| Mutant74 | 31.07.2014 07:25 |
Hier die Ergebnisse Code:
-
FRST Logfile:
FRST Logfile:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01
Ran by Ramona (administrator) on LILLY on 31-07-2014 08:14:17
Running from C:\Users\Ramona\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
( ) C:\Windows\System32\lxducoms.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [688472 2013-07-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-18] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [lxdumon.exe] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2010-02-04] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe [131752 2010-02-04] (Lexmark International Inc.)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2002-04-12] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-22] (AVAST Software)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-411219997-75583767-915356665-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1199576 2013-11-27] (Spotify Ltd)
HKU\S-1-5-21-411219997-75583767-915356665-1001\...\MountPoints2: {83fe47c2-f447-11e3-8276-202564d0191b} - "D:\AutoRun.exe"
IFEO\alohatripeaks-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\apo3gui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\bejeweled3-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\bingdesktop.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\empressofthedeepdarkestsecret-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\islandtribe-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\jewelquestsolitaire2-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\magic academy-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\pegglenights-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\plantsvszombies-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\polar-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\spotifylauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\spyhunter4.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\tcrdmain_win8.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\tospu.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\tpchviewer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\virtualvillagers4thetreeoflife-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute:
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM - {9624565F-F28E-4EBE-925A-ED9E98F5A166} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TEJB
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {9624565F-F28E-4EBE-925A-ED9E98F5A166} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Ramona\AppData\Roaming\Mozilla\Firefox\Profiles\50ls6jad.default-1405665429811
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Star Stable Online - C:\Users\Ramona\AppData\Roaming\Mozilla\Firefox\Profiles\50ls6jad.default-1405665429811\Extensions\plugin@starstable.com [2014-07-19]
FF Extension: Adblock Plus - C:\Users\Ramona\AppData\Roaming\Mozilla\Firefox\Profiles\50ls6jad.default-1405665429811\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-22]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-08-31] () [File not signed]
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-10-01] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-22] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-22] (AVAST Software)
S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
S4 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
S4 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
S2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 lxdu_device; C:\Windows\SysWOW64\lxducoms.exe [589824 2009-10-16] ( )
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
S4 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-19] (Toshiba Europe GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-06] (Advanced Micro Devices, INC.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-22] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-22] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-22] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-31 08:14 - 2014-07-31 08:15 - 00016605 _____ () C:\Users\Ramona\Downloads\FRST.txt
2014-07-31 08:13 - 2014-07-31 08:14 - 00000000 ____D () C:\FRST
2014-07-31 08:05 - 2014-07-31 08:06 - 02094080 _____ (Farbar) C:\Users\Ramona\Downloads\FRST64.exe
2014-07-28 17:15 - 2014-07-28 17:16 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Ramona\Downloads\rkill.com
2014-07-28 15:33 - 2014-07-28 15:33 - 00336024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-24 17:15 - 2014-07-16 10:24 - 00043320 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2014-07-24 17:15 - 2014-07-16 10:24 - 00036152 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2014-07-24 17:15 - 2014-07-16 10:24 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-07-24 17:15 - 2014-07-16 10:24 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2014-07-24 09:19 - 2014-07-24 09:19 - 00001058 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-23 13:08 - 2014-07-23 13:08 - 00007843 _____ () C:\Users\Ramona\Downloads\217864462.eml
2014-07-23 12:35 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-07-23 12:35 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-07-23 12:35 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-07-22 16:34 - 2014-07-31 08:05 - 02013100 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 16:14 - 2014-07-29 08:03 - 00000000 ____D () C:\Windows\softwaredistribution.bak7
