Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Komplette Säuberung (Entfernen von Viren usw) (https://www.trojaner-board.de/154708-komplette-saeuberung-entfernen-viren-usw.html)

DerTK 02.06.2014 19:19
Komplette Säuberung (Entfernen von Viren usw)
 
Hallo liebe Community
Da mir schon einmal erfolgreich geholfen wurde würde ich mich freuen wenn ihr mir erneut helfen könnt.
Ich hab einen Laptop mit Win7 64Bit. Dieser Laptop braucht unbedingt eine Säuberung von Viren und Maleware. Ich habe bereits Avast (Komplett Scan) gemacht. Allerdings konnten einige Datein nicht bereinigt werden, aber sie werden erkannt.

Vielen Dank und liebe grüße Eric

M-K-D-B 02.06.2014 19:54
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!





Kannst du mir bitte diese Logdateien posten?



Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


DerTK 03.06.2014 13:10
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Lieselotte (administrator) on TOSHIBAPC on 03-06-2014 14:01:14
Running from C:\Users\Lieselotte\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [618496 2014-05-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-09-02] (Nero AG)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-03-03] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [1025536 2014-05-11] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-15] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-15] (AVAST Software)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\S-1-5-21-780732927-2335787003-2089580044-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe [250016 2012-03-02] (Adobe Systems, Inc.)
HKU\S-1-5-21-780732927-2335787003-2089580044-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-780732927-2335787003-2089580044-1000\...\Policies\Explorer: [HideSCAHealth] 0
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {5F7A43CC-8253-4EBC-AF13-C8948D6720E1} URL = hxxp://go.web.de/suchbox/google?q={searchTerms}
SearchScopes: HKCU - {29BE1EDC-CCD5-4C82-9684-551B3DC1E9FF} URL = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
SearchScopes: HKCU - {42F18C53-EAA5-4FC7-8398-53D7038E877B} URL =
SearchScopes: HKCU - {5F7A43CC-8253-4EBC-AF13-C8948D6720E1} URL = hxxp://go.web.de/suchbox/google?q={searchTerms}
SearchScopes: HKCU - {77185687-D41E-4C9C-B1A5-3E6C9EC5E943} URL = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
SearchScopes: HKCU - {F477D03C-2652-4632-9A60-374F3EB06A5D} URL = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Lieselotte\AppData\Roaming\Mozilla\Firefox\Profiles\7o7bb6oi.default
FF NetworkProxy: "type", 0
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: . - C:\Users\Lieselotte\AppData\Roaming\Mozilla\Firefox\Profiles\7o7bb6oi.default\Extensions\{266d0974-cf31-d336-be42-27190e6f0539} [2014-05-07]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-15]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-15] (AVAST Software)
R2 COMSysApp; C:\Windows\system32\dllhost.exe [611328 2014-05-01] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [851456 2014-05-15] (Malwarebytes Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)
S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 vds; %SystemRoot%\System32\vds.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-15] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-03 14:01 - 2014-06-03 14:02 - 00013763 _____ () C:\Users\Lieselotte\Desktop\FRST.txt
2014-06-03 14:00 - 2014-06-03 14:01 - 00000000 ____D () C:\FRST
2014-06-03 13:59 - 2014-06-03 14:00 - 02068992 _____ (Farbar) C:\Users\Lieselotte\Desktop\FRST64.exe
2014-05-15 22:37 - 2014-05-15 22:37 - 00064152 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-05-15 15:58 - 2014-05-15 15:58 - 00000000 ____D () C:\Users\Lieselotte\AppData\Roaming\AVAST Software
2014-05-15 15:57 - 2014-05-15 15:57 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-15 15:57 - 2014-05-15 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-15 15:56 - 2014-05-17 18:48 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-15 15:56 - 2014-05-15 15:57 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 15:56 - 2014-05-15 15:57 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 15:56 - 2014-05-15 15:57 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 15:56 - 2014-05-15 15:55 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400162261221
2014-05-15 15:56 - 2014-05-15 15:55 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400162261221
2014-05-15 15:56 - 2014-05-15 15:55 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-15 15:56 - 2014-05-15 15:55 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-15 15:56 - 2014-05-15 15:55 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-15 15:56 - 2014-05-15 15:55 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-15 15:56 - 2014-05-15 15:55 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-15 15:55 - 2014-05-15 15:55 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-15 15:55 - 2014-05-15 15:55 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-15 15:53 - 2014-05-18 00:23 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 15:53 - 2014-05-15 15:53 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 15:53 - 2014-05-15 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 15:53 - 2014-05-15 15:53 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-15 15:52 - 2014-05-15 20:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 15:52 - 2014-05-15 15:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 15:52 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-15 15:52 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-15 15:52 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-15 15:50 - 2014-05-15 15:51 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Lieselotte\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 15:49 - 2014-05-15 15:51 - 88882192 _____ (AVAST Software) C:\Users\Lieselotte\Downloads\avast_free18_antivirus_setup(1).exe
2014-05-11 02:07 - 2014-05-15 15:51 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-11 01:49 - 2014-05-11 02:06 - 43813573 _____ (AVAST Software) C:\Users\Lieselotte\Downloads\avast_free18_antivirus_setup.exe
2014-05-08 20:49 - 2014-05-08 20:49 - 00000000 ____D () C:\Users\Lieselotte\AppData\Local\Macromedia
2014-05-08 20:33 - 2014-05-08 15:00 - 1935113528 ____N () C:\Users\Lieselotte\Desktop\The_Expendables_2.mp4
2014-05-07 22:03 - 2014-05-07 22:03 - 00000000 ____D () C:\Users\Lieselotte\AppData\Roaming\Avira
2014-05-07 21:29 - 2014-05-08 22:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-07 21:29 - 2014-05-08 22:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-07 21:25 - 2014-05-07 21:31 - 00000000 ____D () C:\ProgramData\Avira
2014-05-07 21:25 - 2014-05-07 21:31 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-07 21:24 - 2014-05-08 22:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-07 20:54 - 2014-05-18 00:55 - 00000003 _____ () C:\ProgramData\bgdfibaj34.nls

