| |
| |||||||
Log-Analyse und Auswertung: hatte keine Internetverbundung und habe mit FRST was versucht und weiß nicht weiterWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
02.12.2014, 12:11
| #1 |
| |  hatte keine Internetverbundung und habe mit FRST was versucht und weiß nicht weiterFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2014
Ran by Tanja (ATTENTION: The logged in user is not administrator) on TANJA-PC on 02-12-2014 11:46:13
Running from C:\Users\Tanja\Downloads
Loaded Profiles: Tanja & Administrator (Available profiles: Tanja & alinafiona & Administrator & Gast)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TerraTec Electronic GmbH) C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Tanja\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [148888 2009-06-23] (Sun Microsystems, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [cfFncEnabler.exe] => cfFncEnabler.exe
HKLM\...\Run: [Toshiba TEMPO] => C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2008-04-24] (Toshiba Europe GmbH)
HKLM\...\Run: [topi] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1836544 2008-05-27] (Google)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-04-29] (Chicony)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [574864 2008-01-11] (Toshiba)
HKLM\...\Run: [NeroCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-08-06] (Ahead Software Gmbh)
HKLM\...\Run: [TerraTec Remote Control] => C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe [1097728 2007-11-23] (TerraTec Electronic GmbH)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [385024 2008-01-31] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ApnUpdater] => "C:\Program Files\Ask.com\Updater\Updater.exe"
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\S-1-5-21-345706500-609057639-1495464187-1005\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe /i û$oÆ Æa°aèa(
aP
HKU\S-1-5-21-345706500-609057639-1495464187-1005\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-05-28] (Google Inc.)
HKU\S-1-5-21-345706500-609057639-1495464187-1005\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-345706500-609057639-1495464187-1005\...\Run: [iMesh] => "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" --lightmode
HKU\S-1-5-21-345706500-609057639-1495464187-1005\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-345706500-609057639-1495464187-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-345706500-609057639-1495464187-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: 楐4 c:\progra~1\google\google~3\goec62~1.dll => c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [145408 2008-05-27] (Google)
AppInit_DLLs: c:\progra~1\optimi~1\optpro~1.dll => c:\progra~1\optimi~1\optpro~1.dll File Not Found
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\alinafiona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\hjk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tanja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-345706500-609057639-1495464187-1005] => http=127.0.0.1:13828
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFkVzMqCcxhlHKbI0wfcSFsxayc0RIW8Y7zFg-0sOD_Tp6ICQuH-n1YauH92qdMoUNkW-Osuw,,
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}
HKU\S-1-5-21-345706500-609057639-1495464187-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsOPayYj-qDvqCuld3AfrrDglRr-WH-cB3tIltrRP7OwbVmXg82dQ_8WVuoPboO6FrkXHRKEVk3f2uIjo1xZpvrRet5SbRCeBwbp08xU1nlmgCqdMZ8jy10I9Owj6mk7fWHF0d2p81A7Fqg,,&q={searchTerms}
HKU\S-1-5-21-345706500-609057639-1495464187-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-0&v=u14099-491&t=4
HKU\S-1-5-21-345706500-609057639-1495464187-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
HKU\S-1-5-21-345706500-609057639-1495464187-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x97462C3FC8E2CE01
HKU\S-1-5-21-345706500-609057639-1495464187-1005\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.de/
HKU\S-1-5-21-345706500-609057639-1495464187-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsOPayYj-qDvqCuld3AfrrDglRr-WH-cB3tIltrRP7OwbVmXg82dQ_8WVuoPboO6FrkXHRKEVk3f2uIjo1xZpvrRet5SbRCeBwbp08xU1nlmgCqdMZ8jy10I9Owj6mk7fWHF0d2p81A7Fqg,,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtBtCyCtAyC0EyB0AtAyC0CyD0FtDtN0D0Tzu0SyBzztAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=470061690&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393007722&from=tugs&uid=HitachiXHTS543225L9SA00_080917FB0F00LLH3AZ1AX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393007722&from=tugs&uid=HitachiXHTS543225L9SA00_080917FB0F00LLH3AZ1AX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393007722&from=tugs&uid=HitachiXHTS543225L9SA00_080917FB0F00LLH3AZ1AX&q={searchTerms}
URLSearchHook: HKLM - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
URLSearchHook: [S-1-5-21-345706500-609057639-1495464187-1000] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-345706500-609057639-1495464187-1003.bak] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-345706500-609057639-1495464187-500] ATTENTION ==> Default URLSearchHook is missing.
