Trojaner-Board - Rechner/Internet langsam; u.a. Fund: JAVA/CVE-2013-0422.E

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014

Ran by sandy (administrator) on SANDY-TOSHI on 05-11-2014 14:20:11

Running from C:\Users\sandy\Desktop

Loaded Profile: sandy (Available profiles: sandy)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(AMD) C:\Windows\System32\atieclxx.exe

() C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Tablet Driver) C:\Windows\SysWOW64\WTClient.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

() C:\Users\sandy\AppData\Local\Temp\7zO07017644\Core Temp.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)

HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-07-28] (Realtek Semiconductor)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505768 2010-05-25] (TOSHIBA Corporation)

HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)

HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)

HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)

HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)

HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-27] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA)

HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)

HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-15] (TOSHIBA CORPORATION)

HKLM-x32\...\Run: [WTClient] => C:\Windows\SysWOW64\WTClient.exe [32768 2009-08-20] (Tablet Driver)

HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-23] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_152_Plugin.exe [830344 2013-12-03] (Adobe Systems Incorporated)

HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\...\MountPoints2: F - F:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\...\MountPoints2: {11f65eb2-eb60-11e1-8ba5-88ae1df1cb40} - F:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\...\MountPoints2: {3d04fda8-1211-11e3-b5c8-88ae1df1cb40} - F:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\...\MountPoints2: {bc8911a6-eb9a-11e1-b1de-806e6f6e6963} - F:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)

HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-17] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HPZSETUP.LNK

ShortcutTarget: HPZSETUP.LNK -> E:\hpzsetup.exe (No File)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

Startup: C:\Users\sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ToDoList2003.lnk

ShortcutTarget: ToDoList2003.lnk -> C:\Users\sandy\Desktop\ToDoList2003.exe (No File)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://de.yahoo.com/

hxxp://www.google.de/

URLSearchHook: HKCU - (No Name) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - No File

URLSearchHook: HKCU - (No Name) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - No File

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - DefaultScope {56D29AEA-DB7C-466D-86B2-25EE7D0A7D65} URL = 

SearchScopes: HKCU - {0E61CED6-8623-48AC-8FF6-B73BA19BAEE7} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2

SearchScopes: HKCU - {0F9BCD39-0B5B-42B1-8396-0C803E5CF92B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3241949&CUI=UN40850759832457421

SearchScopes: HKCU - {56D29AEA-DB7C-466D-86B2-25EE7D0A7D65} URL = 

SearchScopes: HKCU - {60E5083B-8C5F-4982-8F57-7E1F1A159DBD} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}

SearchScopes: HKCU - {BB9BF943-36AC-46D3-B526-CAB3C8E8FBA2} URL = 

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: DealPly -> {EF7BD87A-8024-11E2-F316-F3E56188709B} -> C:\Program Files (x86)\DealPly\DealPlyIE.dll No File

BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

Toolbar: HKCU - No Name - {22E03916-85C5-44B0-8DC9-1830C11238D9} -  No File

Toolbar: HKCU - No Name - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} -  No File

DPF: HKLM-x32 {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx

DPF: HKLM-x32 {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx

DPF: HKLM-x32 {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\sandy\AppData\Roaming\Mozilla\Firefox\Profiles\j8twzhfc.default-1394097801468

FF DefaultSearchEngine: LEO Eng-Deu

FF SelectedSearchEngine: LEO Eng-Deu

FF Homepage: hxxp://www.google.de/

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()

FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\sandy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\sandy\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\sandy\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\sandy\AppData\Roaming\Mozilla\Firefox\Profiles\j8twzhfc.default-1394097801468\searchplugins\ask-search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Photobucket Uploader - C:\Users\sandy\AppData\Roaming\Mozilla\Firefox\Profiles\j8twzhfc.default-1394097801468\Extensions\pbupload@photobucket.com.xpi [2014-06-03]

FF Extension: YesScript - C:\Users\sandy\AppData\Roaming\Mozilla\Firefox\Profiles\j8twzhfc.default-1394097801468\Extensions\yesscript@userstyles.org.xpi [2014-06-06]
 

Chrome: 

=======

CHR Profile: C:\Users\sandy\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-22]

CHR Extension: (Google Wallet) - C:\Users\sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22]

CHR Extension: (Minecraft Diamond Block) - C:\Users\sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgcgodlpmjclfncgiejflbkjigfhhkp [2014-11-04]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () [File not signed]

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-23] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-23] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-23] (Avira Operations GmbH & Co. KG)

S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)

S3 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]

R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2008-06-13] (Firebird Project) [File not signed]

R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2723840 2008-06-13] (Firebird Project) [File not signed]

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()

S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)

S4 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone) [File not signed]

S4 WebCake Desktop Updater; C:\Program Files (x86)\WADesktop.Updater.exe [51992 2013-08-09] (cake bake)

R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [73728 2009-09-23] (Tablet Driver) [File not signed]

S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [277904 2014-01-09] (Protect Software GmbH)

R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [228000 2014-01-09] (Protect Software GmbH)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-03] (Avira Operations GmbH & Co. KG)

R3 ALSysIO; \??\C:\Users\sandy\AppData\Local\Temp\ALSysIO64.sys [X]

S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]

S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]

S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]

S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-05 14:20 - 2014-11-05 14:21 - 00019756 _____ () C:\Users\sandy\Desktop\FRST.txt

2014-11-05 14:19 - 2014-11-05 14:20 - 00000000 ____D () C:\FRST

2014-11-05 14:18 - 2014-11-05 14:18 - 02114560 _____ (Farbar) C:\Users\sandy\Desktop\FRST64.exe

2014-11-05 13:30 - 2014-11-05 14:16 - 00001448 _____ () C:\Users\sandy\Desktop\trojaner-board.txt

2014-11-04 17:51 - 2014-11-04 17:54 - 00000000 ____D () C:\Users\sandy\Desktop\stock wave

2014-11-04 17:50 - 2014-11-04 18:00 - 00000000 ____D () C:\Users\sandy\Desktop\photographers wave

2014-11-04 08:47 - 2014-11-04 08:47 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-11-04 08:47 - 2014-11-04 08:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-11-04 08:47 - 2014-11-04 08:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-11-04 08:47 - 2014-11-04 08:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-11-04 08:47 - 2014-11-04 08:47 - 00000000 ____D () C:\Program Files (x86)\Java

2014-11-03 07:30 - 2014-10-28 06:34 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-11-02 21:07 - 2014-11-02 21:15 - 00000588 _____ () C:\Users\sandy\Desktop\an valenfield.txt

2014-11-02 20:16 - 2014-11-02 20:16 - 00000000 ____D () C:\Users\sandy\Desktop\Kelly Eden

2014-11-02 12:04 - 2014-11-02 20:06 - 00000000 ____D () C:\Users\sandy\Desktop\Box of Pieces

2014-11-02 11:55 - 2014-11-04 17:54 - 00000000 ____D () C:\Users\sandy\Desktop\artist wave

2014-11-01 13:30 - 2014-11-01 13:30 - 00000020 _____ () C:\Windows\@úô

2014-11-01 13:28 - 2014-11-01 13:31 - 00001800 _____ () C:\Users\sandy\Desktop\prozesse.txt

2014-11-01 11:06 - 2014-11-01 11:06 - 00003088 _____ () C:\Windows\System32\Tasks\{A053FF43-97E0-45CB-A291-BA48E29D7870}

2014-10-31 20:26 - 2014-10-31 20:26 - 00005039 _____ () C:\Users\sandy\Desktop\aklngtdergh.txt

2014-10-31 19:21 - 2014-10-31 20:57 - 00000610 _____ () C:\Users\sandy\Desktop\jgzivf.txt

2014-10-31 14:21 - 2014-11-05 12:59 - 00016820 _____ () C:\Users\sandy\Desktop\Mangaka Training.odt

2014-10-30 09:22 - 2014-10-30 10:39 - 12329050 _____ () C:\Users\sandy\Desktop\0_Dezember tests.psd

2014-10-29 19:03 - 2014-10-31 16:17 - 00000000 ____D () C:\Users\sandy\Desktop\Application

2014-10-26 17:15 - 2014-11-05 12:59 - 00000000 ____D () C:\Users\sandy\Desktop\temp

2014-10-26 15:43 - 2014-11-04 17:50 - 00000000 ____D () C:\Users\sandy\Desktop\Ordner

2014-10-26 10:11 - 2014-11-04 10:22 - 00000000 ____D () C:\Users\sandy\Desktop\People

2014-10-25 17:12 - 2014-10-26 11:05 - 00000000 ___RD () C:\Users\sandy\Desktop\Study