==================== One Month Modified Files and Folders =======

2014-06-03 14:02 - 2014-06-03 14:01 - 00013763 _____ () C:\Users\Lieselotte\Desktop\FRST.txt
2014-06-03 14:02 - 2011-02-04 15:00 - 00000000 ____D () C:\Users\Lieselotte\AppData\Local\Temp
2014-06-03 14:01 - 2014-06-03 14:00 - 00000000 ____D () C:\FRST
2014-06-03 14:00 - 2014-06-03 13:59 - 02068992 _____ (Farbar) C:\Users\Lieselotte\Desktop\FRST64.exe
2014-06-03 13:56 - 2011-03-16 17:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 13:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-03 13:53 - 2009-07-14 06:51 - 00070627 _____ () C:\Windows\setupact.log
2014-06-03 13:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-05-18 00:55 - 2014-05-07 20:54 - 00000003 _____ () C:\ProgramData\bgdfibaj34.nls
2014-05-18 00:35 - 2009-07-14 19:58 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-05-18 00:35 - 2009-07-14 19:58 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-05-18 00:35 - 2009-07-14 07:13 - 01621862 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-18 00:23 - 2014-05-15 15:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 18:48 - 2014-05-15 15:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-17 18:47 - 2010-10-19 13:28 - 00735744 ____T (TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
2014-05-17 11:07 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-05-17 09:12 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-17 09:12 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-15 22:37 - 2014-05-15 22:37 - 00064152 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-05-15 22:35 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-05-15 21:12 - 2014-04-22 11:08 - 00000000 ____D () C:\Users\Lieselotte\AppData\Roaming\Ivase
2014-05-15 20:42 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-15 20:41 - 2013-03-14 16:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-15 20:41 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-05-15 20:24 - 2014-05-15 15:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 18:18 - 2013-10-26 19:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-05-15 18:15 - 2010-12-07 06:14 - 00117708 _____ () C:\Windows\PFRO.log
2014-05-15 18:11 - 2011-06-24 09:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2014-05-15 18:11 - 2009-07-14 01:19 - 00020992 ____T (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
2014-05-15 18:08 - 2011-02-04 21:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-15 18:08 - 2011-02-04 15:00 - 00000000 ___RD () C:\Users\Lieselotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 18:08 - 2010-10-19 13:46 - 00000000 ____D () C:\Program Files\Amazon
2014-05-15 18:08 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 16:02 - 2009-07-14 01:43 - 00007168 ____T (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
2014-05-15 15:58 - 2014-05-15 15:58 - 00000000 ____D () C:\Users\Lieselotte\AppData\Roaming\AVAST Software
2014-05-15 15:57 - 2014-05-15 15:57 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-15 15:57 - 2014-05-15 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-15 15:57 - 2014-05-15 15:56 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 15:57 - 2014-05-15 15:56 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 15:57 - 2014-05-15 15:56 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 15:55 - 2014-05-15 15:56 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400162261221
2014-05-15 15:55 - 2014-05-15 15:56 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400162261221
2014-05-15 15:55 - 2014-05-15 15:56 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-15 15:55 - 2014-05-15 15:56 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-15 15:55 - 2014-05-15 15:56 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-15 15:55 - 2014-05-15 15:56 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-15 15:55 - 2014-05-15 15:56 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-15 15:55 - 2014-05-15 15:55 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-15 15:55 - 2014-05-15 15:55 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-15 15:53 - 2014-05-15 15:53 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 15:53 - 2014-05-15 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 15:53 - 2014-05-15 15:53 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-15 15:52 - 2014-05-15 15:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 15:51 - 2014-05-15 15:50 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Lieselotte\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 15:51 - 2014-05-15 15:49 - 88882192 _____ (AVAST Software) C:\Users\Lieselotte\Downloads\avast_free18_antivirus_setup(1).exe
2014-05-15 15:51 - 2014-05-11 02:07 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-15 00:43 - 2013-10-26 19:06 - 00000000 ____D () C:\Users\Lieselotte\AppData\Roaming\SoftGrid Client
2014-05-14 22:06 - 2013-12-29 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
2014-05-11 02:06 - 2014-05-11 01:49 - 43813573 _____ (AVAST Software) C:\Users\Lieselotte\Downloads\avast_free18_antivirus_setup.exe
2014-05-08 22:34 - 2014-05-07 21:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-08 22:34 - 2014-05-07 21:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-08 22:34 - 2014-05-07 21:24 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-08 22:34 - 2014-02-01 11:39 - 00000000 ____D () C:\Users\Lieselotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-05-08 22:34 - 2012-06-01 08:55 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-08 22:34 - 2010-12-07 06:26 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-05-08 22:34 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-08 21:39 - 2010-12-07 06:03 - 01350304 _____ () C:\Windows\WindowsUpdate.log
2014-05-08 21:35 - 2011-02-04 15:00 - 00000000 ____D () C:\Users\Lieselotte
2014-05-08 20:49 - 2014-05-08 20:49 - 00000000 ____D () C:\Users\Lieselotte\AppData\Local\Macromedia
2014-05-08 15:00 - 2014-05-08 20:33 - 1935113528 ____N () C:\Users\Lieselotte\Desktop\The_Expendables_2.mp4
2014-05-07 22:03 - 2014-05-07 22:03 - 00000000 ____D () C:\Users\Lieselotte\AppData\Roaming\Avira
2014-05-07 21:31 - 2014-05-07 21:25 - 00000000 ____D () C:\ProgramData\Avira
2014-05-07 21:31 - 2014-05-07 21:25 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-07 21:06 - 2014-04-22 11:08 - 00000000 ____D () C:\Users\Lieselotte\AppData\Roaming\Vuixl

Some content of TEMP:
====================
C:\Users\Lieselotte\AppData\Local\Temp\AskSLib.dll
C:\Users\Lieselotte\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Lieselotte\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Lieselotte\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Lieselotte\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Lieselotte\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe
C:\Users\Lieselotte\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Lieselotte\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe
[2009-07-14 01:19] - [2014-05-15 18:11] - 0020992 ___AT (Microsoft Corporation) F62A9F79C27C17559BBF4B3336877211

C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-06 14:58

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Lieselotte at 2014-06-03 14:02:51
Running from C:\Users\Lieselotte\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

1&1 EasyLogin (HKLM-x32\...\1&1 EasyLogin) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.0.3.13070 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.1.102.62 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Amazon.de (HKLM-x32\...\{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}) (Version:  - Amazon EU S.a.r.L.)
ATI Catalyst Install Manager (HKLM\...\{B6DB58D2-E7E8-5B0F-65F8-B76713C0AF75}) (Version: 3.0.786.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0727.2126.36625 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help English (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help French (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help German (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0727.2126.36625 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0727.2126.36625 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eBay (HKLM-x32\...\{FDE58148-57E7-43BF-879A-29CCE818C078}) (Version: 1.1.9 - eBay Inc.)
Farm Mania 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Java(TM) 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)
Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.1.55.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 10.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 10.0.2 (x86 de)) (Version: 10.0.2 - Mozilla)
Mozilla Thunderbird (3.1.20) (HKLM-x32\...\Mozilla Thunderbird (3.1.20)) (Version: 3.1.20 (de) - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.24700.31.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11300.14.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.2.200.0.2 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.16800.7.15 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.12100.22.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.11400.15.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.14800.28.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}) (Version: 10.0.15000 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.11800.26.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.12300.27.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.2.0-545 - myphotobook GmbH)
Photo Service - powered by myphotobook (x32 Version: 1.2.0 - myphotobook GmbH) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{E0FAA369-B0E3-48B8-9447-4873103B0012}) (Version: 8.0.33 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.11C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.27C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.27C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.11 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.09.0001 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.16.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.10C - TOSHIBA CORPORATION) Hidden
TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.10C - TOSHIBA CORPORATION)
Toshiba TEMPRO (HKLM-x32\...\{DBB7021A-3437-446F-ACE5-7261644A972C}) (Version: 3.33 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.5 - WildTangent)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {266FB74D-942B-4492-BB30-D1D5C03EB327} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-06-03] (TOSHIBA CORPORATION)
Task: {E332BD37-886B-4340-884E-6EC996DDCDCA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-15] (AVAST Software)

==================== Loaded Modules (whitelisted) =============

2010-04-23 13:58 - 2010-04-23 13:58 - 03409256 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll
2009-07-14 01:59 - 2014-05-01 17:08 - 00611328 ____T () C:\Windows\system32\dllhost.exe
2010-04-07 17:07 - 2010-04-07 17:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 14:26 - 2009-11-03 14:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-10-19 13:23 - 2010-08-31 15:21 - 00017272 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 17:38 - 2009-07-25 17:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-10-13 11:00 - 2009-10-13 11:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-07-27 22:25 - 2010-07-27 22:25 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-05-18 00:23 - 2014-05-18 00:23 - 02253312 _____ () C:\Program Files\AVAST Software\Avast\defs\14051701\algo.dll
2014-06-03 13:57 - 2014-06-03 13:57 - 02260480 _____ () C:\Program Files\AVAST Software\Avast\defs\14060300\algo.dll
2014-05-15 15:55 - 2014-05-15 15:55 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-03-02 17:23 - 2012-02-16 16:55 - 01911768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-03-02 17:28 - 2012-03-02 17:28 - 08527008 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2014 01:56:07 PM) (Source: TeamViewer8) (EventID: 0) (User: )
Description: TeamViewer8TeamViewer8 failed with error "Verification of the TeamViewer service failed!" (1008)

Error: (06/03/2014 01:53:36 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegCreateKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Zugriff verweigert


Vorgang:
  Generator wird initialisiert

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {dced5336-6155-4961-a6e3-10c20a00f369}

Error: (06/03/2014 01:53:28 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.

