014-01-07 10:09 - 2014-01-07 10:09 - 00000000 ____D C:\Users\Timo\AppData\Roaming\InstallShield
2014-01-07 10:09 - 2014-01-07 10:09 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2014-01-05 15:55 - 2014-01-05 15:55 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2013-12-27 19:31 - 2013-12-30 10:19 - 00000662 _____ C:\Users\Timo\AppData\Local\cookies.ini
2013-12-27 19:30 - 2013-12-27 19:30 - 00001199 _____ C:\Users\Timo\Desktop\VTech Download Manager.lnk
2013-12-27 19:30 - 2013-12-27 19:30 - 00000000 ____D C:\Users\Timo\AppData\Local\cache
2013-12-27 19:29 - 2013-12-27 19:29 - 00000000 ____D C:\ProgramData\VTech
2013-12-27 19:29 - 2013-12-27 19:29 - 00000000 ____D C:\Program Files\VTech
2013-12-26 19:53 - 2013-12-26 19:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-01-23 17:59 - 2014-01-23 06:50 - 00000000 ____D C:\Users\Timo\Desktop\System
2014-01-23 17:56 - 2013-11-05 20:33 - 01446924 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-23 17:45 - 2013-02-01 16:52 - 00001108 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-23 17:39 - 2014-01-23 17:39 - 00001150 _____ C:\Users\Timo\Desktop\JRT.txt
2014-01-23 17:39 - 2014-01-23 06:19 - 00000000 ____D C:\ProgramData\MFAData
2014-01-23 17:38 - 2012-12-26 10:12 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-23 17:26 - 2014-01-23 17:26 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-23 17:23 - 2013-11-06 09:15 - 00000000 ___RD C:\Users\Timo\Mediencenter
2014-01-23 17:23 - 2013-11-06 08:25 - 00000000 __RDO C:\Users\Timo\SkyDrive
2014-01-23 17:23 - 2013-10-22 17:12 - 00000000 ___RD C:\Users\Timo\Dropbox
2014-01-23 17:23 - 2013-10-22 17:02 - 00000000 ____D C:\Users\Timo\AppData\Roaming\Dropbox
2014-01-23 17:23 - 2013-02-01 16:54 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-23 17:23 - 2013-02-01 16:52 - 00001104 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-23 17:15 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2014-01-23 17:01 - 2013-08-22 08:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-23 17:00 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-23 17:00 - 2013-08-22 07:13 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-23 16:59 - 2014-01-23 16:57 - 00000000 ____D C:\AdwCleaner
2014-01-23 16:38 - 2013-09-29 19:54 - 00030814 _____ C:\WINDOWS\PFRO.log
2014-01-23 16:35 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-23 16:34 - 2013-11-05 20:13 - 00000000 ____D C:\Users\Timo
2014-01-23 15:46 - 2013-01-14 09:21 - 00000756 _____ C:\WINDOWS\cedt.INI
2014-01-23 14:32 - 2013-09-30 05:08 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-23 14:28 - 2013-08-22 08:23 - 00305775 _____ C:\WINDOWS\setupact.log
2014-01-23 14:18 - 2014-01-23 14:18 - 00000470 _____ C:\Users\Timo\Downloads\defogger_disable.log
2014-01-23 14:18 - 2014-01-23 14:18 - 00000000 _____ C:\Users\Timo\defogger_reenable
2014-01-23 14:17 - 2014-01-23 14:17 - 00050477 _____ C:\Users\Timo\Downloads\Defogger.exe
2014-01-23 14:12 - 2014-01-23 14:12 - 00370971 _____ C:\Users\Timo\Downloads\gmer_2.1.19355.zip
2014-01-23 13:40 - 2014-01-23 13:40 - 00000000 ____D C:\FRST
2014-01-23 13:35 - 2014-01-23 13:35 - 00000000 ____D C:\Users\Timo\AppData\Roaming\Malwarebytes
2014-01-23 13:35 - 2014-01-23 13:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-23 13:35 - 2014-01-23 13:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-23 13:30 - 2014-01-23 13:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Timo\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-23 13:28 - 2014-01-23 13:28 - 02800104 _____ (AVAST Software) C:\Users\Timo\Downloads\avast-browser-cleanup.exe
2014-01-23 09:17 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\rescache
2014-01-23 07:59 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-23 06:58 - 2014-01-23 06:19 - 00000000 ____D C:\Users\Timo\AppData\Local\Avg2014
2014-01-23 06:55 - 2013-08-22 07:13 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2014-01-23 06:50 - 2014-01-23 06:50 - 00000000 ____D C:\Users\Timo\Desktop\Grafik
2014-01-23 06:33 - 2014-01-23 06:33 - 00000000 ____D C:\Users\Timo\AppData\Roaming\AVG2014