2014-10-24 09:54 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-10-24 09:54 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-10-24 09:54 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-24 09:54 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-10-24 09:54 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-10-24 09:54 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-10-24 09:54 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-10-24 09:54 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-10-24 09:54 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-24 09:54 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-24 09:54 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-10-24 09:54 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-10-24 09:54 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-24 09:54 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-10-24 09:54 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-10-24 09:54 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-24 09:54 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-10-24 09:54 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-24 09:54 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-24 09:54 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-10-24 09:54 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-10-24 09:54 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-10-24 09:54 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-10-24 09:54 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-24 09:54 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-10-24 09:54 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-10-24 09:54 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-10-24 09:54 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-10-24 09:54 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-24 09:54 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-10-24 09:54 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-24 09:54 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-10-24 09:54 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-10-24 09:54 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-10-24 09:54 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-10-24 09:54 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-10-24 09:54 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-10-24 09:54 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-24 09:54 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-10-24 09:54 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-10-24 09:54 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-10-24 09:54 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-10-24 09:54 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-10-24 09:54 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-10-24 09:54 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-24 09:54 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-10-24 09:54 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-10-24 09:54 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-10-24 09:53 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-24 09:53 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-24 09:53 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-10-24 09:53 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-24 09:53 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-10-24 09:53 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-10-24 09:53 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-24 09:53 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-10-22 20:21 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-22 20:21 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2014-10-22 20:21 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-22 20:21 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-22 20:21 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-22 20:21 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-22 20:21 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-22 20:21 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-22 20:21 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-10-22 20:21 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-10-22 20:21 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-10-22 20:21 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2014-10-22 20:21 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-10-22 20:21 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-10-22 20:21 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-22 20:21 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-10-22 15:24 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-22 15:24 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-10-22 15:23 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-22 14:16 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-22 14:16 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-10-22 14:16 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-10-22 14:16 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-22 14:16 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-10-22 14:16 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-22 12:20 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-10-22 12:20 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-10-22 12:20 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-10-22 12:04 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-22 12:04 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-10-22 11:15 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-10-22 11:15 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2014-10-22 10:56 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-22 10:56 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-05 14:08 - 2014-04-28 09:12 - 00000000 ___RD () C:\Users\sandy\Desktop\Downloads and Scans

2014-11-05 14:07 - 2010-10-18 16:02 - 01919753 _____ () C:\Windows\WindowsUpdate.log

2014-11-05 13:50 - 2014-07-03 08:12 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA.job

2014-11-05 13:22 - 2013-06-11 10:22 - 00000286 _____ () C:\Windows\Tasks\DSite.job

2014-11-05 12:47 - 2009-07-14 05:45 - 00019024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-11-05 12:47 - 2009-07-14 05:45 - 00019024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-11-05 12:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-05 12:36 - 2009-07-14 05:51 - 00197681 _____ () C:\Windows\setupact.log

2014-11-05 11:39 - 2012-06-14 19:26 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA.job

2014-11-05 09:22 - 2014-05-26 15:23 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1295CCAB-3554-4985-B317-5FB7B1201FBA}

2014-11-04 19:50 - 2014-07-03 08:12 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core.job

2014-11-04 17:37 - 2012-06-14 19:26 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core.job

2014-11-04 14:21 - 2010-12-24 19:37 - 00000000 ____D () C:\Users\sandy\AppData\Local\Adobe

2014-11-04 11:27 - 2013-07-27 23:23 - 00000122 _____ () C:\Users\sandy\AppData\Roaming\WB.CFG

2014-11-04 08:50 - 2013-12-03 10:27 - 00000000 ____D () C:\ProgramData\Oracle

2014-11-04 08:09 - 2013-02-08 23:45 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\Skype

2014-11-02 19:26 - 2014-06-25 11:35 - 00000000 ___RD () C:\Users\sandy\Desktop\Bilder Fundus

2014-11-02 15:22 - 2013-10-25 16:30 - 00000000 ___RD () C:\Users\sandy\Desktop\Programme

2014-11-02 14:42 - 2009-07-14 18:58 - 00788626 _____ () C:\Windows\system32\perfh007.dat

2014-11-02 14:42 - 2009-07-14 18:58 - 00182438 _____ () C:\Windows\system32\perfc007.dat

2014-11-02 14:42 - 2009-07-14 06:13 - 01846800 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-02 07:52 - 2010-12-31 20:35 - 35348992 ___SH () C:\Users\sandy\Desktop\Thumbs.db

2014-11-01 19:08 - 2010-12-24 19:30 - 00000000 ____D () C:\Users\sandy

2014-11-01 14:32 - 2012-03-04 10:34 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\quassel-irc.org

2014-11-01 14:28 - 2010-08-31 17:55 - 00000000 ____D () C:\Program Files (x86)\Windows Live

2014-11-01 14:01 - 2010-08-31 17:38 - 00000000 ____D () C:\ProgramData\McAfee

2014-11-01 14:01 - 2010-08-31 17:38 - 00000000 ____D () C:\Program Files (x86)\McAfee

2014-11-01 14:00 - 2012-10-07 18:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-11-01 13:16 - 2011-02-12 23:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-11-01 13:10 - 2010-08-31 17:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-11-01 12:57 - 2010-10-18 16:13 - 00143492 _____ () C:\Windows\PFRO.log

2014-11-01 12:42 - 2010-08-31 17:38 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-11-01 11:06 - 2010-08-31 17:53 - 00000000 ____D () C:\ProgramData\Skype

2014-10-31 11:09 - 2014-09-17 18:26 - 00000000 ___RD () C:\Users\sandy\Desktop\ChillaMoon

2014-10-30 10:54 - 2014-09-24 09:55 - 00000000 ___RD () C:\Users\sandy\Desktop\Art

2014-10-30 10:54 - 2014-07-17 09:54 - 00000000 ___RD () C:\Users\sandy\Desktop\Dokumente

2014-10-28 22:59 - 2011-05-21 20:40 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\SoftGrid Client

2014-10-28 16:24 - 2011-10-20 16:53 - 00000000 ___RD () C:\Users\sandy\Desktop\Leasachen o_o

2014-10-28 14:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-10-28 09:53 - 2011-01-04 19:03 - 00000000 ____D () C:\Users\sandy\AppData\Local\Paint.NET

2014-10-26 15:43 - 2011-05-18 17:20 - 00000000 ___RD () C:\Users\sandy\Desktop\Games

2014-10-26 11:03 - 2014-06-25 11:32 - 00000000 ___RD () C:\Users\sandy\Desktop\Projekte

2014-10-25 17:53 - 2014-06-25 12:43 - 00000000 ___RD () C:\Users\sandy\Desktop\ART Wip's

2014-10-25 17:52 - 2014-09-24 09:58 - 00000000 ___RD () C:\Users\sandy\Desktop\Gallery

2014-10-25 17:51 - 2014-06-25 11:23 - 00000000 ___RD () C:\Users\sandy\Desktop\Potpourri

2014-10-24 18:45 - 2014-07-03 08:12 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA

2014-10-24 18:45 - 2014-07-03 08:12 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core

2014-10-23 20:32 - 2014-04-08 23:12 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-23 20:02 - 2014-04-08 23:12 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-23 15:28 - 2014-02-14 09:22 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\DigitalSites

2014-10-23 13:46 - 2013-08-01 10:14 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2014-10-23 13:45 - 2013-08-01 09:50 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-10-23 13:45 - 2013-08-01 09:50 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-10-23 07:17 - 2009-07-14 05:45 - 00299528 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-23 07:15 - 2014-05-06 23:45 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-10-19 19:02 - 2014-07-03 08:15 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-10-19 19:02 - 2012-12-26 14:28 - 00000000 ____D () C:\ProgramData\CanonIJ

2014-10-19 19:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration

2014-10-19 19:00 - 2012-01-08 15:15 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\.minecraft

2014-10-19 18:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-10-09 12:01 - 2010-12-27 13:39 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\xVideoServiceThief

2014-10-08 10:08 - 2014-10-03 08:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tulox
 

Some content of TEMP:

====================

C:\Users\sandy\AppData\Local\Temp\avgnt.exe

C:\Users\sandy\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

C:\Users\sandy\AppData\Local\Temp\{0948F8CE-3B54-4B97-90CA-3B85FC732A19}-38.0.2125.111_chrome_installer.exe

C:\Users\sandy\AppData\Local\Temp\{403D47E9-78F2-4304-B73A-A1ABEFADDB28}-38.0.2125.111_chrome_installer.exe

C:\Users\sandy\AppData\Local\Temp\{5BC95FE7-0D47-4F51-90E2-BE7631CFB777}-38.0.2125.111_chrome_installer.exe

C:\Users\sandy\AppData\Local\Temp\{61E90F14-DEAC-4930-8B48-D8C147CB6C7F}-38.0.2125.111_chrome_installer.exe

C:\Users\sandy\AppData\Local\Temp\{BE97FE0B-955D-42D0-BDC7-B1917856496F}-38.0.2125.111_chrome_installer.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-10-19 18:37
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014

Ran by sandy at 2014-11-05 14:21:55

Running from C:\Users\sandy\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )

Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)

Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems, Inc.)

Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)

AGEIA PhysX v7.11.13 (HKLM-x32\...\{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}) (Version: 7.11.13 - AGEIA Technologies, Inc.)

Alice Madness Returns (HKLM-x32\...\{93A3AB24-36E8-41BA-80C6-CCEC237836DC}) (Version: 1.0.0.0 - Electronic Arts)

ATI Catalyst Install Manager (HKLM\...\{B6DB58D2-E7E8-5B0F-65F8-B76713C0AF75}) (Version: 3.0.786.0 - ATI Technologies, Inc.)