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1393007722&from=tugs&uid=HitachiXHTS543225L9SA00_080917FB0F00LLH3AZ1AX
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}
SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=1&v=u14099-491&apn_uid=3953548964144642&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-345706500-609057639-1495464187-1005 -> DefaultScope {594DB163-AA83-40BD-A929-3D529CABBF98} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;&rlz=1I7TSEA_deDE300
SearchScopes: HKU\S-1-5-21-345706500-609057639-1495464187-1005 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsOPayYj-qDvqCuld3AfrrDglRr-WH-cB3tIltrRP7OwbVmXg82dQ_8WVuoPboO6FrkXHRKEVk3f2uIjo1xZpvrRet5SbRCeBwbp08xU1nlmgCqdMZ8jy10I9Owj6mk7fWHF0d2p81A7Fqg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-345706500-609057639-1495464187-1005 -> {594DB163-AA83-40BD-A929-3D529CABBF98} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;&rlz=1I7TSEA_deDE300
SearchScopes: HKU\S-1-5-21-345706500-609057639-1495464187-1005 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL =
BHO: IEOptimizer -> {10AD2C61-0898-4348-8600-14A342F22AC3} -> C:\Program Files\SavingsBull\IEOptimizer.dll No File
BHO: Plus-HD-2.2 -> {11111111-1111-1111-1111-110311301136} -> C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-bho.dll No File
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: SmartbarInternetExplorerBHOEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: No Name -> {ba14329e-9550-4989-b3f2-9732e92d17cc} -> No File
BHO: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll No File
BHO: Burn4Free Toolbar Helper -> {D187A56B-A33F-4CBE-9D77-459FC0BAE012} -> C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
BHO: Avira SearchFree Toolbar plus Web Protection -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - &TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\THCDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM - Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-345706500-609057639-1495464187-1005 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
Toolbar: HKU\S-1-5-21-345706500-609057639-1495464187-1005 -> Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
Toolbar: HKU\S-1-5-21-345706500-609057639-1495464187-1005 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-345706500-609057639-1495464187-1005 -> Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 09 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 10 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 11 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 12 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 13 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 14 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 15 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 16 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 27 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 40 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=13 -> C:\Program Files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 -> C:\Program Files\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll (PriceMeter)
FF Plugin: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 -> C:\Program Files\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll (PriceMeter)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-345706500-609057639-1495464187-1005: iMeshPlugin -> C:\Program Files\iMesh Applications\iMesh\npiMeshPlugin.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-28]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/intl/de/"
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (registryAccess) - C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.24.0_0\background/registryAccess.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U13) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U13) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.4.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Search) - C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaafeopjhkcolncjbedbhofpocmdbn [2014-10-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-02]
CHR Extension: (Google Wallet) - C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Quick start) - C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-11-02]
CHR HKLM\...\Chrome\Extension: [lbbbdmbjkgojacipgefbifkiebpcdjhn] - C:\Program Files\Movie2KDownloader.com\m2kDownloader10.crx []
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-02-21]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [805112 2014-10-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-17] (Avira Operations GmbH & Co. KG)
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) <==== ATTENTION
S2 ca82e1a5; c:\Program Files\Optimizer Pro\OptProCrashSvc.dll [186496 2014-02-21] ()
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-16] (TOSHIBA CORPORATION) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1836544 2008-05-27] (Google) [File not signed]
S2 gupdate1c9dfb222c8cec0; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 LPTSystemUpdater; C:\Program Files\LPT\srpts.exe [32288 2014-02-06] () <==== ATTENTION
R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S2 pricemeterliveUpdate; C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504 2014-06-06] (PriceMeter)
S3 pricemeterliveUpdatem; C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504 2014-06-06] (PriceMeter)
R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba) [File not signed]
R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH)
R2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361728 2010-09-14] (TuneUp Software GmbH)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [493568 2014-02-21] (Cherished Technololgy LIMITED) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