2014-07-22 13:58 - 2014-07-22 13:58 - 02347384 _____ (ESET) C:\Users\Ramona\Downloads\esetsmartinstaller_deu.exe
2014-07-22 09:33 - 2014-07-22 09:33 - 00001999 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-07-22 09:30 - 2014-07-22 09:28 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-07-22 09:28 - 2014-07-22 09:28 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-07-22 09:01 - 2014-07-22 09:01 - 00000000 ____D () C:\Users\Ramona\AppData\Roaming\AVAST Software
2014-07-22 08:49 - 2014-07-22 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-22 08:47 - 2014-07-22 09:31 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-22 08:47 - 2014-07-22 08:48 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-22 08:47 - 2014-07-22 08:47 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-22 08:47 - 2014-07-22 08:47 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-22 08:47 - 2014-07-22 08:47 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-22 08:47 - 2014-07-22 08:47 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-22 08:47 - 2014-07-22 08:47 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-22 08:47 - 2014-07-22 08:47 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-22 08:47 - 2014-07-22 08:47 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-22 08:47 - 2014-07-22 08:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-22 08:47 - 2014-07-22 08:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-22 08:45 - 2014-07-22 08:45 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-22 08:43 - 2014-07-22 08:45 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-22 08:35 - 2014-07-22 08:42 - 91906368 _____ (AVAST Software) C:\Users\Ramona\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-07-22 07:58 - 2014-07-22 08:04 - 00000000 ____D () C:\Users\Ramona\AppData\Roaming\Malwarebytes
2014-07-21 16:12 - 2014-07-22 15:21 - 00000000 ____D () C:\Windows\softwaredistribution.bak6
2014-07-21 15:43 - 2014-07-21 15:43 - 00000000 ____D () C:\Windows\softwaredistribution.bak5
2014-07-21 13:15 - 2014-07-21 13:33 - 00000000 ____D () C:\Windows\softwaredistribution.bak4
2014-07-21 09:55 - 2014-07-21 09:55 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LILLY-Microsoft-Windows-8.1-(64-bit).dat
2014-07-21 07:42 - 2014-07-21 07:42 - 00002182 _____ () C:\Users\Ramona\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-07-21 07:42 - 2014-07-21 07:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-21 07:40 - 2014-07-21 07:40 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-21 07:35 - 2014-07-21 07:35 - 09494656 _____ () C:\Users\Ramona\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-07-19 13:08 - 2014-07-19 13:08 - 00004826 _____ () C:\Users\Ramona\Downloads\unnamed
2014-07-19 13:08 - 2014-07-19 13:08 - 00003513 _____ () C:\Users\Ramona\Downloads\unnamed(1)
2014-07-19 11:32 - 2014-07-19 11:32 - 00000000 ____D () C:\OETemp
2014-07-19 10:29 - 2014-07-20 16:41 - 00000000 ____D () C:\Windows\softwaredistribution.bak3
2014-07-19 10:12 - 2014-07-29 13:41 - 00000000 ____D () C:\AdwCleaner
2014-07-18 17:34 - 2014-07-18 23:58 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-07-18 15:24 - 2014-07-18 15:24 - 00000000 ____D () C:\RegBackup
2014-07-18 12:06 - 2014-07-18 12:06 - 00000000 ____D () C:\Users\Ramona\Documents\tweaking.com_windows_repair_aio
2014-07-18 11:52 - 2014-07-18 11:52 - 01354223 _____ () C:\Users\Ramona\Downloads\adwcleaner_3.216.exe
2014-07-18 08:18 - 2014-07-19 09:28 - 00000000 ____D () C:\Windows\softwaredistribution.bak2
2014-07-18 08:11 - 2014-07-18 08:11 - 00000000 ____D () C:\Windows\softwaredistribution.bak1
2014-07-17 16:09 - 2014-07-18 08:02 - 00000000 ____D () C:\Windows\softwaredistribution.bak
2014-07-16 10:57 - 2014-07-16 10:57 - 00000611 _____ () C:\DelFix.txt
2014-07-16 08:02 - 2014-07-16 08:02 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-07-15 23:21 - 2014-07-15 23:21 - 00038064 _____ (Microsoft Corporation) C:\Users\Ramona\Downloads\clearcompressionflag.exe
2014-07-15 16:03 - 2014-07-24 14:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-15 16:03 - 2014-07-24 09:19 - 00001070 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-15 16:02 - 2014-07-24 09:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-15 11:16 - 2014-07-15 11:16 - 00001092 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-07-15 11:16 - 2014-07-15 11:16 - 00000000 ____D () C:\Users\Ramona\AppData\Local\Secunia PSI
2014-07-15 11:16 - 2014-07-15 11:16 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-07-15 08:36 - 2014-07-15 08:37 - 05329480 _____ (Secunia) C:\Users\Ramona\Downloads\PSISetup_3.0.0.9016.exe
2014-07-14 14:22 - 2014-07-14 14:22 - 00000114 _____ () C:\ProgramData\lxduJSW.log
2014-07-12 19:06 - 2014-07-12 19:06 - 00003432 _____ () C:\Windows\System32\Tasks\Reimage Reminder
2014-07-12 19:05 - 2014-07-12 19:05 - 00004270 _____ () C:\Windows\System32\Tasks\ReimageUpdater
2014-07-12 19:03 - 2014-07-15 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2014-07-12 19:03 - 2014-07-12 19:05 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-07-12 19:02 - 2014-07-12 19:06 - 00000000 ____D () C:\rei