Avira (HKLM-x32\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)

Avira (x32 Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

BioShock 2 (HKLM-x32\...\{4A8B461A-9336-4CF9-98F4-14DD38E673F0}) (Version: 1.00.0000 - 2K Games)

BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden

Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )

Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )

Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )

CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version:  - )

ccc-core-static (x32 Version: 2010.0727.2126.36625 - Ihr Firmenname) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Corel Home Office - IPM (x32 Version: 5.4 - Corel Corporation) Hidden

Corel Home Office - Launcher (x32 Version: 5.4 - Corel Corporation) Hidden

Corel Home Office - Templates1 (x32 Version: 5.4 - Your Company Name) Hidden

Corel Home Office (HKLM-x32\...\_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}) (Version:  - Corel Corporation)

Corel Home Office (x32 Version: 5.4 - Corel Corporation) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)

DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.0.1.115) (Version: 1.0.1.115 - DAZ 3D)

DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version:  - )

DealPly (HKCU\...\DealPly) (Version:  - ) <==== ATTENTION

DealPly (remove only) (HKLM-x32\...\DealPly) (Version: 4.8.6.1 - DealPly Technologies Ltd.) <==== ATTENTION

Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden

DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)

DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)

Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)

Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden

ffdshow v1.1.4399 [2012-03-22] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4399.0 - )

Firebird 2.1.1.17910 (Win32) (HKLM-x32\...\FBDBServer_2_1_is1) (Version: 2.1.1.17910 - Firebird Project)

Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)

hp deskjet 5550 series (nur entfernen) (HKLM-x32\...\hp deskjet 5550 series) (Version:  - )

hp print screen utility (HKLM-x32\...\hp print screen utility) (Version:  - )

ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden

Jables Adventure (HKLM-x32\...\{BCE8EB52-D124-49A7-BC44-D623DB9C89CD}) (Version: 1.00.0000 - Jables Adventure)

Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)

Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

Jewel Quest II (x32 Version: 2.2.0.82 - WildTangent) Hidden

Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )

LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.2 - LG Electronics)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)

Might and Magic® VI (HKLM-x32\...\Might and Magic® VI) (Version:  - )

Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Mozilla Firefox 33.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MyTube BigPack Internet Recorder 3 (HKLM-x32\...\{E37AC1FF-03EE-4AE3-0001-E55B0BCCABE0}) (Version: 3.0.9.903 - S.A.D.)

OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )

Paint.NET v3.5.6 (HKLM\...\{639673E9-D53F-44F4-A046-485C8A6ADA16}) (Version: 3.56.0 - dotPDN LLC)

Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden

Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden

ProtectDisc Helper Driver 10 (HKLM-x32\...\ProtectDisc Driver 10) (Version: 10.0.0.3 - )

Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)

Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)

Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)

Sacred 2 (HKLM-x32\...\{1023383E-D9F6-478C-A965-23A4657B3C9A}) (Version: 2.0.2.0 - Ascaron Entertainment)

Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)

StuntRally (HKLM-x32\...\StuntRally) (Version: 1.1 - )

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)

Tomb Raider: Anniversary 1.0 (HKLM-x32\...\Tomb Raider: Anniversary) (Version:  - )

Tomb Raider: Legend 1.0 (HKLM-x32\...\Tomb Raider: Legend) (Version:  - )

TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)

TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)

TOSHIBA ConfigFree (HKLM-x32\...\{E0FAA369-B0E3-48B8-9447-4873103B0012}) (Version: 8.0.33 - TOSHIBA CORPORATION)

TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)

TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)

TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.10C - Ihr Firmenname)

TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.27C - TOSHIBA CORPORATION)

TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)

Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)

TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)

TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.11 - TOSHIBA CORPORATION)

TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.09.0001 - TOSHIBA)

TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)

TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)

TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)

TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)

TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)

Toshiba TEMPRO (HKLM-x32\...\{DBB7021A-3437-446F-ACE5-7261644A972C}) (Version: 3.33 - Toshiba Europe GmbH)

TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.14.64 - TOSHIBA Corporation)

TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)

TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )

TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden

upapp (HKLM-x32\...\{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}) (Version: 0.20.0000 - Hewlett-Packard)

Update for Codec Pack (HKCU\...\DSite) (Version:  - ) <==== ATTENTION

Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden

Vodafone Mobile Connect Lite (HKLM-x32\...\{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}) (Version: 9.3.3.10523 - Vodafone)

WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden

WildTangent-Spiele (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)

xVideoServiceThief (HKLM-x32\...\{129FC9F8-206B-4C29-9B45-8D53B10EC6C7}) (Version: 2.5 - Xesc & Technology)

yWriter5 (HKLM-x32\...\yWriter5_is1) (Version:  - Spacejock Software)

Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\sandy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\sandy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\sandy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 

==================== Restore Points  =========================
 

01-11-2014 18:51:40 Removed Photo Service - powered by myphotobook

03-11-2014 06:29:16 Windows Update

04-11-2014 07:45:55 Installed Java 7 Update 71
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {02878DEA-46AA-42FA-A5BB-5A62089A3615} - System32\Tasks\{0EB315D0-ACB5-4115-9F00-DAF2DE266E5F} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe

Task: {143498AB-4AAF-4D75-ADE4-B119DDE5B97D} - System32\Tasks\{60948FDD-FF8B-4A1A-9862-58745CDA102A} => D:\Vampire - The Masquerade Bloodlines\vampire.exe

Task: {15E172F0-C203-4191-910C-97D5D00D97AA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core => C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-03] (Google Inc.)

Task: {19DD82D1-3259-4E43-878B-25AF9D0DF632} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-06-03] (TOSHIBA CORPORATION)

Task: {20B677DB-1A9D-43BC-9F81-375098987377} - System32\Tasks\{6E444F10-3212-45B4-8FB9-51352589F805} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe

Task: {2372D37A-C430-4620-B430-BBBDCB2B7BB1} - System32\Tasks\DSite => C:\Users\sandy\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: {23A95DAA-AA68-4AFE-90CA-A9919EF02C38} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core => C:\Users\sandy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)

Task: {3D2ADF00-6CFB-4099-A701-2FFC28BE25F0} - System32\Tasks\DealPlyUpdate => C:\Program <==== ATTENTION

Task: {414B773E-17B3-4568-BDF0-1CDE12FA4DC8} - System32\Tasks\{085C1A24-7BDF-4249-964E-5311A1988616} => E:\Support\AutoRun\AutoRun.exe

Task: {419C01D0-8721-4BFC-A3C6-22FA6103C99A} - System32\Tasks\{8DBF4F57-4509-42F1-868F-09BC8C3B7CC0} => D:\Vampire - The Masquerade Bloodlines\vampire.exe

Task: {4BE7C574-8626-46EB-83BC-31373DD16CD1} - System32\Tasks\{FE765164-514A-4DDE-89B2-CE92A2FFED6B} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe

Task: {50390407-81D3-4AE7-A7F1-E546FC3C037E} - System32\Tasks\{A053FF43-97E0-45CB-A291-BA48E29D7870} => Firefox.exe hxxp://ui.skype.com/ui/0/6.21.0.104/de/abandoninstall?page=tsProgressBar

Task: {73911CD8-9CBD-4EF4-85AD-AC8EF603EFF9} - System32\Tasks\DealPly => C:\Users\sandy\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe [2013-02-27] () <==== ATTENTION

Task: {77AEA1FD-14A8-4AD5-BCF6-EB869F742516} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA => C:\Users\sandy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)

Task: {7952071B-D277-4E12-8A50-F106B91F5D9B} - System32\Tasks\Tomb Raider - Underworld => C:\Program Files (x86)\Eidos\Tomb Raider - Underworld\TRU.exe

Task: {7B10BED2-E3A5-48D8-A8EA-4ECF989CE4E9} - System32\Tasks\{F54398D5-7EBA-4516-A009-97E3BB0F60B5} => C:\Program Files (x86)\Activision\Vampire - Bloodlines\vampire.exe

Task: {7FA4C4DD-C221-4B36-A83F-E7A4DF74335E} - System32\Tasks\{45C8487D-074A-42F5-8A1B-5B9882F60799} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.1.0.129.272&amp;LastError=12002

Task: {9077F692-060B-42D0-BAAC-EA0526F726B2} - System32\Tasks\{151C426D-286B-3F19-3471-A60076084118} => C:\Users\sandy\AppData\Roaming\adobe\acrobat\9.0\collab\rvystmw.exe

Task: {9A65F8B5-DDAA-4615-9334-B99CF0C990D0} - System32\Tasks\{912ED8E0-2B36-4EAE-958C-0D89A02DC18F} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2.exe

Task: {9C7F1901-57CD-47C0-807C-8D3BB1F5802A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA => C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-03] (Google Inc.)

Task: {A51265C1-4C7B-4F2D-9980-DC8627211BD6} - System32\Tasks\{5A86E3CE-0782-411A-87AB-A4A4AD3D4C06} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe

Task: {A8A210BA-B958-47FF-BD8F-C07CA32658E1} - System32\Tasks\{16E8E79F-514A-4585-BB09-4787CFCC0BBD} => Firefox.exe hxxp://ui.skype.com/ui/0/6.18.60.106/de/abandoninstall?page=tsMain

Task: {F253352F-30D6-4174-A96B-8792580909A1} - System32\Tasks\{260E29CD-D312-414C-8752-8C24BF06633F} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe

Task: {F7F548A4-8125-401E-B8FA-6142C4EB4A47} - System32\Tasks\{CB67930E-5AF4-472C-B754-B80A828A6F13} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe

Task: C:\Windows\Tasks\DSite.job => C:\Users\sandy\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core.job => C:\Users\sandy\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA.job => C:\Users\sandy\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core.job => C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA.job => C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2006-09-14 07:56 - 2006-09-14 07:56 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

2012-12-26 13:53 - 2010-04-05 20:55 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

2010-04-07 15:07 - 2010-04-07 15:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll

2009-11-03 12:26 - 2009-11-03 12:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll

2010-03-03 13:15 - 2010-03-03 13:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll

2010-03-03 13:15 - 2010-03-03 13:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll

2010-08-31 17:31 - 2010-08-31 14:21 - 00017272 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll

2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll

2009-07-25 15:38 - 2009-07-25 15:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll

2009-10-13 09:00 - 2009-10-13 09:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2010-07-27 20:25 - 2010-07-27 20:25 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2010-02-05 16:44 - 2010-02-05 16:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

2014-11-05 12:40 - 2009-08-05 13:24 - 00472592 _____ () C:\Users\sandy\AppData\Local\Temp\7zO07017644\Core Temp.exe