S3 mod7700; C:\Windows\System32\DRIVERS\dvb7700all.sys [449408 2007-11-16] (DiBcom)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [141408 2008-02-27] (Realtek Semiconductor Corp.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [290304 2007-12-26] (Realtek Semiconductor Corporation )
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-05-19] (Avira GmbH)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 cpuz134; \??\C:\Users\TEMPTA~1.003\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 netfilter; system32\drivers\netfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
========================== Drivers MD5 =======================
C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7
C:\Windows\system32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303
C:\Windows\system32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE
C:\Windows\system32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7
C:\Windows\system32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5
C:\Windows\system32\drivers\afd.sys F5272A105F59A7B3B345D9D6D87DA7AD
C:\Windows\System32\DRIVERS\AGRSM.sys CE91B158FA490CF4C4D487A4130F4660
C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91
C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578
C:\Windows\system32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C
C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48
C:\Windows\system32\drivers\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D
C:\Windows\system32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522
C:\Windows\system32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DRIVERS\atikmdag.sys A2B6478963451A99C28DA8133B648142
C:\Windows\System32\DRIVERS\AtiPcie.sys 4AA1EB65481C392955939E735D27118B
C:\Windows\System32\DRIVERS\avgntflt.sys F581D2F3E30C1CA7206D660FB7689F98
C:\Windows\System32\DRIVERS\avipbb.sys A2EE407D6D3757A2FFD5095DD16AE1F2
C:\Windows\System32\DRIVERS\avkmgr.sys D8C712305F73CD34D1B344810E522728
C:\Windows\system32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314
C:\Windows\system32\drivers\circlass.sys E5D4133F37219DBCFE102BC61072589D
C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\system32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629
C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871
C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410
C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C
C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 5C2C209CDEFBC51D83D66E8A53B2BE89
C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C
C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371
C:\Windows\System32\Drivers\ElbyCDIO.sys D71233D7CCC2E64F8715A20428D5A33B
C:\Windows\system32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6
C:\Windows\system32\drivers\errdev.sys 3DB974F3935483555D7148663F726C61
C:\Windows\system32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE
C:\Windows\system32\Drivers\fastfat.sys 4E404505B3F62ECFBDBCBBCF0A72DBC5
C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD
C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05
C:\Windows\system32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5
C:\Windows\System32\DRIVERS\FwLnk.sys CBC22823628544735625B280665E434E
C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC
C:\Windows\system32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6
C:\Windows\System32\DRIVERS\VSTAZL3.SYS 46D67209550973257601A533E2AC5785
C:\Windows\System32\DRIVERS\VSTDPV3.SYS ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE
C:\Windows\system32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\system32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys B9CBD3DEA7CA02868621173BF7A2AF9F
C:\Windows\system32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7
C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365
C:\Windows\system32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A
C:\Windows\system32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\system32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879
C:\Windows\system32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99
C:\Windows\System32\DRIVERS\dvb7700all.sys CE94EB9BA2D1CC088203C2AF12B120B6
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C
C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03
C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C
C:\Windows\System32\drivers\msahci.sys 5457DCFA7C0DA43522F4D9D4049C1472
C:\Windows\system32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7
C:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\system32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\system32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\system32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101
C:\Windows\system32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177
C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\System32\drivers\pciide.sys 1636D43F10416AEB483BC6001097B26C
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\System32\DRIVERS\processr.sys 2027293619DD0F047C584CF2E7DF4FFD
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\System32\Drivers\PxHelp20.sys 49452BFCEC22F36A7A9B9C2181BC3042
C:\Windows\system32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys FBC0BACD9C3D7F6956853F64A66E252D
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\system32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\System32\drivers\RtHDMIV.sys C853AE16CCF5033C0CBA0855390F5C7F
C:\Windows\System32\DRIVERS\Rtlh86.sys 7157E70A90CCE49DEB8885D23A073A39