Error: (05/18/2014 00:22:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TosVolRegulator.exe, Version: 1.0.0.6, Zeitstempel: 0x4ad82984
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000144a
ID des fehlerhaften Prozesses: 0x6a0
Startzeit der fehlerhaften Anwendung: 0xTosVolRegulator.exe0
Pfad der fehlerhaften Anwendung: TosVolRegulator.exe1
Pfad des fehlerhaften Moduls: TosVolRegulator.exe2
Berichtskennung: TosVolRegulator.exe3

Error: (05/18/2014 00:21:51 AM) (Source: TeamViewer8) (EventID: 0) (User: )
Description: TeamViewer8TeamViewer8 failed with error "Verification of the TeamViewer service failed!" (1008)

Error: (05/18/2014 00:21:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: infocard.exe, Version: 3.0.4506.5420, Zeitstempel: 0x4c1442c5
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1677
Ausnahmecode: 0xe0434f4d
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0x9e4
Startzeit der fehlerhaften Anwendung: 0xinfocard.exe0
Pfad der fehlerhaften Anwendung: infocard.exe1
Pfad des fehlerhaften Moduls: infocard.exe2
Berichtskennung: infocard.exe3

Error: (05/18/2014 00:21:16 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegCreateKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Zugriff verweigert


Vorgang:
  Generator wird initialisiert

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {d4aec457-e562-4e2c-a92d-9243c4174268}

Error: (05/18/2014 00:20:55 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.

Error: (05/17/2014 08:50:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TODDSrv.exe, Version: 1.0.0.7, Zeitstempel: 0x4ab504e8
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000144a
ID des fehlerhaften Prozesses: 0xd74
Startzeit der fehlerhaften Anwendung: 0xTODDSrv.exe0
Pfad der fehlerhaften Anwendung: TODDSrv.exe1
Pfad des fehlerhaften Moduls: TODDSrv.exe2
Berichtskennung: TODDSrv.exe3

Error: (05/17/2014 08:50:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: dllhost.exe, Version: 0.0.0.0, Zeitstempel: 0x4ae8d82b
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x748
Startzeit der fehlerhaften Anwendung: 0xdllhost.exe0
Pfad der fehlerhaften Anwendung: dllhost.exe1
Pfad des fehlerhaften Moduls: dllhost.exe2
Berichtskennung: dllhost.exe3


System errors:
=============
Error: (06/03/2014 02:02:53 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}225{883FF1FC-09E1-48E5-8E54-E2469ACB0CFD}

Error: (06/03/2014 01:57:24 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}225{C39EE728-D419-4BD4-A3EF-EDA059DBD935}

Error: (06/03/2014 01:56:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%32

Error: (06/03/2014 01:56:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%32

Error: (06/03/2014 01:56:17 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 32WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (06/03/2014 01:56:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%32

Error: (06/03/2014 01:56:16 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 32WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (06/03/2014 01:56:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "vds" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/03/2014 01:56:02 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}225{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (06/03/2014 01:54:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================
Error: (06/03/2014 01:56:07 PM) (Source: TeamViewer8) (EventID: 0) (User: )
Description: TeamViewer8TeamViewer8 failed with error "Verification of the TeamViewer service failed!" (1008)

Error: (06/03/2014 01:53:36 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegCreateKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Zugriff verweigert


Vorgang:
  Generator wird initialisiert

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {dced5336-6155-4961-a6e3-10c20a00f369}

Error: (06/03/2014 01:53:28 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001

Error: (05/18/2014 00:22:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TosVolRegulator.exe1.0.0.64ad82984msvcrt.dll7.0.7601.177444eeb033fc0000005000000000000144a6a001cf721e477e0ae9C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exeC:\Windows\system32\msvcrt.dllb9180728-de11-11e3-ac34-1c7508735c32

Error: (05/18/2014 00:21:51 AM) (Source: TeamViewer8) (EventID: 0) (User: )
Description: TeamViewer8TeamViewer8 failed with error "Verification of the TeamViewer service failed!" (1008)

Error: (05/18/2014 00:21:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: infocard.exe3.0.4506.54204c1442c5KERNELBASE.dll6.1.7601.1822951fb1677e0434f4d000000000000940d9e401cf721e522e8571C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exeC:\Windows\system32\KERNELBASE.dll99335743-de11-11e3-ac34-1c7508735c32

Error: (05/18/2014 00:21:16 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegCreateKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Zugriff verweigert


Vorgang:
  Generator wird initialisiert

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {d4aec457-e562-4e2c-a92d-9243c4174268}

Error: (05/18/2014 00:20:55 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001

Error: (05/17/2014 08:50:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TODDSrv.exe1.0.0.74ab504e8msvcrt.dll7.0.7601.177444eeb033fc0000005000000000000144ad7401cf7200ad2d7973C:\Windows\system32\TODDSrv.exeC:\Windows\system32\msvcrt.dll1e0108be-ddf4-11e3-8b18-1c7508735c32

Error: (05/17/2014 08:50:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe0.0.0.04ae8d82bntdll.dll6.1.7601.18247521eaf24c000037400000000000c410274801cf7200839df1d5C:\Windows\system32\dllhost.exeC:\Windows\SYSTEM32\ntdll.dll1125063d-ddf4-11e3-8b18-1c7508735c32


==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 1787.7 MB
Available physical RAM: 723.71 MB
Total Pagefile: 3575.4 MB
Available Pagefile: 2136.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:116.44 GB) (Free:3.72 GB) NTFS
Drive d: (Data) (Fixed) (Total:116.05 GB) (Free:108.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 46A63B1C)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=116 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Eine kleine Frage noch und zwar hat es nach dem Scan von Avast (wie oben beschrieben) Die Vollversion von win 7 deaktiviert und nun steht unten rechts im Windows bildschirm das die echtheit nicht bestätigt ist. Hast du eine Idee.? Der Produkt Key steht aber noch hinten auf dem Laptop drauf. Kann ich den einfach wieder wirksam machen.?

M-K-D-B 03.06.2014 18:32
Ja normalerweise kann man das in der Taskleiste anklicken, dass der Key online übertragen werden soll....



erst mal CF bitte:




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

DerTK 03.06.2014 21:33
Code:
ComboFix 14-06-03.01 - Lieselotte 03.06.2014  21:49:06.1.1 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.1788.703 [GMT 2:00]
ausgeführt von:: c:\users\Lieselotte\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infizierte Kopie von c:\windows\SysWow64\svchost.exe wurde gefunden und desinfiziert
Kopie von - c:\combofix\HarddiskVolumeShadowCopy2_!Windows!SysWOW64!svchost.exe wurde wiederhergestellt
.
Infizierte Kopie von c:\windows\System32\dllhost.exe wurde gefunden und desinfiziert
Kopie von - c:\combofix\HarddiskVolumeShadowCopy2_!Windows!System32!dllhost.exe wurde wiederhergestellt
.
Infizierte Kopie von c:\windows\System32\msiexec.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7600.16385_none_a57666739fcae94c\msiexec.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-05-03 bis 2014-06-03  ))))))))))))))))))))))))))))))
.
.
2014-06-03 20:23 . 2014-06-03 20:23        727552        ----atw-        c:\windows\system32\qfgidjgd.tmp
2014-06-03 20:23 . 2014-06-03 20:23        611328        ----atw-        c:\windows\system32\qchfjedi.tmp
2014-06-03 12:00 . 2014-06-03 12:03        --------        d-----w-        C:\FRST
2014-05-15 13:58 . 2014-05-15 13:58        --------        d-----w-        c:\users\Lieselotte\AppData\Roaming\AVAST Software
2014-05-15 13:56 . 2014-05-15 13:57        85328        ----a-w-        c:\windows\system32\drivers\aswstm.sys
2014-05-15 13:56 . 2014-05-15 13:55        208416        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2014-05-15 13:56 . 2014-05-15 13:57        1039096        ----a-w-        c:\windows\system32\drivers\aswsnx.sys
2014-05-15 13:56 . 2014-05-15 13:57        423240        ----a-w-        c:\windows\system32\drivers\aswsp.sys
2014-05-15 13:56 . 2014-05-15 13:55        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2014-05-15 13:56 . 2014-05-15 13:55        79184        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-05-15 13:56 . 2014-05-15 13:55        29208        ----a-w-        c:\windows\system32\drivers\aswHwid.sys
2014-05-15 13:56 . 2014-05-15 13:55        93568        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2014-05-15 13:55 . 2014-05-15 13:55        334648        ----a-w-        c:\windows\system32\aswBoot.exe
2014-05-15 13:55 . 2014-05-15 13:55        43152        ----a-w-        c:\windows\avastSS.scr
2014-05-15 13:53 . 2014-05-15 13:53        --------        d-----w-        c:\program files\AVAST Software
2014-05-15 13:53 . 2014-05-17 22:23        119512        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-15 13:52 . 2014-05-15 18:24        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-15 13:52 . 2014-05-15 13:52        --------        d-----w-        c:\programdata\Malwarebytes
2014-05-15 13:52 . 2014-04-03 07:51        63192        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-05-15 13:52 . 2014-04-03 07:51        88280        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-05-15 13:52 . 2014-04-03 07:50        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-05-11 00:07 . 2014-05-15 13:51        --------        d-----w-        c:\programdata\AVAST Software
2014-05-08 18:49 . 2014-05-08 18:49        --------        d-----w-        c:\users\Lieselotte\AppData\Local\Macromedia
2014-05-07 20:03 . 2014-05-07 20:03        --------        d-----w-        c:\users\Lieselotte\AppData\Roaming\Avira
2014-05-07 19:29 . 2014-05-08 20:34        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2014-05-07 19:29 . 2014-05-08 20:34        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy 2
2014-05-07 19:25 . 2014-05-07 19:31        --------        d-----w-        c:\program files (x86)\Avira
2014-05-07 19:25 . 2014-05-07 19:31        --------        d-----w-        c:\programdata\Avira
2014-05-07 19:24 . 2014-05-08 20:34        --------        d-----w-        c:\programdata\Package Cache
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-03 20:25 . 2011-06-24 07:57        727552        ----atw-        c:\windows\system32\msiexec.exe
2014-05-17 16:47 . 2010-10-19 11:28        735744        ----atw-        c:\windows\system32\TODDSrv.exe
2014-05-15 16:11 . 2011-06-24 07:57        73216        ----a-w-        c:\windows\SysWow64\msiexec.exe
2014-04-17 03:31 . 2014-04-22 09:12        10651704        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B70722CB-1C44-4892-83EC-9A83FCF7D2DB}\mpengine.dll
2014-03-31 07:35 . 2011-09-02 12:09        270496        ------w-        c:\windows\system32\MpSigStub.exe
2014-03-31 01:51 . 2011-12-13 14:15        90655440        ----a-w-        c:\windows\system32\MRT.exe
2014-03-31 01:16 . 2014-04-11 14:17        23134208        ----a-w-        c:\windows\system32\mshtml.dll
2014-03-31 01:13 . 2014-04-11 14:16        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-03-31 00:13 . 2014-04-11 14:16        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-09-02 1234216]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-27 98304]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-03-03 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2014-05-11 1025536]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-15 3873704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
S2 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys;c:\windows\SYSNATIVE\DRIVERS\rdpdispm.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-15 13:55        290888        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-28 2120808]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2014-05-11 618496]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7b51ee58-8c05-4c71-ad03-9f1f1c809f13}: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7b51ee58-8c05-4c71-ad03-9f1f1c809f13}\77C616E6: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7b51ee58-8c05-4c71-ad03-9f1f1c809f13}\84352505: DhcpNameServer = 192.168.106.1
FF - ProfilePath - c:\users\Lieselotte\AppData\Roaming\Mozilla\Firefox\Profiles\7o7bb6oi.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E} - c:\program files\TOSHIBA\TVAP\Setup.exe
AddRemove-{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B} - c:\program files\Amazon\UninstallerAmazon.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-06-03  22:30:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-06-03 20:30
.
Vor Suchlauf: 4.339.834.880 Bytes frei
Nach Suchlauf: 4.161.400.832 Bytes frei
.
- - End Of File - - 6A25CFE51FA3FA7F399BBED03151373C

M-K-D-B 04.06.2014 16:57
Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.






Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 4
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    iedefaults;
    resetIEproxy;
    FFdefaults;
    CHRdefaults;
    emptyclsid;
    autoclean;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).





Schritt 5
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAM,
  • die Logdatei von Zoek,
  • die beiden neuen Logdateien von FRST.

DerTK 04.06.2014 20:28
Code:
# AdwCleaner v3.211 - Bericht erstellt am 04/06/2014 um 20:34:52
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Lieselotte - TOSHIBAPC
# Gestartet von : C:\Users\Lieselotte\Desktop\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Software

***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v10.0.2 (de)

[ Datei : C:\Users\Lieselotte\AppData\Roaming\Mozilla\Firefox\Profiles\7o7bb6oi.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1068 octets] - [04/06/2014 20:24:10]
AdwCleaner[S0].txt - [987 octets] - [04/06/2014 20:34:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1046 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Lieselotte on 04.06.2014 at 20:51:31,74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Lieselotte\AppData\Roaming\mozilla\firefox\profiles\7o7bb6oi.default\prefs.js

user_pref("font.name-list.serif.x-aprd", "Comic Sans MS                                                                                                                       
Emptied folder: C:\Users\Lieselotte\AppData\Roaming\mozilla\firefox\profiles\7o7bb6oi.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.06.2014 at 21:02:23,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 04.06.2014
Suchlauf-Zeit: 21:23:24
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.15.04
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Lieselotte

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 267477
Verstrichene Zeit: 18 Min, 5 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
Es wird hier zwar nichts angezeigt aber es liegen bereits 2 Dateien in Quarantäne, weil dieses Programm bereits vorher schon installiert war.

M-K-D-B 05.06.2014 08:16
Weiter mit Zoek und FRST bitte. :)

DerTK 05.06.2014 14:51
Ich probier es nochmal. Hab Problem mit zoek.. Es ist nach ca 10 Stunden immer noch nicht fertig gewesen. Ich versuch es jetzt erneut

Keine Chance.
Zoek hängt und bewegt sich seit 2 stunden nicht

M-K-D-B 05.06.2014 15:11
Dann Zoek weglassen und weiter mit FRST. :)