2014-01-23 06:32 - 2014-01-23 06:26 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-23 06:31 - 2014-01-23 06:31 - 00000000 ____D C:\Users\Timo\AppData\Roaming\TuneUp Software
2014-01-23 06:31 - 2012-07-26 07:53 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2014-01-23 06:26 - 2014-01-23 06:26 - 00000000 ___HD C:\$AVG
2014-01-23 06:26 - 2014-01-23 06:26 - 00000000 ____D C:\Users\Timo\Downloads\20140121115652_200496
2014-01-23 06:24 - 2014-01-23 06:24 - 00000000 ____D C:\Program Files\AVG
2014-01-23 06:23 - 2014-01-23 06:23 - 00832256 _____ C:\Users\Timo\Downloads\20140121115652_200496.zip
2014-01-23 06:19 - 2014-01-23 06:19 - 00000000 ____D C:\Users\Timo\AppData\Local\MFAData
2014-01-23 06:13 - 2014-01-23 06:07 - 137189352 _____ (AVG Technologies) C:\Users\Timo\Downloads\avg_free_x86_all_2014_4259a6848.exe
2014-01-23 05:49 - 2014-01-23 05:49 - 02278856 _____ C:\Users\Timo\Downloads\avira_pc_cleaner_de.exe
2014-01-22 11:42 - 2013-10-22 17:04 - 00000000 ____D C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-19 08:37 - 2012-12-18 17:43 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-15 10:39 - 2013-06-17 14:02 - 00257198 _____ C:\WINDOWS\DPINST.LOG
2014-01-15 10:33 - 2013-06-17 14:00 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-07 10:55 - 2012-12-26 09:34 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-07 10:14 - 2014-01-07 10:13 - 00000000 ____D C:\Users\Timo\Logitech
2014-01-07 10:13 - 2014-01-07 10:13 - 00002323 _____ C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk
2014-01-07 10:12 - 2014-01-07 10:11 - 00000000 ____D C:\Program Files\Common Files\Remote Control Software Common
2014-01-07 10:11 - 2014-01-07 10:11 - 00000000 ____D C:\Program Files\Logitech
2014-01-07 10:11 - 2014-01-07 10:11 - 00000000 ____D C:\Program Files\Common Files\Remote Control USB Driver
2014-01-07 10:09 - 2014-01-07 10:09 - 00000000 ____D C:\Users\Timo\AppData\Roaming\InstallShield
2014-01-07 10:09 - 2014-01-07 10:09 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2014-01-06 23:31 - 2013-08-22 09:18 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 09:18 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-01-06 22:55 - 2012-12-28 06:17 - 00000000 ____D C:\Users\Timo\Documents\VUUNO
2014-01-06 22:55 - 2012-12-28 06:13 - 00001911 _____ C:\Users\Timo\Desktop\dreamboxEDIT.lnk
2014-01-05 15:55 - 2014-01-05 15:55 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-01-05 13:09 - 2013-04-28 11:02 - 00000600 _____ C:\Users\Timo\AppData\Roaming\winscp.rnd
2013-12-30 10:19 - 2013-12-27 19:31 - 00000662 _____ C:\Users\Timo\AppData\Local\cookies.ini
2013-12-27 19:30 - 2013-12-27 19:30 - 00001199 _____ C:\Users\Timo\Desktop\VTech Download Manager.lnk
2013-12-27 19:30 - 2013-12-27 19:30 - 00000000 ____D C:\Users\Timo\AppData\Local\cache
2013-12-27 19:29 - 2013-12-27 19:29 - 00000000 ____D C:\ProgramData\VTech
2013-12-27 19:29 - 2013-12-27 19:29 - 00000000 ____D C:\Program Files\VTech
2013-12-26 23:02 - 2013-01-08 07:42 - 00000600 _____ C:\Users\Timo\AppData\Local\PUTTY.RND
2013-12-26 19:54 - 2013-12-26 19:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-24 09:51 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\system32\de-DE
Some content of TEMP:
====================
C:\Users\Timo\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2013-11-22 16:12] - [2013-10-22 07:03] - 2065448 ____A (Microsoft Corporation) 1A0BC9598E4A58FC84570FFF5A108E58
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-23 17:13
==================== End Of Log ============================
--- --- ---
Addition.txt: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-01-2014
Ran by Timo at 2014-01-23 17:59:52
Running from C:\Users\Timo\Desktop\System
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05 - Adobe Systems Incorporated)
AVG 2014 (Version: 14.0.3681 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
CamAlert II (Version: - hxxp://www.coderonline.de/)
Classic Shell (Version: 3.6.8 - IvoSoft)
CL-Eye Driver (Version: 5.3.0.0341 - Code Laboratories, Inc.)