2009-09-11 18:10 - 2009-09-11 18:10 - 00266752 _____ () C:\Windows\system32\WinTab32.DLL

2009-09-11 18:10 - 2009-09-11 18:10 - 00200704 _____ () C:\Windows\SysWOW64\WinTab32.DLL

2014-08-07 13:38 - 2014-07-24 10:50 - 00049744 _____ () C:\Users\sandy\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

2012-10-07 18:36 - 2014-11-01 13:16 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2013-12-03 10:03 - 2013-12-03 10:03 - 16237448 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupfolder: C:^Users^sandy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"

MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

MSCONFIG\startupreg: Facebook Update => "C:\Users\sandy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

MSCONFIG\startupreg: Google Update => "C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe" /c

MSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent

MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe

MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

MSCONFIG\startupreg: WidgetAlarm => C:\Program Files (x86)\e-load\Tiefpreisalarm\Tiefpreisalarm.exe
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-2990021915-2304927789-3911982604-500 - Administrator - Disabled)

Gast (S-1-5-21-2990021915-2304927789-3911982604-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2990021915-2304927789-3911982604-1002 - Limited - Enabled)

sandy (S-1-5-21-2990021915-2304927789-3911982604-1000 - Administrator - Enabled) => C:\Users\sandy
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (11/05/2014 00:41:52 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Composition.CompositionException

Stack:

   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()

   at System.ComponentModel.Composition.Primitives.Export.get_Value()

   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)

   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/05/2014 00:41:28 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Composition.CompositionException

Stack:

   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()

   at System.ComponentModel.Composition.Primitives.Export.get_Value()

   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)

   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/05/2014 00:39:56 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Nur zur Information.

Fehler bei der Registrierung des Click-2-Run-Pakets.
 

Error: (11/05/2014 00:39:54 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )

Description: {tid=9A8}

Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.7130.5000.sft' herstellen (Rückgabecode 2460420A-40002EE7, ursprünglicher Rückgabecode 2460420A-40002EE7).
 

Error: (11/05/2014 00:38:55 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.18.30000, Zeitstempel: 0x53d0d678

Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86

Ausnahmecode: 0xe0434352

Fehleroffset: 0x0000c42d

ID des fehlerhaften Prozesses: 0x8cc

Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0

Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1

Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2

Berichtskennung: Avira.OE.ServiceHost.exe3
 

Error: (11/05/2014 00:38:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.InvalidOperationException

Stack:

   at System.Linq.Enumerable.First[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>)

   at Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(System.String)

   at System.Linq.Enumerable.Any[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>, System.Func`2<System.__Canon,Boolean>)

   at Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(System.Collections.Generic.List`1<System.String>)

   at Avira.OE.BrowserExtensionConnector.SafeSearchProductInfo.IsInstalled(Avira.OE.WinCore.Browser)

   at Avira.OE.WinCore.BrowserInfo.GetBrowsersData(System.Func`2<Avira.OE.WinCore.Browser,Boolean>)

   at Avira.OE.BrowserExtensionConnector.AviraSafeSearchStatusConnector.GetBrowserInfo()

   at Avira.OE.ServiceHost.ComputerAndServicesInfo.SetPayloadForSafeSearch(Avira.OE.WinCore.Interface.DevCheckUpdatePayload)

   at Avira.OE.ServiceHost.ComputerAndServicesInfo.CreateMessagePayload()

   at Avira.OE.ServiceHost.ServiceHost.DispatchAnonymousSyncStatus(Avira.OE.Communicator.Interface.ICommunicator)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/05/2014 00:37:42 PM) (Source: Avira Service Host) (EventID: 0) (User: )

Description: Failed to process session change. System.InvalidOperationException: Sequence contains no elements

   at System.Linq.Enumerable.First[TSource](IEnumerable`1 source)

   at Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(String extensionId)

   at System.Linq.Enumerable.Any[TSource](IEnumerable`1 source, Func`2 predicate)

   at Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(List`1 extensionIds)

   at Avira.OE.BrowserExtensionConnector.ExtensionStatusMonitor.StartWatching(TimeSpan timeSpan)

   at Avira.OE.BrowserExtensionConnector.AviraBrowserSafetyStatusConnector.OnSessionChange(Int32 sessionId, SessionChangeReason reason)

   at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)

   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
 

Error: (11/05/2014 11:39:12 AM) (Source: Google Update) (EventID: 20) (User: sandy-toshi)

Description: Network Request Error.

Error: 0x80072ee7. Http status code: 0.

Url=https://www.facebook.com/omaha/update.php

Trying config: source=FireFox, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=auto, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=FireFox, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=auto, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned
 

Error: (11/05/2014 11:18:24 AM) (Source: VSS) (EventID: 12298) (User: )

Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.

Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.

], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.

], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.

], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.

].
 
 

Vorgang:

   Asynchroner Vorgang wird ausgeführt
 

Kontext:

   Aktueller Status: DoSnapshotSet
 

Error: (11/05/2014 11:18:23 AM) (Source: VSS) (EventID: 12310) (User: )

Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.

Fehlerkontext: DeviceIoControl(\\?\Volume{4e753a2f-dac8-11df-8e33-806e6f6e6963} - 0000000000000108,0x0053c010,0000000000364A00,0,0000000000365A10,4096,[0]).
 
 

Vorgang:

   Schattenkopien werden übertragen
 

Kontext:

   Ausführungskontext: System Provider
 
 

System errors:

=============

Error: (11/05/2014 00:43:58 PM) (Source: bowser) (EventID: 8003) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{87690C63-67B0-4F14-AD02-05A74B7892BF}-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (11/05/2014 00:41:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
 

Error: (11/05/2014 00:41:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (11/05/2014 00:41:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (11/05/2014 00:36:52 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: Das System wurde zuvor am ‎05.‎11.‎2014 um 12:19:33 unerwartet heruntergefahren.
 

Error: (11/05/2014 10:30:23 AM) (Source: ACPI) (EventID: 13) (User: )

Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 

Error: (11/05/2014 09:15:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
 

Error: (11/05/2014 09:14:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (11/05/2014 09:13:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (11/05/2014 09:11:41 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: Das System wurde zuvor am ‎04.‎11.‎2014 um 20:18:47 unerwartet heruntergefahren.
 
 

Microsoft Office Sessions:

=========================

Error: (11/05/2014 00:41:52 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Composition.CompositionException

Stack:

   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()

   at System.ComponentModel.Composition.Primitives.Export.get_Value()

   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)

   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/05/2014 00:41:28 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Composition.CompositionException

Stack:

   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()

   at System.ComponentModel.Composition.Primitives.Export.get_Value()

   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)

   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/05/2014 00:39:56 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Fehler bei der Registrierung des Click-2-Run-Pakets.
 

Error: (11/05/2014 00:39:54 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )

Description: {tid=9A8}

hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.7130.5000.sft2460420A-40002EE72460420A-40002EE7
 

Error: (11/05/2014 00:38:55 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Avira.OE.ServiceHost.exe1.1.18.3000053d0d678KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d8cc01cff8ecd5fe0d99C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\Windows\syswow64\KERNELBASE.dll527ca83e-64e0-11e4-8fdb-88ae1df1cb40
 

Error: (11/05/2014 00:38:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.InvalidOperationException

Stack:

   at System.Linq.Enumerable.First[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>)

   at Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(System.String)

   at System.Linq.Enumerable.Any[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>, System.Func`2<System.__Canon,Boolean>)

   at Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(System.Collections.Generic.List`1<System.String>)

   at Avira.OE.BrowserExtensionConnector.SafeSearchProductInfo.IsInstalled(Avira.OE.WinCore.Browser)

   at Avira.OE.WinCore.BrowserInfo.GetBrowsersData(System.Func`2<Avira.OE.WinCore.Browser,Boolean>)

   at Avira.OE.BrowserExtensionConnector.AviraSafeSearchStatusConnector.GetBrowserInfo()

   at Avira.OE.ServiceHost.ComputerAndServicesInfo.SetPayloadForSafeSearch(Avira.OE.WinCore.Interface.DevCheckUpdatePayload)

   at Avira.OE.ServiceHost.ComputerAndServicesInfo.CreateMessagePayload()

   at Avira.OE.ServiceHost.ServiceHost.DispatchAnonymousSyncStatus(Avira.OE.Communicator.Interface.ICommunicator)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/05/2014 00:37:42 PM) (Source: Avira Service Host) (EventID: 0) (User: )

Description: Failed to process session change. System.InvalidOperationException: Sequence contains no elements

   at System.Linq.Enumerable.First[TSource](IEnumerable`1 source)

   at Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(String extensionId)

   at System.Linq.Enumerable.Any[TSource](IEnumerable`1 source, Func`2 predicate)

   at Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(List`1 extensionIds)

   at Avira.OE.BrowserExtensionConnector.ExtensionStatusMonitor.StartWatching(TimeSpan timeSpan)

   at Avira.OE.BrowserExtensionConnector.AviraBrowserSafetyStatusConnector.OnSessionChange(Int32 sessionId, SessionChangeReason reason)

   at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)

   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
 

Error: (11/05/2014 11:39:12 AM) (Source: Google Update) (EventID: 20) (User: sandy-toshi)

Description: Network Request Error.

Error: 0x80072ee7. Http status code: 0.

Url=https://www.facebook.com/omaha/update.php

Trying config: source=FireFox, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=auto, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=FireFox, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=auto, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned
 

Error: (11/05/2014 11:18:24 AM) (Source: VSS) (EventID: 12298) (User: )

Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet.

0x00000000, Der Vorgang wurde erfolgreich beendet.

0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.

0x00000000, Der Vorgang wurde erfolgreich beendet.
 