DerTK 05.06.2014 15:45
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Lieselotte (administrator) on TOSHIBAPC on 05-06-2014 16:39:11
Running from C:\Users\Lieselotte\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [618496 2014-05-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-09-02] (Nero AG)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-03-03] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [1025536 2014-05-11] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-15] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-06-04] (AVAST Software)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\S-1-5-21-780732927-2335787003-2089580044-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {29BE1EDC-CCD5-4C82-9684-551B3DC1E9FF} URL = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
SearchScopes: HKCU - {42F18C53-EAA5-4FC7-8398-53D7038E877B} URL =
SearchScopes: HKCU - {5F7A43CC-8253-4EBC-AF13-C8948D6720E1} URL = hxxp://go.web.de/suchbox/google?q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {77185687-D41E-4C9C-B1A5-3E6C9EC5E943} URL = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
SearchScopes: HKCU - {F477D03C-2652-4632-9A60-374F3EB06A5D} URL = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Lieselotte\AppData\Roaming\Mozilla\Firefox\Profiles\7o7bb6oi.default
FF NetworkProxy: "type", 0
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: . - C:\Users\Lieselotte\AppData\Roaming\Mozilla\Firefox\Profiles\7o7bb6oi.default\Extensions\{266d0974-cf31-d336-be42-27190e6f0539} [2014-05-07]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-15]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-15] (AVAST Software)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [851456 2014-05-15] (Malwarebytes Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)
S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 vds; %SystemRoot%\System32\vds.exe [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-15] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
U3 VSS;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 16:38 - 2014-06-05 16:38 - 00000000 ____D () C:\Users\Lieselotte\Desktop\FRST-OlderVersion
2014-06-05 14:03 - 2014-06-05 14:03 - 00000000 ____D () C:\zoek
2014-06-05 13:51 - 2014-06-05 13:43 - 00044287 _____ () C:\zoek-results2014-06-05-114321.log
2014-06-05 13:08 - 2014-06-04 21:35 - 00000344 _____ () C:\zoek-results2014-06-04-193526.log
2014-06-04 21:47 - 2014-06-05 14:03 - 00000063 _____ () C:\folders.log
2014-06-04 21:35 - 2014-06-05 13:51 - 00000435 _____ () C:\zoek-results.log
2014-06-04 21:30 - 2014-06-05 14:03 - 00002870 _____ () C:\runcheck.txt
2014-06-04 21:30 - 2014-06-04 21:30 - 00000000 ____D () C:\zoek_backup
2014-06-04 21:29 - 2014-06-04 21:29 - 01285120 _____ () C:\Users\Lieselotte\Desktop\zoek.exe
2014-06-04 21:25 - 2014-06-04 21:25 - 00001155 _____ () C:\Users\Lieselotte\Desktop\mbam.txt
2014-06-04 21:02 - 2014-06-04 21:02 - 00001073 _____ () C:\Users\Lieselotte\Desktop\JRT.txt
2014-06-04 20:51 - 2014-06-04 20:51 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 20:50 - 2014-06-04 20:50 - 01016261 _____ (Thisisu) C:\Users\Lieselotte\Desktop\JRT.exe
2014-06-04 20:24 - 2014-06-04 20:41 - 00000000 ____D () C:\AdwCleaner
2014-06-04 20:23 - 2014-06-04 20:23 - 01327971 _____ () C:\Users\Lieselotte\Desktop\adwcleaner_3.211.exe
2014-06-03 22:30 - 2014-06-03 22:30 - 00018162 _____ () C:\ComboFix.txt
2014-06-03 22:30 - 2014-06-03 22:30 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-03 22:30 - 2014-06-03 22:30 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-03 22:30 - 2014-06-03 22:30 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-03 21:46 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-03 21:46 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-03 21:46 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-03 21:46 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-03 21:46 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-03 21:46 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-03 21:46 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-03 21:46 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-03 21:45 - 2014-06-03 22:31 - 00000000 ____D () C:\Qoobox
2014-06-03 21:45 - 2014-06-03 22:28 - 00000000 ____D () C:\Windows\erdnt
2014-06-03 21:43 - 2014-06-03 21:43 - 05206532 ____R (Swearware) C:\Users\Lieselotte\Desktop\ComboFix.exe
2014-06-03 14:02 - 2014-06-03 14:03 - 00030070 _____ () C:\Users\Lieselotte\Desktop\Addition.txt
2014-06-03 14:01 - 2014-06-05 16:40 - 00013353 _____ () C:\Users\Lieselotte\Desktop\FRST.txt
2014-06-03 14:00 - 2014-06-05 16:39 - 00000000 ____D () C:\FRST
2014-06-03 13:59 - 2014-06-05 16:38 - 02068992 _____ (Farbar) C:\Users\Lieselotte\Desktop\FRST64.exe
2014-05-15 22:37 - 2014-05-15 22:37 - 00064152 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-05-15 15:58 - 2014-05-15 15:58 - 00000000 ____D () C:\Users\Lieselotte\AppData\Roaming\AVAST Software
2014-05-15 15:57 - 2014-05-15 15:57 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-15 15:57 - 2014-05-15 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-15 15:56 - 2014-06-05 16:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-15 15:56 - 2014-05-15 15:57 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 15:56 - 2014-05-15 15:57 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 15:56 - 2014-05-15 15:57 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 15:56 - 2014-05-15 15:55 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400162261221
2014-05-15 15:56 - 2014-05-15 15:55 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400162261221
2014-05-15 15:56 - 2014-05-15 15:55 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-15 15:56 - 2014-05-15 15:55 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-15 15:56 - 2014-05-15 15:55 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-15 15:56 - 2014-05-15 15:55 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-15 15:56 - 2014-05-15 15:55 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-15 15:55 - 2014-05-15 15:55 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-15 15:55 - 2014-05-15 15:55 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-15 15:53 - 2014-06-04 21:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 15:53 - 2014-05-15 15:53 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 15:53 - 2014-05-15 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 15:53 - 2014-05-15 15:53 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-15 15:52 - 2014-05-15 20:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 15:52 - 2014-05-15 15:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 15:52 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-15 15:52 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-15 15:52 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-15 15:50 - 2014-05-15 15:51 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Lieselotte\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 15:49 - 2014-05-15 15:51 - 88882192 _____ (AVAST Software) C:\Users\Lieselotte\Downloads\avast_free18_antivirus_setup(1).exe
2014-05-11 02:07 - 2014-05-15 15:51 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-11 01:49 - 2014-05-11 02:06 - 43813573 _____ (AVAST Software) C:\Users\Lieselotte\Downloads\avast_free18_antivirus_setup.exe
2014-05-08 20:49 - 2014-05-08 20:49 - 00000000 ____D () C:\Users\Lieselotte\AppData\Local\Macromedia
2014-05-07 22:03 - 2014-05-07 22:03 - 00000000 ____D () C:\Users\Lieselotte\AppData\Roaming\Avira
2014-05-07 21:29 - 2014-05-08 22:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-07 21:29 - 2014-05-08 22:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-07 21:25 - 2014-05-07 21:31 - 00000000 ____D () C:\ProgramData\Avira
2014-05-07 21:25 - 2014-05-07 21:31 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-07 21:24 - 2014-05-08 22:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-07 20:54 - 2014-06-03 21:46 - 00000003 _____ () C:\ProgramData\bgdfibaj34.nls