2014-07-12 19:00 - 2014-07-12 19:06 - 00000163 _____ () C:\Windows\Reimage.ini
2014-07-12 19:00 - 2014-07-12 19:00 - 04411088 _____ (Systweak Inc ) C:\Users\Ramona\Downloads\rcpafterdownloadcp_ntb_ad_30115_cpntb1.exe
2014-07-10 14:20 - 2014-07-10 14:20 - 00001235 _____ () C:\Users\Ramona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iexplore.lnk
2014-07-09 19:08 - 2014-07-20 09:48 - 00000000 ____D () C:\Users\Ramona\Desktop\Ausbildung beim Pferd
2014-07-09 13:20 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-07-09 13:20 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-07-09 13:20 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-07-09 13:20 - 2014-05-31 12:07 - 00467800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-07-09 13:20 - 2014-05-31 12:07 - 00440664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-07-09 13:20 - 2014-05-31 12:07 - 00419672 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-07-09 13:20 - 2014-05-31 12:07 - 00089944 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-07-09 13:20 - 2014-05-31 12:07 - 00027480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-07-09 13:20 - 2014-05-31 08:30 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-07-09 13:20 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-07-09 13:20 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-07-09 13:20 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-07-09 13:20 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-07-09 13:20 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-07-09 13:20 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-09 13:20 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\DaOtpCredentialProvider.dll
2014-07-09 13:20 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-07-09 13:20 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-07-09 13:19 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-07-09 13:14 - 2014-07-09 13:14 - 00000000 ____D () C:\ProgramData\SUPERSetup
2014-07-09 12:53 - 2014-06-26 22:55 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 12:53 - 2014-06-26 22:55 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 12:44 - 2014-07-09 12:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 12:38 - 2014-07-11 08:20 - 00000000 ____D () C:\Users\Ramona\Desktop\JRT Berichte,anti malware
2014-07-09 12:34 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-07-09 11:59 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 11:59 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 11:58 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 11:58 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 11:57 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-07-09 11:57 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-07-09 11:57 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-07-09 11:57 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-07-09 11:57 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-09 11:57 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 11:56 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 11:56 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 11:56 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 11:56 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 11:56 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 11:56 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 11:55 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 11:55 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 11:55 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 11:55 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 11:55 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 11:55 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 11:55 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 11:55 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 11:55 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 11:55 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 11:55 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 11:55 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 11:55 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 11:55 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 11:55 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 11:55 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 11:55 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 11:55 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 11:55 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 11:55 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 11:55 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 11:53 - 2014-07-01 00:45 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 11:53 - 2014-06-28 09:48 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 11:53 - 2014-06-28 09:07 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-09 11:53 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 11:53 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 11:53 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-09 11:53 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-07-09 11:53 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-07-09 