C:\Windows\System32\DRIVERS\RTL8187B.sys B71D269B9AB5417963E986126C12B9FC
C:\Windows\System32\drivers\RTSTOR.SYS 9FF7D9CF3A5F296613588B0E8DB83AFE
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86
C:\Windows\system32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5
C:\Windows\system32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3
C:\Windows\system32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2
C:\Windows\system32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94
C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04
C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\DRIVERS\ssmdrv.sys A36EE93698802CD899F98BFD553D8185
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 55F6E55CC2430CA8713387106FA79817
C:\Windows\System32\drivers\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966
C:\Windows\System32\DRIVERS\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966
C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7
C:\Windows\System32\DRIVERS\tdcmdpst.sys 1825BCEB47BF41C5A9F0E44DE82FC27A
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
C:\Windows\System32\DRIVERS\tos_sps32.sys 1EA5F27C29405BF49799FECA77186DA9
C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\System32\DRIVERS\TVALZ_O.SYS 792A8B80F8188ABA4B2BE271583F3E46
C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27
C:\Windows\system32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\DRIVERS\usbccgp.sys AAB0B5F72D2D726FBFDC895A2902DE1D
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 153E8515CB86F8BB5D1A8B478EBF4BB2
C:\Windows\System32\DRIVERS\usbhub.sys 2AE6BCEBD85D31317E433733DAF25888
C:\Windows\System32\DRIVERS\usbohci.sys D457EBD0C3A8B3A3A144355B5EE91CBC
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys 1D714B8497CD68307806D5D3F60A5169
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys 814D653EFC4D48BE3B04A307ECEFF56F
C:\Windows\System32\Drivers\usbvideo.sys 73FF24E21B690625A58109637DDA0DF7
C:\Windows\System32\Drivers\UVCFTR_S.SYS 8C5094A8AB24DE7496C7C19942F2DF04
C:\Windows\System32\DRIVERS\VClone.sys FCE98C43B5C5DB8E0DA8EA0E2B45E044
C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC
C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE
C:\Windows\system32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A
C:\Windows\system32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\VSTCNXT3.SYS ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E
C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-02 11:46 - 2014-12-02 11:47 - 00050143 _____ () C:\Users\Tanja\Downloads\FRST.txt
2014-12-02 11:45 - 2014-12-02 11:46 - 00000000 ____D () C:\FRST
2014-12-02 11:44 - 2014-12-02 11:44 - 01109504 _____ (Farbar) C:\Users\Tanja\Downloads\FRST.exe
2014-12-02 11:44 - 2014-12-02 11:44 - 01109504 _____ (Farbar) C:\Users\Tanja\Downloads\FRST (1).exe
2014-11-19 22:47 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-13 22:42 - 2014-10-10 02:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 22:42 - 2014-10-10 02:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 22:42 - 2014-10-10 02:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 22:42 - 2014-10-10 00:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 22:42 - 2014-08-27 01:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 22:42 - 2014-08-27 01:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 22:41 - 2014-10-24 02:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 22:41 - 2014-09-19 01:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 22:40 - 2014-08-12 03:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 22:39 - 2014-10-18 02:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 22:39 - 2014-10-03 02:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 22:39 - 2014-10-03 02:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 22:39 - 2014-10-03 02:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 22:39 - 2014-10-03 02:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 22:30 - 2014-10-13 00:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 19:16 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 19:16 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 19:16 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 19:16 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 19:16 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 19:16 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 19:16 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-13 19:16 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 19:16 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 19:16 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-13 19:16 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 19:16 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 19:16 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 19:16 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 19:16 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 19:16 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 19:16 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 19:16 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-13 19:16 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-13 19:16 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-13 19:16 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-05 22:00 - 2014-11-05 22:20 - 00000000 ___RD () C:\Users\Tanja\Desktop\Purble Place
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-02 11:45 - 2009-01-20 16:41 - 00000414 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{F9C5E5A8-8DA0-4ABF-B047-C6ECD1546796}.job
2014-12-02 11:45 - 2009-01-17 15:02 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{20E738B6-A028-4480-9445-3CDFBE163EB6}.job