Crimson Editor SVN286M (Version: SVN286M - Emerald Editor Community)
dreamboxEDIT -- The one and only settings editor for your Dreambox (Version: - )
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
Garmin BaseCamp (Version: 4.0.5 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2013.30 Update (Version: 16.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (Version: 32.0.1700.76 - Google Inc.)
Google Earth Plug-in (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Hilfe (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (Version: 1.0.0.9572 - HP)
HP Update (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (Version: 12.3.4.0 - HP)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (Version: 0.9 - AppWork GmbH)
L&H TTS3000 Deutsch (Version: - )
Logitech Harmony Remote Software 7 (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
MD5 Checksum Verifier 4.9 (Version: - GoldSolution Software, Inc.)
Media Renamer (Version: 2.1.1 - Benjamin Schirmer)
Mediencenter 3.8.9799.6 (HKCU Version: 3.8.9799.6 - Deutsche Telekom AG)
Medieval CUE Splitter (Version: 1.2.0 - Medieval Software)
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
Napster 5 Beta (Version: 1.0.61 - Rhapsody International Inc)
Napster 5 Beta (Version: 1.0.61 - Rhapsody International Inc) Hidden
Picasa 3 (Version: 3.9 - Google, Inc.)
Ravensburger tiptoi (Version: - )
Remote Control USB Driver (Version: 2.3.2.317 - )
Saal Design Software (Version: 3.2.18 - SSW Software GmbH)
Saal Design Software (Version: 3.2.18 - SSW Software GmbH) Hidden
SlotRun V3.6.1 (Version: - (c.) André Münsterberg)
Sony Ericsson Update Engine (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.188 (Version: 2.10.188 - Sony)
Spybot - Search & Destroy (Version: 2.1.19 - Safer-Networking Ltd.)
Synology Assistant (remove only) (Version: - )
theRenamer 7.58 (Version: - theRenamer)
Universal Adb Driver (Version: 1.0.0 - ClockworkMod)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.6 (Version: 2.0.6 - VideoLAN)
VTech Download Agent Library (Version: 1.00.0000 - VTech) Hidden
VTech Download Manager (Version: - VTech)
WBFS Manager 4.0 (Version: 4.0 - WBFS)
Winamp (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 4.20 (32-Bit) (Version: 4.20.0 - win.rar GmbH)
WinSCP 5.1.4 (Version: 5.1.4 - Martin Prikryl)
==================== Restore Points =========================
23-01-2014 08:13:23 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2013-08-22 07:13 - 2013-08-22 07:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {1C9E9344-F2FE-4A73-9332-09A41ACA6EB7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {398FD461-DC6C-4E69-BAEC-49938CA7ACBC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2013-12-17] (Microsoft Corporation)
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {A8620076-9A56-4F55-A0FA-D46387D51E01} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {D7E46EE6-040C-4FAF-BAAF-305C39520E7F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E430773D-219A-44DC-A2C8-7B8E192E7452} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {EC377DCF-2AA3-44A3-A254-F68585258A8C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-01] (Google Inc.)
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {FAECB1B3-C496-4E33-B32B-B1F74BA71697} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-01] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-07-11 17:22 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-07-11 17:22 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-07-11 17:22 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-07-11 17:22 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2013-07-11 17:22 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Timo\AppData\Roaming\Dropbox\bin\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\WINDOWS\system32\Drivers\igagmjnu.sys:changelist
AlternateDataStreams: C:\Users\Timo\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/23/2014 05:18:27 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/23/2014 05:15:48 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/23/2014 05:15:47 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert.
Error: (01/23/2014 05:02:37 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert.
Error: (01/23/2014 04:52:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/23/2014 04:52:02 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert.
Error: (01/23/2014 04:39:28 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert.