==================== One Month Modified Files and Folders =======

2014-06-05 16:40 - 2014-06-03 14:01 - 00013353 _____ () C:\Users\Lieselotte\Desktop\FRST.txt
2014-06-05 16:40 - 2011-02-04 15:00 - 00000000 ____D () C:\Users\Lieselotte\AppData\Local\Temp
2014-06-05 16:39 - 2014-06-03 14:00 - 00000000 ____D () C:\FRST
2014-06-05 16:38 - 2014-06-05 16:38 - 00000000 ____D () C:\Users\Lieselotte\Desktop\FRST-OlderVersion
2014-06-05 16:38 - 2014-06-03 13:59 - 02068992 _____ (Farbar) C:\Users\Lieselotte\Desktop\FRST64.exe
2014-06-05 16:36 - 2014-05-15 15:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-05 16:36 - 2010-12-07 06:14 - 00120034 _____ () C:\Windows\PFRO.log
2014-06-05 16:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 16:36 - 2009-07-14 06:51 - 00071019 _____ () C:\Windows\setupact.log
2014-06-05 14:03 - 2014-06-05 14:03 - 00000000 ____D () C:\zoek
2014-06-05 14:03 - 2014-06-04 21:47 - 00000063 _____ () C:\folders.log
2014-06-05 14:03 - 2014-06-04 21:30 - 00002870 _____ () C:\runcheck.txt
2014-06-05 13:51 - 2014-06-04 21:35 - 00000435 _____ () C:\zoek-results.log
2014-06-05 13:43 - 2014-06-05 13:51 - 00044287 _____ () C:\zoek-results2014-06-05-114321.log
2014-06-05 13:07 - 2011-03-16 17:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-04 21:35 - 2014-06-05 13:08 - 00000344 _____ () C:\zoek-results2014-06-04-193526.log
2014-06-04 21:30 - 2014-06-04 21:30 - 00000000 ____D () C:\zoek_backup
2014-06-04 21:29 - 2014-06-04 21:29 - 01285120 _____ () C:\Users\Lieselotte\Desktop\zoek.exe
2014-06-04 21:25 - 2014-06-04 21:25 - 00001155 _____ () C:\Users\Lieselotte\Desktop\mbam.txt
2014-06-04 21:04 - 2014-05-15 15:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 21:02 - 2014-06-04 21:02 - 00001073 _____ () C:\Users\Lieselotte\Desktop\JRT.txt
2014-06-04 20:51 - 2014-06-04 20:51 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 20:50 - 2014-06-04 20:50 - 01016261 _____ (Thisisu) C:\Users\Lieselotte\Desktop\JRT.exe
2014-06-04 20:41 - 2014-06-04 20:24 - 00000000 ____D () C:\AdwCleaner
2014-06-04 20:23 - 2014-06-04 20:23 - 01327971 _____ () C:\Users\Lieselotte\Desktop\adwcleaner_3.211.exe
2014-06-03 22:31 - 2014-06-03 21:45 - 00000000 ____D () C:\Qoobox
2014-06-03 22:30 - 2014-06-03 22:30 - 00018162 _____ () C:\ComboFix.txt
2014-06-03 22:30 - 2014-06-03 22:30 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-03 22:30 - 2014-06-03 22:30 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-03 22:30 - 2014-06-03 22:30 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-03 22:30 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-03 22:28 - 2014-06-03 21:45 - 00000000 ____D () C:\Windows\erdnt
2014-06-03 22:26 - 2009-07-14 01:59 - 00611328 ____T (Microsoft Corporation) C:\Windows\system32\dllhost.exe
2014-06-03 22:25 - 2011-06-24 09:57 - 00727552 ____T (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2014-06-03 22:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-03 21:46 - 2014-05-07 20:54 - 00000003 _____ () C:\ProgramData\bgdfibaj34.nls
2014-06-03 21:43 - 2014-06-03 21:43 - 05206532 ____R (Swearware) C:\Users\Lieselotte\Desktop\ComboFix.exe
2014-06-03 21:39 - 2009-07-14 19:58 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-06-03 21:39 - 2009-07-14 19:58 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-06-03 21:39 - 2009-07-14 07:13 - 01621862 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-03 14:03 - 2014-06-03 14:02 - 00030070 _____ () C:\Users\Lieselotte\Desktop\Addition.txt
2014-06-03 13:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-05-17 18:47 - 2010-10-19 13:28 - 00735744 ____T (TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
2014-05-17 11:07 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-05-17 09:12 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-17 09:12 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-15 22:37 - 2014-05-15 22:37 - 00064152 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-05-15 22:35 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-05-15 21:12 - 2014-04-22 11:08 - 00000000 ____D () C:\Users\Lieselotte\AppData\Roaming\Ivase
2014-05-15 20:42 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-15 20:41 - 2013-03-14 16:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-15 20:41 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-05-15 20:24 - 2014-05-15 15:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 18:18 - 2013-10-26 19:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-05-15 18:11 - 2011-06-24 09:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2014-05-15 18:08 - 2011-02-04 21:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-15 18:08 - 2011-02-04 15:00 - 00000000 ___RD () C:\Users\Lieselotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 18:08 - 2010-10-19 13:46 - 00000000 ____D () C:\Program Files\Amazon
2014-05-15 18:08 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 16:02 - 2009-07-14 01:43 - 00007168 ____T (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
2014-05-15 15:58 - 2014-05-15 15:58 - 00000000 ____D () C:\Users\Lieselotte\AppData\Roaming\AVAST Software
2014-05-15 15:57 - 2014-05-15 15:57 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-15 15:57 - 2014-05-15 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-15 15:57 - 2014-05-15 15:56 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 15:57 - 2014-05-15 15:56 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 15:57 - 2014-05-15 15:56 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 15:55 - 2014-05-15 15:56 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400162261221
2014-05-15 15:55 - 2014-05-15 15:56 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400162261221
2014-05-15 15:55 - 2014-05-15 15:56 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-15 15:55 - 2014-05-15 15:56 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-15 15:55 - 2014-05-15 15:56 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-15 15:55 - 2014-05-15 15:56 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-15 15:55 - 2014-05-15 15:56 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-15 15:55 - 2014-05-15 15:55 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-15 15:55 - 2014-05-15 15:55 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-15 15:53 - 2014-05-15 15:53 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 15:53 - 2014-05-15 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 15:53 - 2014-05-15 15:53 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-15 15:52 - 2014-05-15 15:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 15:51 - 2014-05-15 15:50 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Lieselotte\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 15:51 - 2014-05-15 15:49 - 88882192 _____ (AVAST Software) C:\Users\Lieselotte\Downloads\avast_free18_antivirus_setup(1).exe
2014-05-15 15:51 - 2014-05-11 02:07 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-15 00:43 - 2013-10-26 19:06 - 00000000 ____D () C:\Users\Lieselotte\AppData\Roaming\SoftGrid Client
2014-05-14 22:06 - 2013-12-29 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
2014-05-11 02:06 - 2014-05-11 01:49 - 43813573 _____ (AVAST Software) C:\Users\Lieselotte\Downloads\avast_free18_antivirus_setup.exe
2014-05-08 22:34 - 2014-05-07 21:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-08 22:34 - 2014-05-07 21:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-08 22:34 - 2014-05-07 21:24 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-08 22:34 - 2014-02-01 11:39 - 00000000 ____D () C:\Users\Lieselotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-05-08 22:34 - 2012-06-01 08:55 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-08 22:34 - 2010-12-07 06:26 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-05-08 22:34 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-08 21:39 - 2010-12-07 06:03 - 01350304 _____ () C:\Windows\WindowsUpdate.log
2014-05-08 21:35 - 2011-02-04 15:00 - 00000000 ____D () C:\Users\Lieselotte
2014-05-08 20:49 - 2014-05-08 20:49 - 00000000 ____D () C:\Users\Lieselotte\AppData\Local\Macromedia
2014-05-07 22:03 - 2014-05-07 22:03 - 00000000 ____D () C:\Users\Lieselotte\AppData\Roaming\Avira
2014-05-07 21:31 - 2014-05-07 21:25 - 00000000 ____D () C:\ProgramData\Avira
2014-05-07 21:31 - 2014-05-07 21:25 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-07 21:06 - 2014-04-22 11:08 - 00000000 ____D () C:\Users\Lieselotte\AppData\Roaming\Vuixl

Some content of TEMP:
====================
C:\Users\Lieselotte\AppData\Local\Temp\7za.exe
C:\Users\Lieselotte\AppData\Local\Temp\hijackthis.exe
C:\Users\Lieselotte\AppData\Local\Temp\NirCmd.exe
C:\Users\Lieselotte\AppData\Local\Temp\PEVZ.EXE
C:\Users\Lieselotte\AppData\Local\Temp\Quarantine.exe
C:\Users\Lieselotte\AppData\Local\Temp\remove.exe
C:\Users\Lieselotte\AppData\Local\Temp\sed.exe
C:\Users\Lieselotte\AppData\Local\Temp\shortcut.exe
C:\Users\Lieselotte\AppData\Local\Temp\swreg.exe
C:\Users\Lieselotte\AppData\Local\Temp\swxcacls.exe
C:\Users\Lieselotte\AppData\Local\Temp\wget.exe
C:\Users\Lieselotte\AppData\Local\Temp\zoek-delete.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-06 14:58

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Lieselotte at 2014-06-05 16:41:08
Running from C:\Users\Lieselotte\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