11:53 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-07-09 11:53 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 11:53 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-09 11:53 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-09 11:53 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 11:53 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-09 11:53 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-09 11:53 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-09 11:53 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-07-09 11:53 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 11:53 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-07-09 11:53 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 11:26 - 2014-07-09 11:26 - 00000000 ____D () C:\Windows\ERUNT
2014-07-09 10:43 - 2014-07-09 10:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-07-09 10:02 - 2014-07-22 07:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-09 09:56 - 2014-07-09 09:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ramona\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-09 09:31 - 2014-07-09 09:31 - 00000000 ____D () C:\Users\Ramona\AppData\Local\Temp36c47aff403782efbdb96d7133505786
2014-07-09 09:30 - 2014-07-09 09:31 - 00000000 ____D () C:\Users\Ramona\AppData\Roaming\Security System 2
2014-07-09 09:27 - 2014-07-09 09:27 - 00000000 ____D () C:\Users\Ramona\ChromeExtensions
2014-07-09 09:27 - 2014-07-09 09:27 - 00000000 ____D () C:\Users\Ramona\AppData\Local\Tempad847bd322cc86fae30c58bfedab9234
2014-07-09 08:54 - 2014-07-09 08:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-07-06 16:52 - 2014-07-06 16:25 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140706-165247.backup
2014-07-06 16:25 - 2013-08-22 15:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140706-162548.backup
2014-07-04 13:13 - 2014-07-04 13:13 - 00000000 ____D () C:\Users\Ramona\AppData\Roaming\Opera Software
2014-07-04 13:13 - 2014-07-04 13:13 - 00000000 ____D () C:\Users\Ramona\AppData\Local\Opera Software
2014-07-04 13:06 - 2014-07-23 13:04 - 00000000 ____D () C:\Users\Ramona\Documents\TuneUp Utilities 2014 14.0.1000.88 (FULL + Crack)
2014-07-04 11:19 - 2014-07-04 11:28 - 00000000 ____D () C:\Users\Ramona\AppData\Roaming\ALDITALKVerbindungsassistent
2014-07-04 11:18 - 2014-07-06 14:58 - 00000000 ____D () C:\Program Files (x86)\ALDITALKVerbindungsassistent
2014-07-02 10:35 - 2014-07-02 10:36 - 00000000 ____D () C:\Users\Ramona\Documents\mietkaution rückzahlung
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-31 08:15 - 2014-07-31 08:14 - 00016605 _____ () C:\Users\Ramona\Downloads\FRST.txt
2014-07-31 08:14 - 2014-07-31 08:13 - 00000000 ____D () C:\FRST
2014-07-31 08:11 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-07-31 08:06 - 2014-07-31 08:05 - 02094080 _____ (Farbar) C:\Users\Ramona\Downloads\FRST64.exe
2014-07-31 08:05 - 2014-07-22 16:34 - 02013100 _____ () C:\Windows\WindowsUpdate.log
2014-07-31 08:04 - 2014-05-27 23:45 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{20E45890-8E23-453E-AAAD-B0631389CD72}
2014-07-31 07:59 - 2014-05-27 23:22 - 00000000 __RDO () C:\Users\Ramona\SkyDrive
2014-07-31 07:58 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-30 22:29 - 2014-05-08 07:00 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-07-30 22:24 - 2014-06-01 19:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-30 20:43 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-30 12:16 - 2014-06-07 10:31 - 00000000 ____D () C:\Users\Ramona\AppData\Local\Battle.net
2014-07-30 08:23 - 2014-05-27 23:10 - 00003592 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-411219997-75583767-915356665-1001
2014-07-30 08:08 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-29 13:41 - 2014-07-19 10:12 - 00000000 ____D () C:\AdwCleaner
2014-07-29 08:03 - 2014-07-22 16:14 - 00000000 ____D () C:\Windows\softwaredistribution.bak7
2014-07-28 17:16 - 2014-07-28 17:15 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Ramona\Downloads\rkill.com
2014-07-28 15:33 - 2014-07-28 15:33 - 00336024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-25 19:34 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-07-25 18:57 - 2014-06-12 20:02 - 00000000 ____D () C:\Users\Ramona\AppData\Roaming\Spotify
2014-07-25 12:39 - 2014-06-07 10:28 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-24 23:42 - 2014-05-27 23:00 - 00000000 ____D () C:\Users\Ramona
2014-07-24 17:15 - 2014-06-18 15:34 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-07-24 14:04 - 2014-07-15 16:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-24 14:04 - 2014-06-08 13:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 14:04 - 2014-06-08 13:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 12:10 - 2014-06-08 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 09:19 - 2014-07-24 09:19 - 00001058 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-24 09:19 - 2014-07-15 16:03 - 00001070 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-24 09:19 - 2014-07-15 16:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 13:54 - 2013-08-22 15:25 - 86507520 _____ () C:\Windows\system32\config\SOFTWARE_tureg_old