Error: (01/23/2014 02:48:56 PM) (Source: Application Hang) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20315 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 3234
Startzeit: 01cf184123f33292
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x86__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 142884e9-8435-11e3-afcf-001c23299887
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20315_x86__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (01/23/2014 02:47:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: gmer.exe, Version: 2.1.19355.0, Zeitstempel: 0x52dedef9
Name des fehlerhaften Moduls: gmer.exe, Version: 2.1.19355.0, Zeitstempel: 0x52dedef9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0007c549
ID des fehlerhaften Prozesses: 0x17f4
Startzeit der fehlerhaften Anwendung: 0xgmer.exe0
Pfad der fehlerhaften Anwendung: gmer.exe1
Pfad des fehlerhaften Moduls: gmer.exe2
Berichtskennung: gmer.exe3
Vollständiger Name des fehlerhaften Pakets: gmer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: gmer.exe5
Error: (01/23/2014 08:03:46 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (01/23/2014 05:02:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%14001
Error: (01/23/2014 05:01:58 PM) (Source: WudfUsbccidDriver) (User: NT-AUTORITÄT)
Description: 0x810x20x10xfe0x00x0
Error: (01/23/2014 04:39:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%14001
Error: (01/23/2014 04:38:50 PM) (Source: WudfUsbccidDriver) (User: NT-AUTORITÄT)
Description: 0x810x20x10xfe0x00x0
Error: (01/23/2014 10:00:03 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/23/2014 09:00:20 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (01/23/2014 05:47:04 AM) (Source: WudfUsbccidDriver) (User: NT-AUTORITÄT)
Description: 0x810x20x10xfe0x00x0
Error: (01/22/2014 06:30:04 PM) (Source: WudfUsbccidDriver) (User: NT-AUTORITÄT)
Description: 0x810x20x10xfe0x00x0
Error: (01/22/2014 02:43:07 PM) (Source: WudfUsbccidDriver) (User: NT-AUTORITÄT)
Description: 0x810x20x10xfe0x00x0
Error: (01/22/2014 11:43:37 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Microsoft Office Sessions:
=========================
Error: (01/23/2014 05:18:27 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Sony\sony pc companion\Drivers\DPInst64.exe
Error: (01/23/2014 05:15:48 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet 6500 E710a-f\DriverStore\Pipeline\amd64\hpinkins5512.exe
Error: (01/23/2014 05:15:47 PM) (Source: SideBySide)(User: )
Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNamec:\program files\spybot - search & destroy 2\SDWSCSvc.exe
Error: (01/23/2014 05:02:37 PM) (Source: SideBySide)(User: )
Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
Error: (01/23/2014 04:52:03 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet 6500 E710a-f\DriverStore\Pipeline\amd64\hpinkins5512.exe
Error: (01/23/2014 04:52:02 PM) (Source: SideBySide)(User: )
Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNamec:\program files\spybot - search & destroy 2\SDWSCSvc.exe
Error: (01/23/2014 04:39:28 PM) (Source: SideBySide)(User: )
Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
Error: (01/23/2014 02:48:56 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20315323401cf184123f332924294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x86__8wekyb3d8bbwe\LiveComm.exe142884e9-8435-11e3-afcf-001c23299887microsoft.windowscommunicationsapps_17.5.9600.20315_x86__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (01/23/2014 02:47:30 PM) (Source: Application Error)(User: )
Description: gmer.exe2.1.19355.052dedef9gmer.exe2.1.19355.052dedef9c00000050007c54917f401cf183f4e209681C:\Users\Timo\Desktop\System\gmer.exeC:\Users\Timo\Desktop\System\gmer.exee6c42110-8434-11e3-afcf-001c23299887
Error: (01/23/2014 08:03:46 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Sony\sony pc companion\Drivers\DPInst64.exe
CodeIntegrity Errors:
===================================
Date: 2013-12-23 10:13:01.817
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2013-12-23 10:11:56.228
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2013-12-23 10:11:56.071
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2013-12-23 10:11:22.744
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2013-12-23 10:08:57.187
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2013-12-23 10:08:11.704
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2013-12-23 10:07:36.929
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2013-12-23 10:07:36.648
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2013-12-23 10:07:36.398
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2013-12-23 10:07:03.476
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Percentage of memory in use: 44%
Total physical RAM: 2037.97 MB
Available physical RAM: 1138.74 MB
Total Pagefile: 2549.97 MB
Available Pagefile: 1245.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:55.55 GB) (Free:13.18 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 56 GB) (Disk ID: 524E524E)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=56 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