1&1 EasyLogin (HKLM-x32\...\1&1 EasyLogin) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.0.3.13070 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.1.102.62 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Amazon.de (HKLM-x32\...\{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}) (Version:  - Amazon EU S.a.r.L.)
ATI Catalyst Install Manager (HKLM\...\{B6DB58D2-E7E8-5B0F-65F8-B76713C0AF75}) (Version: 3.0.786.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0727.2126.36625 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help English (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help French (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help German (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0727.2126.36625 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0727.2126.36625 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eBay (HKLM-x32\...\{FDE58148-57E7-43BF-879A-29CCE818C078}) (Version: 1.1.9 - eBay Inc.)
Farm Mania 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Java(TM) 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)
Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.1.55.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 10.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 10.0.2 (x86 de)) (Version: 10.0.2 - Mozilla)
Mozilla Thunderbird (3.1.20) (HKLM-x32\...\Mozilla Thunderbird (3.1.20)) (Version: 3.1.20 (de) - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.24700.31.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11300.14.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.2.200.0.2 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.16800.7.15 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.12100.22.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.11400.15.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.14800.28.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}) (Version: 10.0.15000 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.11800.26.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.12300.27.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.2.0-545 - myphotobook GmbH)
Photo Service - powered by myphotobook (x32 Version: 1.2.0 - myphotobook GmbH) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{E0FAA369-B0E3-48B8-9447-4873103B0012}) (Version: 8.0.33 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.11C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.27C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.27C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.11 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.09.0001 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.16.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.10C - TOSHIBA CORPORATION) Hidden
TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.10C - TOSHIBA CORPORATION)
Toshiba TEMPRO (HKLM-x32\...\{DBB7021A-3437-446F-ACE5-7261644A972C}) (Version: 3.33 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.5 - WildTangent)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-06-03 22:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {266FB74D-942B-4492-BB30-D1D5C03EB327} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-06-03] (TOSHIBA CORPORATION)
Task: {E332BD37-886B-4340-884E-6EC996DDCDCA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-15] (AVAST Software)

==================== Loaded Modules (whitelisted) =============

2010-04-07 17:07 - 2010-04-07 17:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 14:26 - 2009-11-03 14:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-10-19 13:23 - 2010-08-31 15:21 - 00017272 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 17:38 - 2009-07-25 17:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-10-13 11:00 - 2009-10-13 11:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-07-27 22:25 - 2010-07-27 22:25 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-06-05 13:03 - 2014-06-05 13:03 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14060500\algo.dll
2014-05-15 15:55 - 2014-05-15 15:55 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/05/2014 04:37:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TosVolRegulator.exe, Version: 1.0.0.6, Zeitstempel: 0x4ad82984
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000144a
ID des fehlerhaften Prozesses: 0x758
Startzeit der fehlerhaften Anwendung: 0xTosVolRegulator.exe0
Pfad der fehlerhaften Anwendung: TosVolRegulator.exe1
Pfad des fehlerhaften Moduls: TosVolRegulator.exe2
Berichtskennung: TosVolRegulator.exe3

Error: (06/05/2014 04:36:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: infocard.exe, Version: 3.0.4506.5420, Zeitstempel: 0x4c1442c5
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1677
Ausnahmecode: 0xe0434f4d
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0x918
Startzeit der fehlerhaften Anwendung: 0xinfocard.exe0
Pfad der fehlerhaften Anwendung: infocard.exe1
Pfad des fehlerhaften Moduls: infocard.exe2
Berichtskennung: infocard.exe3

Error: (06/05/2014 04:36:30 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Zugriff verweigert


Vorgang:
  Generator wird initialisiert

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {e678aea7-0299-44cb-b2c3-2d8457ba4df2}

Error: (06/05/2014 04:36:15 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.

Error: (06/05/2014 01:47:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a2dbd98
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000144a
ID des fehlerhaften Prozesses: 0x700
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3

Error: (06/05/2014 01:45:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TODDSrv.exe, Version: 1.0.0.7, Zeitstempel: 0x4ab504e8
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000144a
ID des fehlerhaften Prozesses: 0x7a0
Startzeit der fehlerhaften Anwendung: 0xTODDSrv.exe0
Pfad der fehlerhaften Anwendung: TODDSrv.exe1
Pfad des fehlerhaften Moduls: TODDSrv.exe2
Berichtskennung: TODDSrv.exe3

Error: (06/05/2014 01:44:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: infocard.exe, Version: 3.0.4506.5420, Zeitstempel: 0x4c1442c5
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1677
Ausnahmecode: 0xe0434f4d
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0x880
Startzeit der fehlerhaften Anwendung: 0xinfocard.exe0
Pfad der fehlerhaften Anwendung: infocard.exe1
Pfad des fehlerhaften Moduls: infocard.exe2
Berichtskennung: infocard.exe3

Error: (06/05/2014 01:44:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Zugriff verweigert


Vorgang:
  Generator wird initialisiert

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {9fb63783-fc3f-4e5e-9fb7-5d759ed87846}

Error: (06/05/2014 01:44:13 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.

Error: (06/05/2014 01:04:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a2dbd98
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000144a
ID des fehlerhaften Prozesses: 0x5a8
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3


System errors:
=============
Error: (06/05/2014 04:36:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "vds" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/05/2014 04:36:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TeamViewer 8" wurde aufgrund folgenden Fehlers nicht gestartet:
%%32

Error: (06/05/2014 04:36:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/05/2014 04:36:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows CardSpace" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/05/2014 04:36:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows CardSpace erreicht.

Error: (06/05/2014 01:45:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TOSHIBA Optical Disc Drive Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/05/2014 01:45:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "vds" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/05/2014 01:45:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TeamViewer 8" wurde aufgrund folgenden Fehlers nicht gestartet:
%%32

Error: (06/05/2014 01:44:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/05/2014 01:44:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows CardSpace" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053


Microsoft Office Sessions:
=========================
Error: (06/05/2014 04:37:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TosVolRegulator.exe1.0.0.64ad82984msvcrt.dll7.0.7601.177444eeb033fc0000005000000000000144a75801cf80cb838b251eC:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exeC:\Windows\system32\msvcrt.dllda81b6d5-ecbe-11e3-b20e-1c7508735c32

Error: (06/05/2014 04:36:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: infocard.exe3.0.4506.54204c1442c5KERNELBASE.dll6.1.7601.1822951fb1677e0434f4d000000000000940d91801cf80cb8a1c4db8C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exeC:\Windows\system32\KERNELBASE.dlld1922c6f-ecbe-11e3-b20e-1c7508735c32

Error: (06/05/2014 04:36:30 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Zugriff verweigert


Vorgang:
  Generator wird initialisiert

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {e678aea7-0299-44cb-b2c3-2d8457ba4df2}

Error: (06/05/2014 04:36:15 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001

Error: (06/05/2014 01:47:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.1.7600.163854a2dbd98msvcrt.dll7.0.7601.177444eeb033fc0000005000000000000144a70001cf80b3d16b3f3cC:\Windows\system32\DllHost.exeC:\Windows\system32\msvcrt.dll1bffc015-eca7-11e3-ad47-1c7508735c32

Error: (06/05/2014 01:45:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TODDSrv.exe1.0.0.74ab504e8msvcrt.dll7.0.7601.177444eeb033fc0000005000000000000144a7a001cf80b39795c4a4C:\Windows\system32\TODDSrv.exeC:\Windows\system32\msvcrt.dlle6e267ac-eca6-11e3-ad47-1c7508735c32

Error: (06/05/2014 01:44:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: infocard.exe3.0.4506.54204c1442c5KERNELBASE.dll6.1.7601.1822951fb1677e0434f4d000000000000940d88001cf80b381d66d81C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exeC:\Windows\system32\KERNELBASE.dllc96c17ca-eca6-11e3-ad47-1c7508735c32

Error: (06/05/2014 01:44:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Zugriff verweigert


Vorgang:
  Generator wird initialisiert

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {9fb63783-fc3f-4e5e-9fb7-5d759ed87846}

Error: (06/05/2014 01:44:13 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001

Error: (06/05/2014 01:04:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.1.7600.163854a2dbd98msvcrt.dll7.0.7601.177444eeb033fc0000005000000000000144a5a801cf80add825e453C:\Windows\system32\DllHost.exeC:\Windows\system32\msvcrt.dll2e191396-eca1-11e3-92da-1c7508735c32