2014-12-02 11:42 - 2013-08-31 22:05 - 00000000 ___RD () C:\Users\Tanja\Dropbox
2014-12-02 11:42 - 2013-08-31 21:34 - 00000000 ____D () C:\Users\Tanja\AppData\Roaming\Dropbox
2014-12-02 11:42 - 2008-10-31 12:29 - 02056505 _____ () C:\Windows\WindowsUpdate.log
2014-12-02 11:38 - 2013-08-31 22:05 - 00000961 _____ () C:\Users\Tanja\Desktop\Dropbox.lnk
2014-12-02 11:38 - 2013-08-31 21:36 - 00000000 ____D () C:\Users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-02 11:26 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-02 11:26 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-02 11:21 - 2009-05-28 17:33 - 00001022 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-12-02 11:12 - 2014-02-21 19:35 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-12-02 11:08 - 2014-10-23 19:04 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfeeebd7834758.job
2014-12-02 11:08 - 2013-05-25 22:00 - 00001202 _____ () C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job
2014-12-02 11:08 - 2013-05-25 22:00 - 00001198 _____ () C:\Windows\Tasks\Plus-HD-2.2-updater.job
2014-12-02 11:08 - 2013-05-25 22:00 - 00001102 _____ () C:\Windows\Tasks\Plus-HD-2.2-enabler.job
2014-12-02 11:08 - 2013-05-25 21:59 - 00001896 _____ () C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job
2014-12-02 11:08 - 2013-05-25 21:59 - 00001822 _____ () C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
2014-12-02 11:08 - 2010-03-25 16:30 - 00000496 _____ () C:\Windows\Tasks\1-Klick-Wartung.job
2014-12-02 11:05 - 2009-06-30 19:47 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-02 11:05 - 2008-01-21 03:47 - 00315482 _____ () C:\Windows\PFRO.log
2014-12-02 11:05 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-24 14:59 - 2013-06-08 20:35 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-11-24 14:59 - 2013-06-08 20:32 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-24 14:33 - 2014-02-22 20:52 - 00000000 ____D () C:\Program Files\HiDefMedia
2014-11-24 14:32 - 2014-02-21 19:36 - 00000000 ____D () C:\ProgramData\IePluginService
2014-11-24 14:25 - 2008-05-27 12:35 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-24 14:24 - 2014-02-21 20:24 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\systweak
2014-11-24 14:04 - 2009-10-02 18:42 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-20 21:19 - 2006-11-02 14:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-16 17:27 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-11-16 17:16 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-16 17:08 - 2006-11-02 13:47 - 00299744 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-16 17:05 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-11-13 22:37 - 2013-08-14 22:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 22:31 - 2006-11-02 11:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-13 19:54 - 2009-03-26 19:55 - 00000396 _____ () C:\Windows\Tasks\EasyShare Registration Task.job
2014-11-05 22:56 - 2014-05-02 21:07 - 00000000 ____D () C:\Users\Tanja\Desktop\TANJA
2014-11-05 22:44 - 2014-10-11 19:05 - 00000000 ____D () C:\Users\Tanja\Desktop\FOTOS 2014
2014-11-05 22:36 - 2013-05-18 16:05 - 00024576 _____ () C:\Users\Tanja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-05 22:19 - 2013-05-18 23:27 - 00185417 ____H () C:\Users\Tanja\Desktop\mxfilerelatedcache.mxc2
2014-11-05 22:16 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-05 22:15 - 2013-05-18 23:37 - 00000000 ____D () C:\Users\Tanja\AppData\Roaming\vlc
2014-11-05 18:11 - 2013-12-13 20:00 - 00000680 _____ () C:\Users\Tanja\AppData\Local\d3d9caps.dat
2014-11-02 18:44 - 2008-01-21 08:16 - 01566708 _____ () C:\Windows\system32\PerfStringBackup.INI
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\6_Offer_10.exe
C:\Users\Administrator\AppData\Local\Temp\6_Offer_9.exe
C:\Users\Administrator\AppData\Local\Temp\AskSLib.dll
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\BackupSetup.exe
C:\Users\Administrator\AppData\Local\Temp\f.exe
C:\Users\Administrator\AppData\Local\Temp\gkc.exe
C:\Users\Administrator\AppData\Local\Temp\uninst1.exe
C:\Users\Administrator\AppData\Local\Temp\WebHelper_InstallDownload_1145.exe
C:\Users\Elvira\AppData\Local\Temp\FORMAT.EXE
C:\Users\Elvira\AppData\Local\Temp\jre-6u7-windows-i586-p-iftw_bdb28397.exe
C:\Users\Elvira\AppData\Local\Temp\LOCK.EXE
C:\Users\Elvira\AppData\Local\Temp\udll.dll
C:\Users\Elvira\AppData\Local\Temp\ufddll.dll
C:\Users\Tanja\AppData\Local\Temp\avgnt.exe
C:\Users\Tanja\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdhmshq.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
==================== BCD ================================
Der Speicher fr die Startkonfigurationsdaten konnte nicht ge”ffnet werden.
Zugriff verweigert
==================== End Of Log ============================
FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-12-2014
Ran by Tanja at 2014-12-02 11:48:07
Running from C:\Users\Tanja\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.4) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Antivirus Pro (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.24.0 - Ask.com) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-345706500-609057639-1495464187-1005\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.5.42066 - Ask.com) <==== ATTENTION
awesomehp uninstaller (HKLM\...\awesomehp uninstaller) (Version: - awesomehp) <==== ATTENTION
Burn4Free CD and DVD (HKLM\...\Burn4Free) (Version: - )
Burn4Free Toolbar (HKLM\...\Burn4Free Toolbar) (Version: 3.3.0.3 - )
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.193.0508L - Chicony Electronics Co.,Ltd.)