 

Vorgang:

   Asynchroner Vorgang wird ausgeführt
 

Kontext:

   Aktueller Status: DoSnapshotSet
 

Error: (11/05/2014 11:18:23 AM) (Source: VSS) (EventID: 12310) (User: )

Description: DeviceIoControl(\\?\Volume{4e753a2f-dac8-11df-8e33-806e6f6e6963} - 0000000000000108,0x0053c010,0000000000364A00,0,0000000000365A10,4096,[0])
 

Vorgang:

   Schattenkopien werden übertragen
 

Kontext:

   Ausführungskontext: System Provider
 
 

==================== Memory info =========================== 
 

Processor: AMD Athlon(tm) II P340 Dual-Core Processor

Percentage of memory in use: 51%

Total physical RAM: 3835.69 MB

Available physical RAM: 1878.88 MB

Total Pagefile: 7669.56 MB

Available Pagefile: 5306.27 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: (WINDOWS) (Fixed) (Total:149.04 GB) (Free:70.65 GB) NTFS

Drive d: (Data) (Fixed) (Total:148.65 GB) (Free:94.54 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 40FECE23)

Partition 1: (Active) - (Size=400 MB) - (Type=27)

Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=148.7 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

AdwCleaner:

Code:

# AdwCleaner v4.002 - Bericht erstellt am 07/11/2014 um 08:45:38

# DB v2014-11-02.1

# Aktualisiert 27/10/2014 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzername : sandy - SANDY-TOSHI

# Gestartet von : C:\Users\sandy\Desktop\AdwCleaner_4.002.exe

# Option : Löschen
 

***** [ Dienste ] *****
 

[#] Dienst Gelöscht : WebCake Desktop Updater
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\apn

Ordner Gelöscht : C:\Program Files (x86)\Conduit

Ordner Gelöscht : C:\Users\sandy\AppData\Local\Conduit

Ordner Gelöscht : C:\Users\sandy\AppData\LocalLow\Conduit

Ordner Gelöscht : C:\Users\sandy\AppData\Roaming\DealPly

Ordner Gelöscht : C:\Users\sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly

Ordner Gelöscht : C:\Users\sandy\AppData\Roaming\DigitalSites

Ordner Gelöscht : C:\Users\sandy\AppData\Roaming\DSite

Ordner Gelöscht : C:\Users\sandy\AppData\LocalLow\Elf_1.15

Ordner Gelöscht : C:\Users\sandy\AppData\LocalLow\PriceGong

Ordner Gelöscht : C:\ProgramData\Tarma Installer

Datei Gelöscht : C:\Users\sandy\AppData\Roaming\Mozilla\Firefox\Profiles\j8twzhfc.default-1394097801468\searchplugins\ask-search.xml
 

***** [ Tasks ] *****
 

Task Gelöscht : Dealply

Task Gelöscht : DealPlyUpdate
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2856415

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2866295

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3241949

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_movier[1]_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_movier[1]_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_synthesia[1]_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_synthesia[1]_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tubemate-youtube-downloader_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tubemate-youtube-downloader_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AF6B0594-6008-4327-93E5-608AD710A6FA}

Schlüssel Gelöscht : HKCU\Software\DealPly

Schlüssel Gelöscht : HKCU\Software\dsiteproducts

Schlüssel Gelöscht : HKCU\Software\InstallCore

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKCU\Software\qtrax

Schlüssel Gelöscht : HKCU\Software\Softonic

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Elf_1

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar

Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit

Schlüssel Gelöscht : HKLM\SOFTWARE\DealPly

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta-credit.de

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17344
 
 

-\\ Mozilla Firefox v33.0.2 (x86 de)
 
 

-\\ Google Chrome v
 
 

*************************
 

AdwCleaner[R0].txt - [5019 octets] - [07/11/2014 08:42:44]

AdwCleaner[S0].txt - [4562 octets] - [07/11/2014 08:45:38]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4622 octets] ##########

MBAM:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 07.11.2014

Suchlauf-Zeit: 08:59:45

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.3.1025

Malware Datenbank: v2014.11.07.02

Rootkit Datenbank: v2014.11.01.02

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: sandy
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 330449

Verstrichene Zeit: 21 Min, 34 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente erkannt)
 

Module: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsschlüssel: 0

(Keine schädliche Elemente erkannt)
 

Registrierungswerte: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsdaten: 0

(Keine schädliche Elemente erkannt)
 

Ordner: 0

(Keine schädliche Elemente erkannt)
 

Dateien: 1

PUP.Optional.WebCake.A, C:\Program Files (x86)\WADesktop.Updater.exe, In Quarantäne, [6e80ec4cf8847eb89a64978af40d29d7], 
 

Physische Sektoren: 0

(Keine schädliche Elemente erkannt)
 
 

(end)

Zoek:

Code:

Zoek.exe v5.0.0.0 Updated 06-November-2014

Tool run by sandy on 07.11.2014 at  9:43:28,13.

Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\sandy\Desktop\zoek.exe [Scan all users] [Script inserted] 
 

==== System Restore Info ======================
 

07.11.2014 09:46:56 Zoek.exe System Restore Point Created Succesfully.

FRST:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014

Ran by sandy (administrator) on SANDY-TOSHI on 07-11-2014 13:57:31

Running from C:\Users\sandy\Desktop

Loaded Profile: sandy (Available profiles: sandy)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

() C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Tablet Driver) C:\Windows\SysWOW64\WTClient.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

() C:\Users\sandy\AppData\Local\Temp\7zO035E8B5D\Core Temp.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)

HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-07-28] (Realtek Semiconductor)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505768 2010-05-25] (TOSHIBA Corporation)

HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)

HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)

HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)

HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)

HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-27] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA)

HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)

HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-15] (TOSHIBA CORPORATION)

HKLM-x32\...\Run: [WTClient] => C:\Windows\SysWOW64\WTClient.exe [32768 2009-08-20] (Tablet Driver)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-23] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - {0E61CED6-8623-48AC-8FF6-B73BA19BAEE7} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2

SearchScopes: HKCU - {0F9BCD39-0B5B-42B1-8396-0C803E5CF92B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3241949&CUI=UN40850759832457421

SearchScopes: HKCU - {56D29AEA-DB7C-466D-86B2-25EE7D0A7D65} URL = 

SearchScopes: HKCU - {60E5083B-8C5F-4982-8F57-7E1F1A159DBD} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}

SearchScopes: HKCU - {BB9BF943-36AC-46D3-B526-CAB3C8E8FBA2} URL = 

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

DPF: HKLM-x32 {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx

DPF: HKLM-x32 {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx

DPF: HKLM-x32 {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\sandy\AppData\Roaming\Mozilla\Firefox\Profiles\j8twzhfc.default-1394097801468

FF DefaultSearchEngine: LEO Eng-Deu

FF SelectedSearchEngine: LEO Eng-Deu

FF Homepage: hxxp://www.google.de/

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()

FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\sandy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\sandy\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\sandy\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Photobucket Uploader - C:\Users\sandy\AppData\Roaming\Mozilla\Firefox\Profiles\j8twzhfc.default-1394097801468\Extensions\pbupload@photobucket.com.xpi [2014-06-03]

FF Extension: YesScript - C:\Users\sandy\AppData\Roaming\Mozilla\Firefox\Profiles\j8twzhfc.default-1394097801468\Extensions\yesscript@userstyles.org.xpi [2014-06-06]
 

Chrome: 

=======

CHR Profile: C:\Users\sandy\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-22]

CHR Extension: (Google Wallet) - C:\Users\sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22]

CHR Extension: (Minecraft Diamond Block) - C:\Users\sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgcgodlpmjclfncgiejflbkjigfhhkp [2014-11-04]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () [File not signed]

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-23] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-23] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-23] (Avira Operations GmbH & Co. KG)

S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)

S3 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]

R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2008-06-13] (Firebird Project) [File not signed]

R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2723840 2008-06-13] (Firebird Project) [File not signed]

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()

S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)

S4 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone) [File not signed]

R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [73728 2009-09-23] (Tablet Driver) [File not signed]

S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [277904 2014-01-09] (Protect Software GmbH)

R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [228000 2014-01-09] (Protect Software GmbH)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-03] (Avira Operations GmbH & Co. KG)

R3 ALSysIO; \??\C:\Users\sandy\AppData\Local\Temp\ALSysIO64.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]

S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]

S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]

S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-07 13:57 - 2014-11-07 13:58 - 00017806 _____ () C:\Users\sandy\Desktop\FRST.txt

2014-11-07 13:33 - 2014-11-07 13:33 - 00000511 _____ () C:\Users\sandy\Desktop\z.txt

2014-11-07 13:33 - 2014-11-07 09:46 - 00000412 _____ () C:\Users\sandy\Desktop\zoek-results.log

2014-11-07 09:46 - 2014-11-07 09:46 - 00000412 _____ () C:\zoek-results.log

2014-11-07 09:43 - 2014-11-07 09:47 - 00000511 _____ () C:\runcheck.txt

2014-11-07 09:43 - 2014-11-07 09:43 - 01294848 _____ () C:\Users\sandy\Desktop\zoek.exe

2014-11-07 09:43 - 2014-11-07 09:43 - 00000000 ____D () C:\zoek_backup

2014-11-07 09:33 - 2014-11-07 09:33 - 00001289 _____ () C:\Users\sandy\Desktop\mbam.txt

2014-11-07 08:58 - 2014-11-07 09:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-11-07 08:57 - 2014-11-07 08:57 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-11-07 08:57 - 2014-11-07 08:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-11-07 08:57 - 2014-11-07 08:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-11-07 08:57 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-11-07 08:57 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-11-07 08:57 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-11-07 08:55 - 2014-11-07 08:56 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\sandy\Desktop\mbam-setup-2.0.3.1025.exe