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 1787.7 MB
Available physical RAM: 1084.79 MB
Total Pagefile: 3575.4 MB
Available Pagefile: 2497.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:116.44 GB) (Free:3.93 GB) NTFS
Drive d: (Data) (Fixed) (Total:116.05 GB) (Free:108.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 46A63B1C)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=116 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B 05.06.2014 15:51
Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
FF NetworkProxy: "type", 0
FF Extension: . - C:\Users\Lieselotte\AppData\Roaming\Mozilla\Firefox\Profiles\7o7bb6oi.default\Extensions\{266d0974-cf31-d336-be42-27190e6f0539} [2014-05-07]
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von FRST,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

DerTK 05.06.2014 18:34
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2014
Ran by Lieselotte at 2014-06-05 17:11:41 Run:1
Running from C:\Users\Lieselotte\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
FF NetworkProxy: "type", 0
FF Extension: . - C:\Users\Lieselotte\AppData\Roaming\Mozilla\Firefox\Profiles\7o7bb6oi.default\Extensions\{266d0974-cf31-d336-be42-27190e6f0539} [2014-05-07]
Reboot:
end
*****************

Firefox Proxy settings were reset.
C:\Users\Lieselotte\AppData\Roaming\Mozilla\Firefox\Profiles\7o7bb6oi.default\Extensions\{266d0974-cf31-d336-be42-27190e6f0539} => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=0a0f62d155a41f4b819f9ca0a669531d
# engine=18576
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-05 04:38:50
# local_time=2014-06-05 06:38:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 79393 1824428 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 82 1806961 153616180 0 0
# scanned=193487
# found=29
# cleaned=27
# scan_time=4443
sh=AA8BC0D3B009DA6502E0DDABC1B046EADE766807 ft=1 fh=b734118ec37efd16 vn="Win64/Expiro.AU Virus" ac=I fn="C:\Windows\winsxs\amd64_infocard_b77a5c561934e089_6.1.7601.17514_none_583a8c60c0b305a1\infocard.exe"
sh=74C29003E3340F79792E7309163741E3FCAC3C04 ft=1 fh=fc8fd376ae7bb4a1 vn="Win64/Expiro.AU Virus" ac=I fn="C:\Windows\winsxs\amd64_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_acd03d9b9048bd78\mscorsvw.exe"
sh=7E39AB46BAA2A801D01E6DFA1D2A42B4DE9FCA9A ft=1 fh=ac8eef7f47933b42 vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files\ATI\CIM\Bin64\ATISetup.exe"
sh=FF019F0127BE4A9A423FA53AB37583C05678F106 ft=1 fh=4522e5eeb3c121cd vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files\ATI\CIM\Bin64\InstallManagerApp.exe"
sh=8CA89358AB8EA6432FFAF6C40A54AD7DE8A6D022 ft=1 fh=1591fe324eadcda4 vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files\ATI\CIM\Bin64\SetACL64.exe"
sh=6C0A8E7CCB3DB250F93D64786B802C7B8EED7520 ft=1 fh=fee64a37605e5faf vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files\ATI\CIM\Bin64\Setup.exe"
sh=B5C27A710030953498D78DEDB49AED78202070CB ft=1 fh=0a705d8eb908cf48 vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE"
sh=FAA53F55ED341586685A5CBB84B913FA969319B1 ft=1 fh=cc170109ff996a7c vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE"
sh=45BF49BAF39B857111DC6BEC9ADD29D9A5555F2C ft=1 fh=dceb04a5dc0a6a4b vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files\TOSHIBA\FlashCards\TfcRst.exe"
sh=11ACB998DF453CD219B5E8F19FD4FE00E849A8FD ft=1 fh=e734abc733fd32e9 vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe"
sh=9DEFE5956AE7F84AD65C00611CC85CACB7B88646 ft=1 fh=48d5e2624bc50941 vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files\TOSHIBA\Power Saver\TPSLaunch.exe"
sh=C062D99373EB68C6E96AA572649EF9130C19ADD8 ft=1 fh=0033b560970de03d vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files\TOSHIBA\TOSHIBA Assist\TInTouch.exe"
sh=CD810791952AD2D0E5C3E440F4CD14A78F69E648 ft=1 fh=0350e47d8a26f630 vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\TDComSet.exe"
sh=FC2E01FC8DAB220CF40D37012886076C0818FAA4 ft=1 fh=c6f53841bf379305 vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\TODDSrv.exe"
sh=F084A4D20993B8D12F89D6EF2F23513D1B4E2AE3 ft=1 fh=4d6194b4514df4d5 vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files\TOSHIBA\TOSHIBA Recovery Media Creator\TDComSet.exe"
sh=121CE322F2041924D09A90457351E7F440C47859 ft=1 fh=0c2c4d6112402b07 vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files\TOSHIBA\TOSHIBA Recovery Media Creator\TODDSrv.exe"
sh=F3309B35F29A074C895969E859063CB857745B2F ft=1 fh=ade4bc271596a04f vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe"
sh=580E3A85FC032FFEA63456BFA1A301589F47B605 ft=1 fh=bb2f50af4f31e60b vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files\TOSHIBA\TVAP\TVAP_set.exe"
sh=C285DAA3D6603A1E9298F90CE49A83C2FFACE4C5 ft=1 fh=4ed6df6ca6e86314 vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files\TOSHIBA\TVAP\Bin\TBSCFCT.exe"
sh=67D0CDFC471DB0B82ED652BCB1E506E3F73F6F00 ft=1 fh=f6fdd59d85db8a87 vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files\TOSHIBA\TVAP\Bin\TBSIcfg.exe"
sh=B49ED8148BE9FADC71ACB7B829781DB8BB9E69B1 ft=1 fh=e5940f1ddd039579 vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files\TOSHIBA\TVAP\Bin\CBN\1\Cbn.exe"
sh=1C6CFCF9F28A467AD0731728BEA4D9C257833475 ft=1 fh=b067a5fdf19a2d67 vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files\TOSHIBA\TVAP\Bin\CBN\2\cbn.exe"
sh=8E6BC5BDCAE849BC3C24BA4724A17396F64E3DB6 ft=1 fh=4162e7803a5e25a5 vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe"
sh=331433279498433BD8113B95BE4826478A88BE38 ft=1 fh=24599495749f047d vn="Win32/Expiro.BU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
sh=358FFC0345D045DEB2F6C1664D860E81172F7F33 ft=1 fh=a0038a84c785c3fb vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Windows\System32\dllhost.exe.vir"
sh=1295664BE8A9B95BCEB6CE007FEDB0F4F9D4727B ft=1 fh=a98283b2d4e96369 vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Windows\System32\msiexec.exe.vir"
sh=7725DAD1244B44B450F3ED4E107FABFFD2D9B7F6 ft=1 fh=8ec1134c2fe0da37 vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Users\Lieselotte\Desktop\FRST-OlderVersion\FRST64.exe"
sh=74C29003E3340F79792E7309163741E3FCAC3C04 ft=1 fh=fc8fd376ae7bb4a1 vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
sh=AA8BC0D3B009DA6502E0DDABC1B046EADE766807 ft=1 fh=b734118ec37efd16 vn="Win64/Expiro.AU Virus (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
Code:
Results of screen317's Security Check version 0.99.83 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java(TM) 6 Update 35 
 Java version out of Date!
 Adobe Reader XI 
 Mozilla Firefox 10.0.2 Firefox out of Date! 
 Mozilla Thunderbird (3.1.20) Thunderbird out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

M-K-D-B 05.06.2014 19:01
Dein Sicherheitscenter läuft nicht, müssen wir noch kontrollieren:


Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.



DerTK 05.06.2014 19:27
Code:
Farbar Service Scanner Version: 21-05-2014
Ran by Lieselotte (administrator) on 05-06-2014 at 20:26:07
Running from "C:\Users\Lieselotte\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of VSS. The value does not exist.


System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit

ATTENTION!=====> C:\Windows\System32\vssvc.exe FILE IS MISSING AND SHOULD BE RESTORED.

C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:35 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131