Catalyst Control Center - Branding (HKLM\...\{69E5255D-9D43-4CFF-8984-843ABD7753B7}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0422.2139.36895 - Ihr Firmenname) Hidden
CCScore (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
Delta toolbar (HKLM\...\delta) (Version: 1.8.21.5 - Delta) <==== ATTENTION
DMUninstaller (HKLM\...\DMUninstaller) (Version: - ) <==== ATTENTION
Dropbox (HKU\S-1-5-21-345706500-609057639-1495464187-1005\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
Epson Easy Photo Print 2 (HKLM\...\{310C1558-F6B5-4889-98B0-7471966BA7F2}) (Version: 2.2.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX125 Series Handbuch (HKLM\...\EPSON SX125 Series Manual) (Version: - )
EPSON SX125 Series Printer Uninstall (HKLM\...\EPSON SX125 Series) (Version: - SEIKO EPSON Corporation)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
ESSBrwr (Version: 7.00.0000.0003 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESScore (Version: 7.00.0000.0008 - Ihr Firmenname) Hidden
ESSgui (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSini (Version: 7.00.0000.0003 - Ihr Firmenname) Hidden
ESSPCD (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSPDock (Version: 6.03.0001.0004 - Ihr Firmenname) Hidden
ESSSONIC (Version: 6.4.0000.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
fflink (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) (HKLM\...\Firebird SQL Server D) (Version: 2.0.0.1 - MAGIX AG)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.1591.6512 - Google Inc.)
Java(TM) 6 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Java(TM) 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
kgcbaby (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcbase (Version: 5.03.0000.0004 - EASTMAN KODAK Company) Hidden
kgchday (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchlwn (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcinvt (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgckids (Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcmove (Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcvday (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
Kodak EasyShare Software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
LPT System Updater Service (Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
MAGIX Digital Foto Maker SE 4.1.0.835 (D) (HKLM\...\MAGIX Digital Foto Maker SE D) (Version: 4.1.0.835 - MAGIX AG)
MAGIX Foto Suite 1.12.0.89 (D) (HKLM\...\MAGIX Foto Suite D) (Version: 1.12.0.89 - MAGIX AG)
MAGIX Online Druck Service 2.3.2.0 (D) (HKLM\...\MAGIX Online Druck Service D) (Version: 2.3.2.0 - MAGIX AG)
MediaPlayerEnhance (HKLM\...\MediaPlayerEnhance) (Version: 1.34.2.13 - Feven) <==== ATTENTION
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
myphotobook 3.5 (HKLM\...\myphotobook) (Version: 3.5 - myphotobook)
Nero - Burning Rom (HKLM\...\{A4D7B764-4140-11D4-88EB-0050DA3579C0}) (Version: 5.5.3.5 - ahead software gmbh)
netbrdg (Version: 7.00.0000.0003 - EASTMAN KODAK Company) Hidden
NewPlayer (HKLM\...\NewPlayer) (Version: v2.1.1.0 - TUGUU SL) <==== ATTENTION
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.0.2 - Nikon)
OfotoXMI (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Optimizer Pro v3.2 (HKLM\...\Optimizer Pro_is1) (Version: - ) <==== ATTENTION
PC Speed Maximizer v3.2 (HKLM\...\PC Speed Maximizer_is1) (Version: 3.2 - Smart PC Solutions)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.1 - Google, Inc.)
PIF DESIGNER (HKLM\...\{B90450DF-E781-46FD-B1F1-0C86DA40E443}) (Version: - )
QuickTime (HKLM\...\{BFD96B89-B769-4CD6-B11E-E79FFD46F067}) (Version: 7.4.1.14 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
REALTEK RTL8187B Wireless LAN Driver (HKLM\...\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}) (Version: Package:1.00.0026 Driver:6.1116.1226.2007 - )
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
RegClean Pro (HKLM\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
SavingsBull (Version: 1.0.0.0 - SavingsBull) Hidden <==== ATTENTION
SFR (Version: 7.00.0000.0004 - Eastman Kodak Company) Hidden
SHASTA (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
Skins (Version: 2008.0422.2139.36895 - ATI) Hidden
SKINXSDK (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
Snap.Do (HKLM\...\{FB385922-2E32-4462-A7DC-27159614A660}) (Version: 10.213.1.15234 - ReSoft Ltd.) <==== ATTENTION
staticcr (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
SupTab (HKLM\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.18051 - TeamViewer)
TerraTec Home Cinema (HKLM\...\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}) (Version: 5.43 - )
tooltips (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.04 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM\...\{1C971EE3-B4C4-4367-9676-57549919C6CE}) (Version: 7.40 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.13 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.30.12 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 2.0.2.32 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - )
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 1.00.0012 - TOSHIBA)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )
Toshiba TEMPRO (HKLM\...\{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}) (Version: 1.1 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.19 - TOSHIBA Corporation)
TRDCReminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0015 - TOSHIBA)
TRDCReminder (Version: 1.00.0015 - TOSHIBA) Hidden
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.1 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden
TuneUp Utilities 2008 (HKLM\...\{5888428E-699C-4E71-BF71-94EE06B497DA}) (Version: 7.0.7992 - TuneUp Software)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VPRINTOL (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.1 - 1&1 Mail & Media GmbH)
Windows Media Encoder 9-Reihe (HKLM\...\Windows Media Encoder 9) (Version: - )
WIRELESS (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\1-Klick-Wartung.job => ?