2014-07-23 13:54 - 2013-08-22 15:25 - 22806528 _____ () C:\Windows\system32\config\SYSTEM_tureg_old
2014-07-23 13:54 - 2013-08-22 15:25 - 00024576 _____ () C:\Windows\system32\config\SECURITY_tureg_old
2014-07-23 13:53 - 2013-08-22 15:25 - 04980736 _____ () C:\Windows\system32\config\DEFAULT_tureg_old
2014-07-23 13:53 - 2013-08-22 15:25 - 00069632 _____ () C:\Windows\system32\config\SAM_tureg_old
2014-07-23 13:17 - 2014-05-08 07:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-23 13:08 - 2014-07-23 13:08 - 00007843 _____ () C:\Users\Ramona\Downloads\217864462.eml
2014-07-23 13:04 - 2014-07-04 13:06 - 00000000 ____D () C:\Users\Ramona\Documents\TuneUp Utilities 2014 14.0.1000.88 (FULL + Crack)
2014-07-23 12:56 - 2014-05-08 08:11 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Games
2014-07-23 12:55 - 2014-05-28 01:37 - 00000000 ____D () C:\Users\Ramona\AppData\Roaming\WildTangent
2014-07-23 12:55 - 2014-05-08 07:43 - 00000000 ____D () C:\ProgramData\WildTangent
2014-07-23 12:35 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-22 15:21 - 2014-07-21 16:12 - 00000000 ____D () C:\Windows\softwaredistribution.bak6
2014-07-22 13:58 - 2014-07-22 13:58 - 02347384 _____ (ESET) C:\Users\Ramona\Downloads\esetsmartinstaller_deu.exe
2014-07-22 10:38 - 2014-05-08 07:34 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-22 10:28 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-07-22 09:33 - 2014-07-22 09:33 - 00001999 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-07-22 09:33 - 2014-07-22 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-22 09:31 - 2014-07-22 08:47 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-22 09:28 - 2014-07-22 09:30 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-07-22 09:28 - 2014-07-22 09:28 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-07-22 09:01 - 2014-07-22 09:01 - 00000000 ____D () C:\Users\Ramona\AppData\Roaming\AVAST Software
2014-07-22 08:48 - 2014-07-22 08:47 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-22 08:47 - 2014-07-22 08:47 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-22 08:47 - 2014-07-22 08:47 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-22 08:47 - 2014-07-22 08:47 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-22 08:47 - 2014-07-22 08:47 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-22 08:47 - 2014-07-22 08:47 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-22 08:47 - 2014-07-22 08:47 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-22 08:47 - 2014-07-22 08:47 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-22 08:47 - 2014-07-22 08:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-22 08:47 - 2014-07-22 08:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-22 08:45 - 2014-07-22 08:45 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-22 08:45 - 2014-07-22 08:43 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-22 08:42 - 2014-07-22 08:35 - 91906368 _____ (AVAST Software) C:\Users\Ramona\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-07-22 08:04 - 2014-07-22 07:58 - 00000000 ____D () C:\Users\Ramona\AppData\Roaming\Malwarebytes
2014-07-22 07:58 - 2014-07-09 10:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 20:04 - 2014-06-05 22:54 - 00797754 _____ () C:\Windows\system32\perfh00C.dat
2014-07-21 20:04 - 2014-06-05 22:54 - 00155206 _____ () C:\Windows\system32\perfc00C.dat
2014-07-21 20:04 - 2013-11-27 19:01 - 04646338 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-21 20:04 - 2013-08-28 12:25 - 00793772 _____ () C:\Windows\system32\perfh013.dat
2014-07-21 20:04 - 2013-08-28 12:25 - 00158352 _____ () C:\Windows\system32\perfc013.dat
2014-07-21 20:04 - 2013-08-28 12:16 - 00789520 _____ () C:\Windows\system32\perfh010.dat
2014-07-21 20:04 - 2013-08-28 12:16 - 00152442 _____ () C:\Windows\system32\perfc010.dat
2014-07-21 20:04 - 2013-08-28 11:59 - 00751874 _____ () C:\Windows\system32\perfh007.dat
2014-07-21 20:04 - 2013-08-28 11:59 - 00155350 _____ () C:\Windows\system32\perfc007.dat
2014-07-21 15:43 - 2014-07-21 15:43 - 00000000 ____D () C:\Windows\softwaredistribution.bak5
2014-07-21 13:33 - 2014-07-21 13:15 - 00000000 ____D () C:\Windows\softwaredistribution.bak4
2014-07-21 11:44 - 2013-08-22 15:25 - 00000160 _____ () C:\Windows\win.ini
2014-07-21 09:55 - 2014-07-21 09:55 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LILLY-Microsoft-Windows-8.1-(64-bit).dat
2014-07-21 07:42 - 2014-07-21 07:42 - 00002182 _____ () C:\Users\Ramona\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-07-21 07:42 - 2014-07-21 07:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-21 07:40 - 2014-07-21 07:40 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-21 07:35 - 2014-07-21 07:35 - 09494656 _____ () C:\Users\Ramona\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-07-20 16:41 - 2014-07-19 10:29 - 00000000 ____D () C:\Windows\softwaredistribution.bak3
2014-07-20 09:48 - 2014-07-09 19:08 - 00000000 ____D () C:\Users\Ramona\Desktop\Ausbildung beim Pferd
2014-07-19 19:41 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-19 13:08 - 2014-07-19 13:08 - 00004826 _____ () C:\Users\Ramona\Downloads\unnamed
2014-07-19 13:08 - 2014-07-19 13:08 - 00003513 _____ () C:\Users\Ramona\Downloads\unnamed(1)
