Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.04.2015, 21:18   #1
Antigone1978
 
Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt - Standard

Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt



Hallo,

ich habe scheinbar ein Problem mit meinem Laufwerk C und Mozilla Firefox.

Da Firefox nicht vernünftig gelaufen war, hatte ich das Programm restaurieren lassen. Da ich dachte, es wäre abgestürzt, habe ich dann aber abgebrochen. Seitdem öffnet sich Firefox nicht mehr, aber eine Fehlermeldung taucht auf. Einen laufenden Prozess im Task Manager gibt es aber auch nicht.

Habe daraufhin versucht, den Laptop mit einem früheren Wiederherstellungspunkt wieder zurückzusetzen. Ging aber auch nicht, dann sollte ich das Laufwerk überprüfen, ging aber auch nicht, da die Fehlermeldung, dass das Laufwerk C beschädigt sei, angezeigt wurde.

Da ich meine aktuellen Lesezeichen (nicht wenige) unbedingt behalten möchte, möchte ich Firefox nicht deinstallieren und neu aufsetzen.

Fehlermeldungen sind im Anhang.

Hättet ihr eine Lösung für das Problem?

Vielen Dank schonmal und Grüße
Nadine
Angehängte Dateien
Dateityp: pdf Fehlermeldung.pdf (222,7 KB, 88x aufgerufen)
Dateityp: pdf Fehlermeldung C.pdf (105,2 KB, 92x aufgerufen)

Alt 07.04.2015, 22:54   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt - Standard

Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt



Hi,

das defekte Profil und die folgerichtige Meldung vom Firefox ist nicht die Urache, sondern ein Symptom eines defekten Dateisystems oder gar wenns schlimm ist einer sterbenden Festplatte.

Zitat:
Da ich meine aktuellen Lesezeichen (nicht wenige) unbedingt behalten möchte, möchte ich Firefox nicht deinstallieren und neu aufsetzen.
Sry aber hast du schonmal davon gehört, dass man wichtige Daten immer regelmäßig sichert? Falls mal eine Platte stirbt sind die Daten idR weg, wenn überhaupt nur mit sehr viel Aufwand und Kohle zu retten.

Bevor wir irgendwas weiter machen: lies den SMART-Status der Platte aus. Wenn der Müll ist, brauchst du eh ne neue. Mach das zB mit diesem Tool => CrystalDiskInfo - Download - Filepony
__________________

__________________

Alt 12.04.2015, 22:21   #3
Antigone1978
 
Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt - Standard

Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt



Hallo,

meine anderen Daten sichere ich auch immer regelmäßig. Jedenfalls erstmal Danke für deine Antwort.

Ich habe jetzt mal das Programm installiert und der Gesamtzustand ist nach dessen Aussage wohl "gut". Brauchst du noch nähere Infos dazu? Konnte das irgendwie nicht speichern, um es dir als Datei anzuhängen.

Vg
Nadine
__________________

Alt 12.04.2015, 22:44   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt - Standard

Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt



chkdsk der Systempartition unter Windows 7

1. Klick mit rechts auf einen freien Bereich auf dem Desktop und sag "Neu, Verknüpfung erstellen"
2. Tipp als Ziel cmd.exe ein und bestätige mit OK, eine neue Verknüpfung zur Konsole auf dem Desktop müsste sich nun befinden
3. Falls dem so ist, diese neue Verknüpfung rechtsklicken => Als Administrator ausführen => Sicherheitsabfrage von Vista Benutzerkontensteuerung ggf. bestätigen => schwarze Eingabeaufforderung öffnet sich
4. Tipp dort ein: chkdsk c: /f /r /v und bestätige mit enter.
5. Die folgende Abfrage mit j bestätigen und enter drücken.
6. Windows neu starten, es sollte ein Hinweis auf eine geplante Datenträgerüberprüfung erscheinen - die Zeit verstreichen lassen, keine Taste drücken!!
7. Abwarten bis der Vorgang abgeschlossen ist. Bei großen Partitionen kann es u.U. recht lange dauern. Windows bootet automatisch neu.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.04.2015, 16:04   #5
Antigone1978
 
Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt - Standard

Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt



Habe alles wie beschrieben gemacht, aber nach dem Neustart wurde nichts ausgeführt, es kam auch keine Meldung o.ä.

Ich musste mich aber beim Neustart wie sonst auch anmelden. Habe das unter meinem Benutzerkonto gemacht, da das nicht funktionierende Firefox, dass ich wiederhergestellt haben möchte, unter meinem Benutzerkonto ist. Danach habe ich, wie du geschrieben hattest, auf keine einzige Taste gedrückt.