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\EasyShare Registration Task.job => ?
Task: C:\Windows\Tasks\Feven Pro-chromeinstaller.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\Feven Pro-codedownloader.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\Feven Pro-enabler.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\Feven Pro-firefoxinstaller.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\Feven Pro-updater.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\Google Software Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf923c8b69b6dd.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfeeebd7834758.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\Installer for avg_safeguard.job => ?
Task: C:\Windows\Tasks\MediaPlayerEnhance-chromeinstaller.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\MediaPlayerEnhance-enabler.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\MediaPlayerEnhance-updater.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job => ?
Task: C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job => ?
Task: C:\Windows\Tasks\Plus-HD-2.2-enabler.job => ?
Task: C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job => ?
Task: C:\Windows\Tasks\Plus-HD-2.2-updater.job => ?
Task: C:\Windows\Tasks\pricemeterdownloader.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro.job => C:\Program Files\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\User_Feed_Synchronization-{20E738B6-A028-4480-9445-3CDFBE163EB6}.job => ?
Task: C:\Windows\Tasks\User_Feed_Synchronization-{F9C5E5A8-8DA0-4ABF-B047-C6ECD1546796}.job => ?
==================== Loaded Modules (whitelisted) =============
2008-05-27 12:14 - 2008-04-22 21:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2008-03-06 10:14 - 2008-03-06 10:14 - 05121912 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2007-12-14 21:40 - 2007-12-14 21:40 - 00090112 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2008-05-27 12:51 - 2006-10-10 10:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2007-12-25 12:03 - 2007-12-25 12:03 - 00015184 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 11:57 - 2006-10-07 11:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 17:55 - 2006-12-01 17:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2008-11-21 17:44 - 2007-11-07 10:20 - 00040960 _____ () C:\Program Files\Common Files\TerraTec\Remote\BDADLL.dll
2008-10-31 12:30 - 2008-05-08 10:11 - 04787712 _____ () C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-10-28 21:40 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 21:40 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-28 21:40 - 2014-10-22 05:05 - 14902600 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
2014-12-02 11:38 - 2014-12-02 11:38 - 00043008 _____ () c:\users\tanja\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdhmshq.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Tanja\AppData\Roaming\Dropbox\bin\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-345706500-609057639-1495464187-500 - Administrator - Enabled) => C:\Users\Administrator
alinafiona (S-1-5-21-345706500-609057639-1495464187-1006 - Limited - Enabled) => C:\Users\alinafiona
Gast (S-1-5-21-345706500-609057639-1495464187-501 - Limited - Disabled) => C:\Users\Gast
Tanja (S-1-5-21-345706500-609057639-1495464187-1005 - Limited - Enabled) => C:\Users\Tanja
==================== Faulty Device Manager Devices =============
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-6zu4-Adapter #2
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-6zu4-Adapter #3
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-6zu4-Adapter #4
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-6zu4-Adapter #5
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-6zu4-Adapter #6
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-6zu4-Adapter #7
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-6zu4-Adapter #8
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-ISATAP-Adapter #4
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/02/2014 11:14:31 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {63d64edb-5592-4a47-b430-a6babd62118a}
Error: (12/02/2014 11:12:54 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (12/02/2014 11:12:54 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (12/02/2014 11:06:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/24/2014 03:00:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {7bf5834c-3941-4a22-b2bf-73f881e282fb}
Error: (11/24/2014 02:56:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {fb2be43f-15c6-4e49-9954-ecd892de3460}
Error: (11/24/2014 02:27:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {8778536f-4a26-4857-8b0b-b4fec8c6e5ad}
Error: (11/24/2014 02:25:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {8778536f-4a26-4857-8b0b-b4fec8c6e5ad}
Error: (11/24/2014 02:25:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {8778536f-4a26-4857-8b0b-b4fec8c6e5ad}
Error: (11/24/2014 02:25:09 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {6a3f8457-e780-45f8-a2e2-1cc5bbb0c0a0}
System errors:
=============
Error: (12/02/2014 11:07:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: netfilter
Error: (12/02/2014 11:05:29 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 27.11.2014 um 03:50:52 unerwartet heruntergefahren.