2014-11-07 08:50 - 2014-11-07 08:50 - 00004706 _____ () C:\Users\sandy\Desktop\AdwCleaner[S0].txt

2014-11-07 08:42 - 2014-11-07 08:45 - 00000000 ____D () C:\AdwCleaner

2014-11-07 08:41 - 2014-11-07 08:41 - 01998336 _____ () C:\Users\sandy\Desktop\AdwCleaner_4.002.exe

2014-11-07 08:37 - 2014-11-07 08:40 - 00000000 ____D () C:\Users\sandy\Desktop\temp

2014-11-07 08:37 - 2014-11-07 08:37 - 00000000 ____D () C:\Users\sandy\Desktop\atm

2014-11-07 08:27 - 2014-11-07 08:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-11-05 16:43 - 2014-11-05 16:43 - 00003234 _____ () C:\Windows\System32\Tasks\SidebarExecute

2014-11-05 16:32 - 2014-11-05 16:32 - 00024942 _____ () C:\ComboFix.txt

2014-11-05 15:58 - 2014-11-05 16:32 - 00000000 ____D () C:\Qoobox

2014-11-05 15:58 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-11-05 15:58 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-11-05 15:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-11-05 15:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-11-05 15:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-11-05 15:58 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2014-11-05 15:58 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2014-11-05 15:58 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2014-11-05 15:57 - 2014-11-05 16:30 - 00000000 ____D () C:\Windows\erdnt

2014-11-05 15:50 - 2014-11-05 15:51 - 05591672 ____R (Swearware) C:\Users\sandy\Desktop\ComboFix.exe

2014-11-05 14:19 - 2014-11-07 13:57 - 00000000 ____D () C:\FRST

2014-11-05 14:18 - 2014-11-05 14:18 - 02114560 _____ (Farbar) C:\Users\sandy\Desktop\FRST64.exe

2014-11-04 08:47 - 2014-11-04 08:47 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-11-04 08:47 - 2014-11-04 08:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-11-04 08:47 - 2014-11-04 08:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-11-04 08:47 - 2014-11-04 08:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-11-04 08:47 - 2014-11-04 08:47 - 00000000 ____D () C:\Program Files (x86)\Java

2014-11-03 07:30 - 2014-10-28 06:34 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-11-01 13:30 - 2014-11-01 13:30 - 00000020 _____ () C:\Windows\@úô

2014-11-01 11:06 - 2014-11-01 11:06 - 00003088 _____ () C:\Windows\System32\Tasks\{A053FF43-97E0-45CB-A291-BA48E29D7870}

2014-10-26 15:43 - 2014-11-07 08:37 - 00000000 ____D () C:\Users\sandy\Desktop\Ordner

2014-10-25 17:12 - 2014-10-26 11:05 - 00000000 ___RD () C:\Users\sandy\Desktop\Study

2014-10-24 09:54 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-10-24 09:54 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-10-24 09:54 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-24 09:54 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-10-24 09:54 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-10-24 09:54 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-10-24 09:54 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-10-24 09:54 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-10-24 09:54 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-24 09:54 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-24 09:54 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-10-24 09:54 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-10-24 09:54 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-24 09:54 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-10-24 09:54 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-10-24 09:54 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-24 09:54 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-10-24 09:54 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-24 09:54 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-24 09:54 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-10-24 09:54 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-10-24 09:54 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-10-24 09:54 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-10-24 09:54 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-24 09:54 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-10-24 09:54 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-10-24 09:54 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-10-24 09:54 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-10-24 09:54 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-24 09:54 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-10-24 09:54 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-24 09:54 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-10-24 09:54 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-10-24 09:54 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-10-24 09:54 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-10-24 09:54 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-10-24 09:54 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-10-24 09:54 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-24 09:54 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-10-24 09:54 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-10-24 09:54 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-10-24 09:54 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-10-24 09:54 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-10-24 09:54 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-10-24 09:54 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-24 09:54 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-10-24 09:54 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-10-24 09:54 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-10-24 09:53 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-24 09:53 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-24 09:53 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-10-24 09:53 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-24 09:53 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-10-24 09:53 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-10-24 09:53 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-24 09:53 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-10-22 20:21 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-22 20:21 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2014-10-22 20:21 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-22 20:21 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-22 20:21 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-22 20:21 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-22 20:21 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-22 20:21 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-22 20:21 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-10-22 20:21 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-10-22 20:21 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-10-22 20:21 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2014-10-22 20:21 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-10-22 20:21 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-10-22 20:21 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-22 20:21 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-10-22 15:24 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-22 15:24 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-10-22 15:23 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-22 14:16 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-22 14:16 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-10-22 14:16 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-10-22 14:16 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-22 14:16 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-10-22 14:16 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-22 12:20 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-10-22 12:20 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-10-22 12:20 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-10-22 12:04 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-22 12:04 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-10-22 11:15 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-10-22 11:15 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2014-10-22 10:56 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-22 10:56 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-07 13:50 - 2014-07-03 08:12 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA.job

2014-11-07 13:47 - 2009-07-14 05:45 - 00019024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-11-07 13:47 - 2009-07-14 05:45 - 00019024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-11-07 13:44 - 2010-10-18 16:02 - 02034219 _____ () C:\Windows\WindowsUpdate.log

2014-11-07 13:34 - 2010-10-18 16:13 - 00145710 _____ () C:\Windows\PFRO.log

2014-11-07 13:34 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-07 13:34 - 2009-07-14 05:51 - 00198073 _____ () C:\Windows\setupact.log

2014-11-07 11:39 - 2012-06-14 19:26 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA.job

2014-11-07 10:44 - 2014-05-26 15:23 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1295CCAB-3554-4985-B317-5FB7B1201FBA}

2014-11-07 09:23 - 2012-10-07 18:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-11-07 09:23 - 2010-08-31 17:55 - 00000000 ____D () C:\Windows\PCHEALTH

2014-11-07 08:57 - 2012-06-03 15:30 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-11-07 08:37 - 2014-04-28 09:12 - 00000000 ___RD () C:\Users\sandy\Desktop\Downloads and Scans

2014-11-07 08:32 - 2010-12-31 20:35 - 35434496 ___SH () C:\Users\sandy\Desktop\Thumbs.db

2014-11-06 19:50 - 2014-07-03 08:12 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core.job

2014-11-06 17:37 - 2012-06-14 19:26 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core.job

2014-11-06 11:47 - 2013-07-27 23:23 - 00000129 _____ () C:\Users\sandy\AppData\Roaming\WB.CFG

2014-11-05 16:32 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2014-11-05 16:24 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2014-11-05 16:13 - 2010-12-24 19:30 - 00000000 ____D () C:\Users\sandy

2014-11-04 14:21 - 2010-12-24 19:37 - 00000000 ____D () C:\Users\sandy\AppData\Local\Adobe

2014-11-04 08:50 - 2013-12-03 10:27 - 00000000 ____D () C:\ProgramData\Oracle

2014-11-04 08:09 - 2013-02-08 23:45 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\Skype

2014-11-02 19:26 - 2014-06-25 11:35 - 00000000 ___RD () C:\Users\sandy\Desktop\Bilder Fundus

2014-11-02 15:22 - 2013-10-25 16:30 - 00000000 ___RD () C:\Users\sandy\Desktop\Programme

2014-11-02 14:42 - 2009-07-14 18:58 - 00788626 _____ () C:\Windows\system32\perfh007.dat

2014-11-02 14:42 - 2009-07-14 18:58 - 00182438 _____ () C:\Windows\system32\perfc007.dat

2014-11-02 14:42 - 2009-07-14 06:13 - 01846800 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-01 14:32 - 2012-03-04 10:34 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\quassel-irc.org

2014-11-01 14:28 - 2010-08-31 17:55 - 00000000 ____D () C:\Program Files (x86)\Windows Live

2014-11-01 14:01 - 2010-08-31 17:38 - 00000000 ____D () C:\ProgramData\McAfee

2014-11-01 14:01 - 2010-08-31 17:38 - 00000000 ____D () C:\Program Files (x86)\McAfee

2014-11-01 13:10 - 2010-08-31 17:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-11-01 12:42 - 2010-08-31 17:38 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-11-01 11:06 - 2010-08-31 17:53 - 00000000 ____D () C:\ProgramData\Skype

2014-10-31 11:09 - 2014-09-17 18:26 - 00000000 ___RD () C:\Users\sandy\Desktop\ChillaMoon

2014-10-30 10:54 - 2014-09-24 09:55 - 00000000 ___RD () C:\Users\sandy\Desktop\Art

2014-10-30 10:54 - 2014-07-17 09:54 - 00000000 ___RD () C:\Users\sandy\Desktop\Dokumente

2014-10-28 22:59 - 2011-05-21 20:40 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\SoftGrid Client

2014-10-28 16:24 - 2011-10-20 16:53 - 00000000 ___RD () C:\Users\sandy\Desktop\Leasachen o_o

2014-10-28 14:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-10-28 09:53 - 2011-01-04 19:03 - 00000000 ____D () C:\Users\sandy\AppData\Local\Paint.NET

2014-10-26 15:43 - 2011-05-18 17:20 - 00000000 ___RD () C:\Users\sandy\Desktop\Games

2014-10-26 11:03 - 2014-06-25 11:32 - 00000000 ___RD () C:\Users\sandy\Desktop\Projekte

2014-10-25 17:53 - 2014-06-25 12:43 - 00000000 ___RD () C:\Users\sandy\Desktop\ART Wip's