Oder hätte ich mich unter dem Administratoren-Benutzerkonto anmelden müssen?


Alt 15.04.2015, 23:10   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt - Standard

Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt



Selbstverständlich geht das nur mit einem Adminaccount...
__________________
--> Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt

Alt 17.04.2015, 08:14   #7
Antigone1978
 
Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt - Standard

Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt



Habe es jetzt über das Admin-Konto durchgeführt und es hat geklappt. Was muss ich jetzt machen?

Alt 17.04.2015, 09:30   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt - Standard

Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt



Mir mitteilen ob die Fehler noch auftauchen. Wenn nicht, war die Reparatur des Dateisystems erfolgreich.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.04.2015, 22:19   #9
Antigone1978
 
Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt - Standard

Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt



Alle Probleme bestehen leider weiterhin. Ich habe gerade gesehen, dass an dem Tag, als die Probleme aufgetreten sind, ein automatisches Windows-Update gemacht wurde. Kann das daran liegen? Bzw. was gibt es jetzt noch für eine Möglichkeit, um das wieder zum Laufen zu bekommen?
Danke schonmal für deine bisherige Hilfe.

Alt 18.04.2015, 00:59   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt - Standard

Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt



Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.04.2015, 23:20   #11
Antigone1978
 
Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt - Standard

Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt



frst:

#
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-04-2015 01
Ran by Nadine (ATTENTION: The logged in user is not administrator) on NADINE-NOTEBOOK on 18-04-2015 23:08:11
Running from C:\Users\Nadine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB5QDE8Q
Loaded Profiles: Nadine & Garfield (Available profiles: Nadine & Garfield & Gast)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> PresentationFontCache.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SLsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> aavus.exe
Failed to access process -> armsvc.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> CFSvcs.exe
Failed to access process -> svchost.exe
Failed to access process -> PSUAService.exe
Failed to access process -> rpcnet.exe
Failed to access process -> psia.exe
Failed to access process -> svchost.exe
Failed to access process -> TNaviSrv.exe
Failed to access process -> TODDSrv.exe
Failed to access process -> TosCoSrv.exe
Failed to access process -> TosIPCSrv.exe
Failed to access process -> ULCDRSvr.exe
Failed to access process -> svchost.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> SearchIndexer.exe
Failed to access process -> XAudio.exe
Failed to access process -> PSANHost.exe
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> taskeng.exe
Failed to access process -> alg.exe
Failed to access process -> sua.exe
Failed to access process -> taskeng.exe
Failed to access process -> dwm.exe
Failed to access process -> explorer.exe
Failed to access process -> igfxtray.exe
Failed to access process -> hkcmd.exe
Failed to access process -> igfxpers.exe
Failed to access process -> igfxsrvc.exe
Failed to access process -> traybar.exe
Failed to access process -> HDMICtrlMan.exe
Failed to access process -> TCrdMain.exe
Failed to access process -> SynTPEnh.exe
Failed to access process -> CNSLMAIN.EXE
Failed to access process -> PSUAMain.exe
Failed to access process -> Panda_URL_Filtering.exe
Failed to access process -> TOSCDSPD.exe
Failed to access process -> taskeng.exe
Failed to access process -> Skype.exe
Failed to access process -> CEC_MAIN.exe
Failed to access process -> psi_tray.exe
Failed to access process -> igfxext.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(TOSHIBA Corporation.) C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
() C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Facebook Inc.) C:\Users\Nadine\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
Failed to access process -> wmpnetwk.exe
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_152_ActiveX.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
Failed to access process -> WmiPrvSE.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-10-25] (Chicony)
HKLM\...\Run: [HDMICtrlMan] => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [716800 2008-01-25] (TOSHIBA Corporation.)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [32736 2013-10-19] (Panda Security, S.L.)
HKLM\...\Run: [Panda Security URL Filtering] => C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [235072 2013-09-26] (Visicom Media Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKU\S-1-5-21-2664316595-2851453375-3809740440-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2007-12-29] ()
HKU\S-1-5-21-2664316595-2851453375-3809740440-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2664316595-2851453375-3809740440-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-2664316595-2851453375-3809740440-1000\...\Run: [Facebook Update] => C:\Users\Nadine\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-08] (Facebook Inc.)
HKU\S-1-5-21-2664316595-2851453375-3809740440-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2664316595-2851453375-3809740440-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2664316595-2851453375-3809740440-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2664316595-2851453375-3809740440-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [704512 2009-04-11] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL => C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk /r \??\C:autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
HKU\S-1-5-21-2664316595-2851453375-3809740440-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ddecc05a-aa62-2493-af7b-4c1b75834dd2&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=15/08/2013&type=hp1000
HKU\S-1-5-21-2664316595-2851453375-3809740440-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ddecc05a-aa62-2493-af7b-4c1b75834dd2&searchtype=hp&fr=linkury-tb&installDate=15/08/2013&type=hp1000
HKU\S-1-5-21-2664316595-2851453375-3809740440-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
URLSearchHook: [S-1-5-21-2664316595-2851453375-3809740440-1002] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2664316595-2851453375-3809740440-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-07] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files\pandasecuritytb\pandasecurityDx.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-07] (Oracle Corporation)
BHO: No Name -> {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  ->  No File
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax [2009-07-16] ()
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\a91syiie.default-1402761685160
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-01] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-05] (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll [2010-02-03] ( )
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files\Sony\Media Go\npmediago.dll [2010-09-14] (Sony Media Software and Services Inc)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2664316595-2851453375-3809740440-1000: facebook.com/fbDesktopPlugin -> C:\Users\Nadine\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF Plugin HKU\S-1-5-21-2664316595-2851453375-3809740440-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-2664316595-2851453375-3809740440-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll [2013-01-23] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-06]
FF HKU\S-1-5-21-2664316595-2851453375-3809740440-1002\...\Firefox\Extensions: [{BD4ACD0E-3854-3C2A-20FC-BC9B823C8DED}] - C:\Program Files\PassShow-soft\171.xpi