Error: (11/24/2014 03:03:36 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.0.110 für die Netzwerkkarte mit der Netzwerkadresse 0021636E7A36 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (11/24/2014 02:44:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Wpm
Error: (11/24/2014 02:25:18 PM) (Source: volsnap) (EventID: 20) (User: )
Description: Die Schattenkopien von Volume "C:" wurden aufgrund von einem fehlgeschlagenen Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
Error: (11/24/2014 02:14:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: netfilter
Error: (11/20/2014 07:44:17 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (11/20/2014 07:44:06 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (11/20/2014 07:43:57 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (11/20/2014 07:43:52 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Microsoft Office Sessions:
=========================
Error: (12/02/2014 11:14:31 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid0x80070539
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {63d64edb-5592-4a47-b430-a6babd62118a}
Error: (12/02/2014 11:12:54 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (12/02/2014 11:12:54 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (12/02/2014 11:06:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/24/2014 03:00:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid0x80070539
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {7bf5834c-3941-4a22-b2bf-73f881e282fb}
Error: (11/24/2014 02:56:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid0x80070539
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {fb2be43f-15c6-4e49-9954-ecd892de3460}
Error: (11/24/2014 02:27:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid0x80070539
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {8778536f-4a26-4857-8b0b-b4fec8c6e5ad}
Error: (11/24/2014 02:25:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid0x80070539
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {8778536f-4a26-4857-8b0b-b4fec8c6e5ad}
Error: (11/24/2014 02:25:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid0x80070539
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {8778536f-4a26-4857-8b0b-b4fec8c6e5ad}
Error: (11/24/2014 02:25:09 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {6a3f8457-e780-45f8-a2e2-1cc5bbb0c0a0}
CodeIntegrity Errors:
===================================
Date: 2010-01-11 20:35:49.949
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-01-11 20:35:49.871
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-01-11 20:35:49.777
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-01-11 20:35:49.684
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-01-11 20:35:49.590
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Athlon(tm) X2 Dual-Core QL-60
Percentage of memory in use: 49%
Total physical RAM: 3580.91 MB
Available physical RAM: 1814.95 MB
Total Pagefile: 7390.3 MB
Available Pagefile: 5332.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1879.73 MB
==================== Drives ================================
Drive c: (Vista) (Fixed) (Total:116.29 GB) (Free:61.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Data) (Fixed) (Total:115.13 GB) (Free:110.8 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
|
|
02.12.2014, 12:32
| #2 |
| /// the machine /// TB-Ausbilder    | hatte keine Internetverbundung und habe mit FRST was versucht und weiß nicht weiter hi,
__________________unsre Tools brauchen immer Adminrechte! Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ |
|
02.12.2014, 14:14
| #3 |
| | hatte keine Internetverbundung und habe mit FRST was versucht und weiß nicht weiter erstmal danke für die schnelle Antwort, aber das Programm lässt sich nicht installieren. bei beiden nicht
__________________ also, mit explorer wollte das Programm nicht laufen aber unter Chrome. revo uninstaller durchgeführt und alles gelöscht. combofix durchgeführt,aber da kam kein logfile. combofix hat 3 Dateien nicht überschreiben können: c:\32788R22FWJFW\pev.3XE c:\32788R22FWJFW\swreg.3XE c:\32788R22FWJFW\NirCmd.3XE jetzt habe ich wieder Internet Vielen vielen dank für die Hilfe |
|
03.12.2014, 08:48
| #4 |
| /// the machine /// TB-Ausbilder | hatte keine Internetverbundung und habe mit FRST was versucht und weiß nicht weiter Aber Revo ist gemacht? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu hatte keine Internetverbundung und habe mit FRST was versucht und weiß nicht weiter |
| ask toolbar entfernen, awesomehp, awesomehp entfernen, awesomehp uninstaller entfernen, branding, delta toolbar entfernen, device driver, dmuninstaller entfernen, flash player, iexplore.exe, installation, mediaplayerenhance entfernen, mypc backup entfernen, newplayer entfernen, optimizer pro v3.2 entfernen, regclean pro entfernen, registry, security, services.exe, snap.do entfernen, software, suptab entfernen, svchost.exe, this device cannot start. (code10), usbvideo.sys |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