2014-10-25 17:52 - 2014-09-24 09:58 - 00000000 ___RD () C:\Users\sandy\Desktop\Gallery

2014-10-25 17:51 - 2014-06-25 11:23 - 00000000 ___RD () C:\Users\sandy\Desktop\Potpourri

2014-10-24 18:45 - 2014-07-03 08:12 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA

2014-10-24 18:45 - 2014-07-03 08:12 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core

2014-10-23 20:32 - 2014-04-08 23:12 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-23 20:02 - 2014-04-08 23:12 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-23 13:46 - 2013-08-01 10:14 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2014-10-23 13:45 - 2013-08-01 09:50 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-10-23 13:45 - 2013-08-01 09:50 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-10-23 07:17 - 2009-07-14 05:45 - 00299528 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-23 07:15 - 2014-05-06 23:45 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-10-19 19:02 - 2014-07-03 08:15 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-10-19 19:02 - 2012-12-26 14:28 - 00000000 ____D () C:\ProgramData\CanonIJ

2014-10-19 19:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration

2014-10-19 19:00 - 2012-01-08 15:15 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\.minecraft

2014-10-19 18:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-10-09 12:01 - 2010-12-27 13:39 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\xVideoServiceThief

2014-10-08 10:08 - 2014-10-03 08:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tulox
 

Some content of TEMP:

====================

C:\Users\sandy\AppData\Local\Temp\7za.exe

C:\Users\sandy\AppData\Local\Temp\avgnt.exe

C:\Users\sandy\AppData\Local\Temp\hijackthis.exe

C:\Users\sandy\AppData\Local\Temp\NirCmd.exe

C:\Users\sandy\AppData\Local\Temp\PEVZ.EXE

C:\Users\sandy\AppData\Local\Temp\Quarantine.exe

C:\Users\sandy\AppData\Local\Temp\remove.exe

C:\Users\sandy\AppData\Local\Temp\sed.exe

C:\Users\sandy\AppData\Local\Temp\shortcut.exe

C:\Users\sandy\AppData\Local\Temp\sqlite3.dll

C:\Users\sandy\AppData\Local\Temp\swreg.exe

C:\Users\sandy\AppData\Local\Temp\swxcacls.exe

C:\Users\sandy\AppData\Local\Temp\wget.exe

C:\Users\sandy\AppData\Local\Temp\zoek-delete.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-11-05 15:34
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014

Ran by sandy at 2014-11-07 13:59:39

Running from C:\Users\sandy\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )

Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)

Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems, Inc.)

Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)

AGEIA PhysX v7.11.13 (HKLM-x32\...\{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}) (Version: 7.11.13 - AGEIA Technologies, Inc.)

Alice Madness Returns (HKLM-x32\...\{93A3AB24-36E8-41BA-80C6-CCEC237836DC}) (Version: 1.0.0.0 - Electronic Arts)

ATI Catalyst Install Manager (HKLM\...\{B6DB58D2-E7E8-5B0F-65F8-B76713C0AF75}) (Version: 3.0.786.0 - ATI Technologies, Inc.)

Avira (HKLM-x32\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)

Avira (x32 Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

BioShock 2 (HKLM-x32\...\{4A8B461A-9336-4CF9-98F4-14DD38E673F0}) (Version: 1.00.0000 - 2K Games)

BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden

Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )

Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )

Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )

CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version:  - )

ccc-core-static (x32 Version: 2010.0727.2126.36625 - Ihr Firmenname) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Corel Home Office - IPM (x32 Version: 5.4 - Corel Corporation) Hidden

Corel Home Office - Launcher (x32 Version: 5.4 - Corel Corporation) Hidden

Corel Home Office - Templates1 (x32 Version: 5.4 - Your Company Name) Hidden

Corel Home Office (HKLM-x32\...\_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}) (Version:  - Corel Corporation)

Corel Home Office (x32 Version: 5.4 - Corel Corporation) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)

DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.0.1.115) (Version: 1.0.1.115 - DAZ 3D)

DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version:  - )

Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden

DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)

DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)

Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)

Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden

ffdshow v1.1.4399 [2012-03-22] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4399.0 - )

Firebird 2.1.1.17910 (Win32) (HKLM-x32\...\FBDBServer_2_1_is1) (Version: 2.1.1.17910 - Firebird Project)

Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)

hp deskjet 5550 series (nur entfernen) (HKLM-x32\...\hp deskjet 5550 series) (Version:  - )

hp print screen utility (HKLM-x32\...\hp print screen utility) (Version:  - )

ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden

Jables Adventure (HKLM-x32\...\{BCE8EB52-D124-49A7-BC44-D623DB9C89CD}) (Version: 1.00.0000 - Jables Adventure)

Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)

Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

Jewel Quest II (x32 Version: 2.2.0.82 - WildTangent) Hidden

Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )

LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.2 - LG Electronics)

Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)

Might and Magic® VI (HKLM-x32\...\Might and Magic® VI) (Version:  - )

Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Mozilla Firefox 33.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MyTube BigPack Internet Recorder 3 (HKLM-x32\...\{E37AC1FF-03EE-4AE3-0001-E55B0BCCABE0}) (Version: 3.0.9.903 - S.A.D.)

OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )

Paint.NET v3.5.6 (HKLM\...\{639673E9-D53F-44F4-A046-485C8A6ADA16}) (Version: 3.56.0 - dotPDN LLC)

Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden

Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden

ProtectDisc Helper Driver 10 (HKLM-x32\...\ProtectDisc Driver 10) (Version: 10.0.0.3 - )

Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)

Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)

Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)

Sacred 2 (HKLM-x32\...\{1023383E-D9F6-478C-A965-23A4657B3C9A}) (Version: 2.0.2.0 - Ascaron Entertainment)

Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)

StuntRally (HKLM-x32\...\StuntRally) (Version: 1.1 - )

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)

Tomb Raider: Anniversary 1.0 (HKLM-x32\...\Tomb Raider: Anniversary) (Version:  - )

Tomb Raider: Legend 1.0 (HKLM-x32\...\Tomb Raider: Legend) (Version:  - )

TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)

TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)

TOSHIBA ConfigFree (HKLM-x32\...\{E0FAA369-B0E3-48B8-9447-4873103B0012}) (Version: 8.0.33 - TOSHIBA CORPORATION)

TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)

TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)

TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.10C - Ihr Firmenname)

TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.27C - TOSHIBA CORPORATION)

TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)

Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)

TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)

TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.11 - TOSHIBA CORPORATION)

TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.09.0001 - TOSHIBA)

TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)

TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)

TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)

TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)

TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)

Toshiba TEMPRO (HKLM-x32\...\{DBB7021A-3437-446F-ACE5-7261644A972C}) (Version: 3.33 - Toshiba Europe GmbH)

TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.14.64 - TOSHIBA Corporation)

TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)

TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )

TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden

upapp (HKLM-x32\...\{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}) (Version: 0.20.0000 - Hewlett-Packard)

Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden

Vodafone Mobile Connect Lite (HKLM-x32\...\{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}) (Version: 9.3.3.10523 - Vodafone)

WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden

WildTangent-Spiele (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)

xVideoServiceThief (HKLM-x32\...\{129FC9F8-206B-4C29-9B45-8D53B10EC6C7}) (Version: 2.5 - Xesc & Technology)

yWriter5 (HKLM-x32\...\yWriter5_is1) (Version:  - Spacejock Software)

Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\sandy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\sandy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\sandy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 

==================== Restore Points  =========================
 

01-11-2014 18:51:40 Removed Photo Service - powered by myphotobook

03-11-2014 06:29:16 Windows Update

04-11-2014 07:45:55 Installed Java 7 Update 71

07-11-2014 06:58:15 Windows Update

07-11-2014 08:46:32 zoek.exe restore point
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2014-11-05 16:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {02878DEA-46AA-42FA-A5BB-5A62089A3615} - System32\Tasks\{0EB315D0-ACB5-4115-9F00-DAF2DE266E5F} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe

Task: {143498AB-4AAF-4D75-ADE4-B119DDE5B97D} - System32\Tasks\{60948FDD-FF8B-4A1A-9862-58745CDA102A} => D:\Vampire - The Masquerade Bloodlines\vampire.exe

Task: {15E172F0-C203-4191-910C-97D5D00D97AA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core => C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-03] (Google Inc.)