Chrome: 
=======
CHR Profile: C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-08-05]
CHR HKLM\...\Chrome\Extension: [fknfdieimobmimhdkfkheeejenmdjhoe] - C:\Program Files\pandasecuritytb\chrome-newtab-search.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140768 2013-10-03] (Panda Security, S.L.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [3453712 2009-12-16] (INCA Internet Co., Ltd.) [File not signed]
R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [37344 2013-10-19] (Panda Security, S.L.)
R2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-04-18] (Absolute Software Corp.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation)
R3 CnxtHdAudAddService; C:\Windows\System32\drivers\CHDART.sys [187904 2008-02-01] (Conexant Systems Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-03-28] ()
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [84200 2013-05-29] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [126184 2013-05-29] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [107752 2013-05-29] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [124648 2013-05-29] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95464 2013-05-29] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61672 2013-05-29] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [106344 2013-05-29] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [287336 2013-05-29] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [161384 2013-05-29] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108904 2013-05-29] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [230376 2013-05-29] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [93928 2013-05-29] (Panda Security, S.L.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [145640 2013-10-17] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105704 2013-10-11] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [175848 2013-10-11] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114920 2013-10-11] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [127720 2013-10-11] (Panda Security, S.L.)
S3 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [97512 2013-10-11] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36560 2006-09-27] (Sonic Solutions) [File not signed]
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
S3 sonypvs1; C:\Windows\System32\DRIVERS\sonypvs1.sys [102220 2002-10-15] (Sony Corporation) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-08-15] (Duplex Secure Ltd.)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-18 23:00 - 2015-04-18 23:00 - 00000108 _____ () C:\Windows\TempCloudAV0418210025_2788.csv
2015-04-18 11:33 - 2015-04-18 23:08 - 00000000 ____D () C:\FRST
2015-04-17 22:32 - 2015-04-17 22:32 - 00000000 _____ () C:\Users\Nadine\Downloads\install_flashplayer17x32ax_gtbd_chrd_dn_aaa_aih_exe.m8fit5e.partial
2015-04-17 22:29 - 2015-04-17 22:29 - 00000000 _____ () C:\Users\Nadine\Downloads\install_flashplayer17x32ax_gtbd_chrd_dn_aaa_aih_exe.t9pn83v.partial
2015-04-17 01:34 - 2015-04-17 01:34 - 00000000 ____D () C:\Users\Garfield\AppData\Local\Skype
2015-04-17 01:14 - 2015-04-17 01:33 - 00315316 _____ () C:\Windows\TempCloudAV0416231303_3052.csv
2015-04-15 19:54 - 2015-04-15 19:54 - 00000170 _____ () C:\Windows\TempCloudAV0415175410_3052.csv
2015-04-15 00:25 - 2015-04-15 04:26 - 00031545 _____ () C:\Windows\TempCloudAV0414222555_2968.csv
2015-04-15 00:22 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 00:05 - 2015-04-15 00:23 - 00328842 _____ () C:\Windows\TempCloudAV0414220538_3048.csv
2015-04-15 00:00 - 2015-04-15 00:00 - 00000694 _____ () C:\Users\Nadine\Desktop\cmd.exe.lnk
2015-04-14 23:13 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 23:12 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 23:12 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-14 23:12 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 23:12 - 2015-03-10 01:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 23:12 - 2015-03-10 01:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 23:12 - 2015-03-10 01:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 23:12 - 2015-03-10 01:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 23:12 - 2015-03-10 00:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 23:12 - 2015-03-10 00:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 23:12 - 2015-03-10 00:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 23:12 - 2015-03-10 00:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 