2014-07-19 11:34 - 2014-05-08 06:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-19 11:32 - 2014-07-19 11:32 - 00000000 ____D () C:\OETemp
2014-07-19 09:28 - 2014-07-18 08:18 - 00000000 ____D () C:\Windows\softwaredistribution.bak2
2014-07-18 23:58 - 2014-07-18 17:34 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-07-18 15:24 - 2014-07-18 15:24 - 00000000 ____D () C:\RegBackup
2014-07-18 12:06 - 2014-07-18 12:06 - 00000000 ____D () C:\Users\Ramona\Documents\tweaking.com_windows_repair_aio
2014-07-18 11:52 - 2014-07-18 11:52 - 01354223 _____ () C:\Users\Ramona\Downloads\adwcleaner_3.216.exe
2014-07-18 11:30 - 2014-05-27 23:02 - 00000000 ____D () C:\Users\Ramona\AppData\Local\Packages
2014-07-18 08:11 - 2014-07-18 08:11 - 00000000 ____D () C:\Windows\softwaredistribution.bak1
2014-07-18 08:02 - 2014-07-17 16:09 - 00000000 ____D () C:\Windows\softwaredistribution.bak
2014-07-16 10:57 - 2014-07-16 10:57 - 00000611 _____ () C:\DelFix.txt
2014-07-16 10:24 - 2014-07-24 17:15 - 00043320 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2014-07-16 10:24 - 2014-07-24 17:15 - 00036152 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2014-07-16 10:24 - 2014-07-24 17:15 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-07-16 10:24 - 2014-07-24 17:15 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2014-07-16 10:24 - 2014-06-18 15:41 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2014-07-16 08:02 - 2014-07-16 08:02 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-07-15 23:21 - 2014-07-15 23:21 - 00038064 _____ (Microsoft Corporation) C:\Users\Ramona\Downloads\clearcompressionflag.exe
2014-07-15 22:47 - 2014-06-27 14:14 - 00000000 ____D () C:\Users\Ramona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-07-15 22:47 - 2014-06-01 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-15 22:45 - 2014-07-12 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2014-07-15 11:16 - 2014-07-15 11:16 - 00001092 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-07-15 11:16 - 2014-07-15 11:16 - 00000000 ____D () C:\Users\Ramona\AppData\Local\Secunia PSI
2014-07-15 11:16 - 2014-07-15 11:16 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-07-15 08:37 - 2014-07-15 08:36 - 05329480 _____ (Secunia) C:\Users\Ramona\Downloads\PSISetup_3.0.0.9016.exe
2014-07-14 21:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-07-14 14:22 - 2014-07-14 14:22 - 00000114 _____ () C:\ProgramData\lxduJSW.log
2014-07-14 14:22 - 2014-06-05 22:10 - 00000000 ____D () C:\ProgramData\lx_Cats
2014-07-12 19:06 - 2014-07-12 19:06 - 00003432 _____ () C:\Windows\System32\Tasks\Reimage Reminder
2014-07-12 19:06 - 2014-07-12 19:02 - 00000000 ____D () C:\rei
2014-07-12 19:06 - 2014-07-12 19:00 - 00000163 _____ () C:\Windows\Reimage.ini
2014-07-12 19:05 - 2014-07-12 19:05 - 00004270 _____ () C:\Windows\System32\Tasks\ReimageUpdater
2014-07-12 19:05 - 2014-07-12 19:03 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-07-12 19:00 - 2014-07-12 19:00 - 04411088 _____ (Systweak Inc ) C:\Users\Ramona\Downloads\rcpafterdownloadcp_ntb_ad_30115_cpntb1.exe
2014-07-11 08:20 - 2014-07-09 12:38 - 00000000 ____D () C:\Users\Ramona\Desktop\JRT Berichte,anti malware
2014-07-10 14:20 - 2014-07-10 14:20 - 00001235 _____ () C:\Users\Ramona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iexplore.lnk
2014-07-10 10:52 - 2014-06-07 10:44 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-07-10 06:16 - 2014-07-23 12:35 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-07-10 06:03 - 2014-07-23 12:35 - 04756992 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-07-10 05:33 - 2014-07-23 12:35 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-07-09 13:14 - 2014-07-09 13:14 - 00000000 ____D () C:\ProgramData\SUPERSetup
2014-07-09 13:05 - 2014-06-07 08:56 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-07-09 12:44 - 2014-07-09 12:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 12:44 - 2013-08-22 21:11 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 12:44 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-09 12:44 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 12:44 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 12:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-09 12:40 - 2014-05-28 19:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 12:37 - 2014-05-28 19:15 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 11:26 - 2014-07-09 11:26 - 00000000 ____D () C:\Windows\ERUNT
2014-07-09 11:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\schemas
2014-07-09 10:43 - 2014-07-09 10:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-07-09 09:57 - 2014-07-09 09:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ramona\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-09 09:31 - 2014-07-09 09:31 - 00000000 ____D () C:\Users\Ramona\AppData\Local\Temp36c47aff403782efbdb96d7133505786
2014-07-09 09:31 - 2014-07-09 09:30 - 00000000 ____D () C:\Users\Ramona\AppData\Roaming\Security System 2
2014-07-09 09:27 - 2014-07-09 09:27 - 00000000 ____D () C:\Users\Ramona\ChromeExtensions
2014-07-09 09:27 - 2014-07-09 09:27 - 00000000 ____D () C:\Users\Ramona\AppData\Local\Tempad847bd322cc86fae30c58bfedab9234