Task: {19DD82D1-3259-4E43-878B-25AF9D0DF632} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-06-03] (TOSHIBA CORPORATION)

Task: {20B677DB-1A9D-43BC-9F81-375098987377} - System32\Tasks\{6E444F10-3212-45B4-8FB9-51352589F805} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe

Task: {23A95DAA-AA68-4AFE-90CA-A9919EF02C38} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core => C:\Users\sandy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)

Task: {414B773E-17B3-4568-BDF0-1CDE12FA4DC8} - System32\Tasks\{085C1A24-7BDF-4249-964E-5311A1988616} => E:\Support\AutoRun\AutoRun.exe

Task: {419C01D0-8721-4BFC-A3C6-22FA6103C99A} - System32\Tasks\{8DBF4F57-4509-42F1-868F-09BC8C3B7CC0} => D:\Vampire - The Masquerade Bloodlines\vampire.exe

Task: {4BE7C574-8626-46EB-83BC-31373DD16CD1} - System32\Tasks\{FE765164-514A-4DDE-89B2-CE92A2FFED6B} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe

Task: {50390407-81D3-4AE7-A7F1-E546FC3C037E} - System32\Tasks\{A053FF43-97E0-45CB-A291-BA48E29D7870} => Firefox.exe hxxp://ui.skype.com/ui/0/6.21.0.104/de/abandoninstall?page=tsProgressBar

Task: {569B08A6-E42F-4583-B75F-EC2D7180BC3B} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)

Task: {77AEA1FD-14A8-4AD5-BCF6-EB869F742516} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA => C:\Users\sandy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)

Task: {7952071B-D277-4E12-8A50-F106B91F5D9B} - System32\Tasks\Tomb Raider - Underworld => C:\Program Files (x86)\Eidos\Tomb Raider - Underworld\TRU.exe

Task: {7B10BED2-E3A5-48D8-A8EA-4ECF989CE4E9} - System32\Tasks\{F54398D5-7EBA-4516-A009-97E3BB0F60B5} => C:\Program Files (x86)\Activision\Vampire - Bloodlines\vampire.exe

Task: {7FA4C4DD-C221-4B36-A83F-E7A4DF74335E} - System32\Tasks\{45C8487D-074A-42F5-8A1B-5B9882F60799} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.1.0.129.272&amp;LastError=12002

Task: {9077F692-060B-42D0-BAAC-EA0526F726B2} - System32\Tasks\{151C426D-286B-3F19-3471-A60076084118} => C:\Users\sandy\AppData\Roaming\adobe\acrobat\9.0\collab\rvystmw.exe

Task: {9A65F8B5-DDAA-4615-9334-B99CF0C990D0} - System32\Tasks\{912ED8E0-2B36-4EAE-958C-0D89A02DC18F} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2.exe

Task: {9C7F1901-57CD-47C0-807C-8D3BB1F5802A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA => C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-03] (Google Inc.)

Task: {A51265C1-4C7B-4F2D-9980-DC8627211BD6} - System32\Tasks\{5A86E3CE-0782-411A-87AB-A4A4AD3D4C06} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe

Task: {A8A210BA-B958-47FF-BD8F-C07CA32658E1} - System32\Tasks\{16E8E79F-514A-4585-BB09-4787CFCC0BBD} => Firefox.exe hxxp://ui.skype.com/ui/0/6.18.60.106/de/abandoninstall?page=tsMain

Task: {F253352F-30D6-4174-A96B-8792580909A1} - System32\Tasks\{260E29CD-D312-414C-8752-8C24BF06633F} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe

Task: {F7F548A4-8125-401E-B8FA-6142C4EB4A47} - System32\Tasks\{CB67930E-5AF4-472C-B754-B80A828A6F13} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core.job => C:\Users\sandy\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA.job => C:\Users\sandy\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core.job => C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA.job => C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2006-09-14 07:56 - 2006-09-14 07:56 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

2012-12-26 13:53 - 2010-04-05 20:55 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

2010-04-07 15:07 - 2010-04-07 15:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll

2009-11-03 12:26 - 2009-11-03 12:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll

2010-03-03 13:15 - 2010-03-03 13:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll

2010-03-03 13:15 - 2010-03-03 13:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll

2010-08-31 17:31 - 2010-08-31 14:21 - 00017272 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll

2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll

2009-07-25 15:38 - 2009-07-25 15:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll

2010-02-05 16:44 - 2010-02-05 16:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

2009-10-13 09:00 - 2009-10-13 09:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2010-07-27 20:25 - 2010-07-27 20:25 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2014-11-07 13:48 - 2009-08-05 13:24 - 00472592 _____ () C:\Users\sandy\AppData\Local\Temp\7zO035E8B5D\Core Temp.exe

2009-09-11 18:10 - 2009-09-11 18:10 - 00266752 _____ () C:\Windows\system32\WinTab32.DLL

2009-09-11 18:10 - 2009-09-11 18:10 - 00200704 _____ () C:\Windows\SysWOW64\WinTab32.DLL

2014-11-06 08:32 - 2014-07-24 10:50 - 00049744 _____ () C:\Users\sandy\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupfolder: C:^Users^sandy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"

MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

MSCONFIG\startupreg: Facebook Update => "C:\Users\sandy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

MSCONFIG\startupreg: Google Update => "C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe" /c

MSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent

MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe

MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

MSCONFIG\startupreg: WidgetAlarm => C:\Program Files (x86)\e-load\Tiefpreisalarm\Tiefpreisalarm.exe
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-2990021915-2304927789-3911982604-500 - Administrator - Disabled)

Gast (S-1-5-21-2990021915-2304927789-3911982604-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2990021915-2304927789-3911982604-1002 - Limited - Enabled)

sandy (S-1-5-21-2990021915-2304927789-3911982604-1000 - Administrator - Enabled) => C:\Users\sandy
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (11/07/2014 01:37:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Composition.CompositionException

Stack:

   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()

   at System.ComponentModel.Composition.Primitives.Export.get_Value()

   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)

   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/07/2014 01:36:47 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Composition.CompositionException

Stack:

   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()

   at System.ComponentModel.Composition.Primitives.Export.get_Value()

   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)

   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/07/2014 01:35:18 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Composition.CompositionException

Stack:

   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()

   at System.ComponentModel.Composition.Primitives.Export.get_Value()

   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)

   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/07/2014 11:39:02 AM) (Source: Google Update) (EventID: 20) (User: sandy-toshi)

Description: Network Request Error.

Error: 0x80072ee7. Http status code: 0.

Url=https://www.facebook.com/omaha/update.php

Trying config: source=FireFox, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=auto, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=FireFox, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=auto, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned
 

Error: (11/07/2014 09:25:42 AM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Composition.CompositionException

Stack:

   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()

   at System.ComponentModel.Composition.Primitives.Export.get_Value()

   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)

   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/07/2014 09:25:31 AM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Composition.CompositionException

Stack:

   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()

   at System.ComponentModel.Composition.Primitives.Export.get_Value()

   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)

   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/07/2014 09:25:00 AM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Composition.CompositionException

Stack:

   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()

   at System.ComponentModel.Composition.Primitives.Export.get_Value()

   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)

   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/07/2014 08:54:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Composition.CompositionException

Stack:

   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()

   at System.ComponentModel.Composition.Primitives.Export.get_Value()

   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)

   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/07/2014 08:53:46 AM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Composition.CompositionException

Stack:

   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()

   at System.ComponentModel.Composition.Primitives.Export.get_Value()

   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)

   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/07/2014 08:49:05 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.18.30000, Zeitstempel: 0x53d0d678

Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86

Ausnahmecode: 0xe0434352

Fehleroffset: 0x0000c42d

ID des fehlerhaften Prozesses: 0x8f8

Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0

Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1

Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2

Berichtskennung: Avira.OE.ServiceHost.exe3
 
 

System errors:

=============

Error: (11/07/2014 01:42:28 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
 

Error: (11/07/2014 01:37:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
 

Error: (11/07/2014 01:36:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (11/07/2014 01:36:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (11/07/2014 09:25:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
 

Error: (11/07/2014 09:25:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (11/07/2014 09:25:21 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 

Error: (11/07/2014 09:25:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (11/07/2014 08:54:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
 

Error: (11/07/2014 08:54:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
 
 

Microsoft Office Sessions:

=========================

Error: (11/07/2014 01:37:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Composition.CompositionException

Stack:

   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()

   at System.ComponentModel.Composition.Primitives.Export.get_Value()

   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)

   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/07/2014 01:36:47 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Composition.CompositionException

Stack:

   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()

   at System.ComponentModel.Composition.Primitives.Export.get_Value()

   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)

   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/07/2014 01:35:18 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Composition.CompositionException

Stack:

   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()

   at System.ComponentModel.Composition.Primitives.Export.get_Value()

   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)

   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/07/2014 11:39:02 AM) (Source: Google Update) (EventID: 20) (User: sandy-toshi)

Description: Network Request Error.

Error: 0x80072ee7. Http status code: 0.

Url=https://www.facebook.com/omaha/update.php

Trying config: source=FireFox, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=auto, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=FireFox, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=auto, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned
 

Error: (11/07/2014 09:25:42 AM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Composition.CompositionException

Stack:

   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()

   at System.ComponentModel.Composition.Primitives.Export.get_Value()

   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)

   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/07/2014 09:25:31 AM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Composition.CompositionException

Stack:

   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()

   at System.ComponentModel.Composition.Primitives.Export.get_Value()

   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)

   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/07/2014 09:25:00 AM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Composition.CompositionException

Stack:

   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()

   at System.ComponentModel.Composition.Primitives.Export.get_Value()

   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)

   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/07/2014 08:54:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Composition.CompositionException

Stack:

   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()

   at System.ComponentModel.Composition.Primitives.Export.get_Value()

   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)

   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/07/2014 08:53:46 AM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Avira.OE.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Composition.CompositionException

Stack:

   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()

   at System.ComponentModel.Composition.Primitives.Export.get_Value()

   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)

   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)

   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 

Error: (11/07/2014 08:49:05 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Avira.OE.ServiceHost.exe1.1.18.3000053d0d678KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d8f801cffa5f342d684bC:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\Windows\syswow64\KERNELBASE.dll8b9fdd7b-6652-11e4-b9a8-88ae1df1cb40
 
 

CodeIntegrity Errors:

===================================

  Date: 2014-11-05 16:13:41.087

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-11-05 16:13:39.948

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Processor: AMD Athlon(tm) II P340 Dual-Core Processor

Percentage of memory in use: 41%

Total physical RAM: 3835.69 MB

Available physical RAM: 2246.13 MB

Total Pagefile: 7669.56 MB

Available Pagefile: 5777.39 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB
 

==================== Drives ================================
 

Drive c: (WINDOWS) (Fixed) (Total:149.04 GB) (Free:71.51 GB) NTFS

Drive d: (Data) (Fixed) (Total:148.65 GB) (Free:94.54 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 40FECE23)

Partition 1: (Active) - (Size=400 MB) - (Type=27)

Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=148.7 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================