2014-07-09 09:22 - 2014-05-29 23:32 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-09 08:54 - 2014-07-09 08:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-07-08 20:25 - 2014-06-01 19:35 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 08:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-06 16:52 - 2013-08-22 15:25 - 00450709 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_360
2014-07-06 16:25 - 2014-07-06 16:52 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140706-165247.backup
2014-07-06 16:05 - 2014-06-01 17:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-06 14:58 - 2014-07-04 11:18 - 00000000 ____D () C:\Program Files (x86)\ALDITALKVerbindungsassistent
2014-07-06 14:55 - 2014-06-22 15:33 - 00000000 ____D () C:\Users\Public\StarStableOnline
2014-07-06 14:55 - 2014-06-07 10:31 - 00000000 ____D () C:\Users\Ramona\AppData\Roaming\Battle.net
2014-07-06 14:55 - 2014-06-05 22:07 - 00000000 ____D () C:\Users\Ramona\Documents\Lexmark 5600-6600 Series
2014-07-06 14:55 - 2014-06-05 22:07 - 00000000 ____D () C:\Users\Ramona\Documents\HP
2014-07-06 14:55 - 2014-05-08 07:25 - 00000000 ____D () C:\Windows\System32\Tasks\TOSHIBA
2014-07-06 14:55 - 2013-08-22 17:36 - 00000000 __RHD () C:\Users\Public\Libraries
2014-07-06 14:54 - 2014-06-18 15:29 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-07-06 14:54 - 2014-06-01 17:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-06 14:54 - 2014-05-29 22:54 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-07-06 14:53 - 2014-06-27 14:10 - 00000000 ____D () C:\Users\Ramona\AppData\Local\Apps\2.0
2014-07-06 14:35 - 2014-06-01 17:38 - 00000000 ____D () C:\Users\Ramona\AppData\Roaming\SUPERAntiSpyware.com
2014-07-06 14:35 - 2014-06-01 16:53 - 00000000 ____D () C:\Users\Ramona\AppData\Local\Mozilla
2014-07-06 14:31 - 2014-06-18 15:30 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-07-04 19:40 - 2014-05-08 08:13 - 00000000 ____D () C:\Users\Public\TOSHIBA
2014-07-04 13:13 - 2014-07-04 13:13 - 00000000 ____D () C:\Users\Ramona\AppData\Roaming\Opera Software
2014-07-04 13:13 - 2014-07-04 13:13 - 00000000 ____D () C:\Users\Ramona\AppData\Local\Opera Software
2014-07-04 13:01 - 2014-06-01 17:38 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-04 11:28 - 2014-07-04 11:19 - 00000000 ____D () C:\Users\Ramona\AppData\Roaming\ALDITALKVerbindungsassistent
2014-07-02 10:36 - 2014-07-02 10:35 - 00000000 ____D () C:\Users\Ramona\Documents\mietkaution rückzahlung
2014-07-01 00:45 - 2014-07-09 11:53 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
Some content of TEMP:
====================
C:\Users\Ramona\AppData\Local\Temp\mbam-setup.exe
C:\Users\Ramona\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-28 17:42
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
-FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 01
Ran by Ramona at 2014-07-31 08:17:25
Running from C:\Users\Ramona\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.8.1245.73583 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.8.1245.73583 - Alcor Micro Corp.) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.303.509 - Alps Electric)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5D42947B-E961-C0B5-5A70-EA0F753331EB}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
AMD Start Now (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Evernote (HKLM-x32\...\Evernote) (Version: 1.0.0 - Evernote Launcher by Toshiba Europe GmbH)
IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT)
Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version: - Lexmark International, Inc.)
Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Securita Scout (HKLM-x32\...\Securita Scout) (Version: - ) <==== ATTENTION
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
TOSHIBA Addendum (HKLM-x32\...\{C1569944-FAD6-4B3B-85E5-C213C2FF8EFC}) (Version: 1.00 - TOSHIBA)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{5F6AC07E-50EF-422E-B56E-6521E5B35139}) (Version: 1.1.12.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.346 - Toshiba Corporation)
TOSHIBA Password Utility (x32 Version: 3.00.346 - Toshiba Corporation) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.00.6403 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.5.0 - Toshiba Europe GmbH)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.2 - Tweaking.com)
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
21-07-2014 13:25:20 Geplanter Prüfpunkt
28-07-2014 07:30:02 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2014-07-21 11:44 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {209890F2-E1A0-4CA2-A1DB-8003D0E6EEFE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3D29DD94-0055-42DE-8962-99E9E41AE1B8} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-19] (Toshiba Europe GmbH)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {596ED7F4-48C7-4E98-802A-88D51E691985} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {5B71CA54-18A5-4A1B-903D-0E4012F2AED1} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {5DE2ACA8-A967-445B-934E-A3D562E068E6} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {67AB553B-EA5C-4522-8321-6FC1C091F01F} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {782B17F4-9D27-4944-9286-93012D03F593} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe [2010-02-04] (Lexmark International Inc.)
Task: {79A98941-A16B-4310-931F-014485EA1CD6} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {7E7D0D41-24E0-4D7C-B455-3638B0E8F59F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8BA4891F-8D1D-4A56-9B8C-F364E4E93A57} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {94E9D538-3953-42C0-AC99-503ED52FF2CA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-22] (AVAST Software)
Task: {95764AE5-91C8-41AF-9734-E2334C47C7A8} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {97923249-2DF2-4F3E-A0ED-FC5335E7C876} - System32\Tasks\Games\UpdateCheck_S-1-5-21-411219997-75583767-915356665-1001
Task: {9D804763-2F92-422A-86A5-F241C7EB72A3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-09] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {BA78E8F3-D95B-41B6-AA09-32E441176C9E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {BFA81C95-AC76-4865-A180-310CA43951EA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D4008D82-D7E6-416E-8617-4957F672CEBA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DA83CC82-BE92-4DD2-B2A0-CFB3C061C853} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F27F4C2C-E79E-4B46-B75D-2643F772894E} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {F88961DD-E68C-44E6-82F1-79966DF59B15} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-06-05 22:10 - 2009-10-16 16:07 - 00186880 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdudrpp.dll
2013-08-31 04:47 - 2013-08-31 04:47 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-07-16 10:24 - 2014-07-16 10:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2014-06-05 23:09 - 2010-02-04 06:10 - 00676520 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
2013-08-31 04:47 - 2013-08-31 04:47 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2014-07-22 08:46 - 2014-07-22 08:46 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-30 20:29 - 2014-07-30 20:29 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14073002\algo.dll
2014-06-01 17:04 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-01 17:04 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-01 17:04 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-01 17:04 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-01 17:04 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-06-05 23:09 - 2010-02-04 05:52 - 00380928 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll
2014-06-05 23:08 - 2010-02-04 05:36 - 00188416 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
2014-06-05 23:08 - 2009-10-16 11:53 - 00073728 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducats.dll
2014-06-05 23:09 - 2010-02-04 05:52 - 01036288 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduDRS.dll
2014-06-05 23:09 - 2010-02-04 05:52 - 00081920 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll
2014-06-05 23:09 - 2010-02-04 05:35 - 00069632 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll
2014-06-05 23:09 - 2010-02-04 04:27 - 00380928 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\iptk.dll
2014-06-05 23:09 - 2007-09-06 06:11 - 00151552 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduptp.dll
2014-07-22 08:46 - 2014-07-22 08:46 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-15 16:02 - 2014-07-17 07:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Ramona\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Ramona\Downloads\217864462.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "Apoint"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run: => "TSSSrv"
HKLM\...\StartupApproved\Run: => "TosWaitSrv"
HKLM\...\StartupApproved\Run: => "Zune Launcher"
HKLM\...\StartupApproved\Run32: => "1.TPUReg"
HKLM\...\StartupApproved\Run32: => "AmIcoSinglun64"
HKLM\...\StartupApproved\Run32: => "TSVU"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/31/2014 08:07:37 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service
Error: (07/31/2014 08:07:37 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Der Dienst TMachInfo kann nicht auf dem Computer . gestartet werden.
Error: (07/30/2014 10:27:19 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service
Error: (07/30/2014 10:27:19 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Der Dienst TMachInfo kann nicht auf dem Computer . gestartet werden.
Error: (07/30/2014 08:52:48 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service
Error: (07/30/2014 08:52:48 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Der Dienst TMachInfo kann nicht auf dem Computer . gestartet werden.
Error: (07/30/2014 06:20:35 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service
Error: (07/30/2014 06:20:35 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Der Dienst TMachInfo kann nicht auf dem Computer . gestartet werden.
Error: (07/30/2014 08:01:30 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service
Error: (07/30/2014 08:01:30 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Der Dienst TMachInfo kann nicht auf dem Computer . gestartet werden.
System errors:
=============
Error: (07/31/2014 07:59:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (07/31/2014 07:58:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxduCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/31/2014 07:58:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxduCATSCustConnectService erreicht.
Error: (07/30/2014 10:29:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062
Error: (07/30/2014 10:22:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (07/30/2014 10:22:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxduCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/30/2014 10:22:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxduCATSCustConnectService erreicht.
Error: (07/30/2014 08:45:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (07/30/2014 08:44:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxduCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/30/2014 08:44:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxduCATSCustConnectService erreicht.
Microsoft Office Sessions:
=========================
Error: (07/31/2014 08:07:37 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service
Error: (07/31/2014 08:07:37 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Der Dienst TMachInfo kann nicht auf dem Computer . gestartet werden.
Error: (07/30/2014 10:27:19 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service
Error: (07/30/2014 10:27:19 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Der Dienst TMachInfo kann nicht auf dem Computer . gestartet werden.
Error: (07/30/2014 08:52:48 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service
Error: (07/30/2014 08:52:48 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Der Dienst TMachInfo kann nicht auf dem Computer . gestartet werden.
Error: (07/30/2014 06:20:35 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service
Error: (07/30/2014 06:20:35 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Der Dienst TMachInfo kann nicht auf dem Computer . gestartet werden.
Error: (07/30/2014 08:01:30 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service
Error: (07/30/2014 08:01:30 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Der Dienst TMachInfo kann nicht auf dem Computer . gestartet werden.
CodeIntegrity Errors:
===================================
Date: 2014-07-31 07:59:32.978
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-07-30 22:22:55.110
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-07-30 20:45:09.589
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-07-30 18:13:31.107
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-07-30 07:57:56.533
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-07-29 13:43:19.098
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-07-29 08:03:23.655
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-07-28 17:27:43.730
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-07-28 15:33:58.786
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-07-28 11:49:51.630
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 3523.07 MB
Available physical RAM: 1850.15 MB
Total Pagefile: 4227.07 MB
Available Pagefile: 2413.84 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (TI31251100A) (Fixed) (Total:454.75 GB) (Free:340.88 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
--- --- --- |
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
Farbar Service Scanner 