23:12 - 2015-03-10 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-14 23:12 - 2015-03-10 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 23:12 - 2015-03-10 00:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-14 23:12 - 2015-03-10 00:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 23:12 - 2015-03-10 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 23:12 - 2015-03-10 00:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 23:12 - 2015-03-10 00:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 23:12 - 2015-03-10 00:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 23:12 - 2015-03-10 00:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 23:12 - 2015-03-10 00:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 23:12 - 2015-03-10 00:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 23:12 - 2015-03-10 00:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-14 23:12 - 2015-03-10 00:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-14 23:12 - 2015-03-10 00:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-14 23:12 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 23:12 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-12 22:14 - 2015-04-12 22:14 - 00000000 ____D () C:\Users\Garfield\AppData\Roaming\OpenCandy
2015-04-12 22:14 - 2015-04-12 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2015-04-12 22:14 - 2015-04-12 22:14 - 00000000 ____D () C:\Program Files\CrystalDiskInfo
2015-04-09 21:29 - 2015-04-10 00:46 - 00091787 _____ () C:\Windows\TempCloudAV0409192918_3096.csv
2015-04-07 21:39 - 2015-04-07 21:39 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-04-04 01:37 - 2015-04-07 20:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-04 01:12 - 2015-04-04 01:12 - 00000278 _____ () C:\Windows\TempCloudAV0403231252_3076.csv
2015-04-01 23:26 - 2015-04-01 23:26 - 00000170 _____ () C:\Windows\TempCloudAV0401212607_3064.csv
2015-04-01 23:13 - 2015-04-01 23:13 - 00957248 _____ (DivX, LLC) C:\Users\Nadine\Downloads\DivXInstaller_913.exe
2015-04-01 23:10 - 2015-04-07 20:07 - 00000851 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-01 23:06 - 2015-04-01 23:06 - 00243576 _____ () C:\Users\Nadine\Downloads\Firefox Setup Stub 37.0.exe
2015-03-31 20:29 - 2015-03-31 20:29 - 00000100 _____ () C:\Windows\TempCloudAV0331182931_3076.csv
2015-03-29 14:36 - 2015-03-29 15:11 - 00148265 _____ () C:\Windows\TempCloudAV0329123652_3020.csv
2015-03-24 21:53 - 2015-03-24 21:53 - 00001136 _____ () C:\Users\Nadine\Desktop\Freemake Video Converter.lnk
2015-03-22 19:53 - 2015-03-22 19:53 - 00000000 ____D () C:\Users\Nadine\AppData\Local\Mozilla Firefox
2015-03-22 18:34 - 2015-03-22 18:34 - 00000175 _____ () C:\Windows\TempCloudAV0322163358_3120.csv
2015-03-22 14:37 - 2015-03-22 14:42 - 00222205 _____ () C:\Windows\TempCloudAV0322123726_3436.csv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-18 23:05 - 2008-06-23 17:31 - 01607513 _____ () C:\Windows\WindowsUpdate.log
2015-04-18 23:03 - 2009-06-27 20:45 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Skype
2015-04-18 23:01 - 2014-10-20 01:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfebf1334e9f30.job
2015-04-18 23:01 - 2014-04-06 08:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf515dab198c8b.job
2015-04-18 23:01 - 2012-08-02 22:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-18 23:00 - 2014-06-04 20:56 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-04-18 23:00 - 2014-04-06 08:01 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf515dab980b5b.job
2015-04-18 23:00 - 2014-03-17 22:10 - 00017408 _____ () C:\Windows\system32\rpcnetp.exe
2015-04-18 23:00 - 2012-08-08 19:53 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2664316595-2851453375-3809740440-1000UA.job
2015-04-18 23:00 - 2012-08-08 19:53 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2664316595-2851453375-3809740440-1000Core.job
2015-04-18 23:00 - 2009-10-03 14:06 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-04-18 23:00 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-18 23:00 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-18 23:00 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-18 22:58 - 2006-11-02 15:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-18 22:26 - 2014-10-20 01:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfebf133c66740.job
2015-04-18 11:38 - 2014-06-04 20:56 - 00078032 ____N (Absolute Software Corp.) C:\Windows\system32\rpcnet.exe
2015-04-17 21:11 - 2012-08-09 07:10 - 00679902 _____ () C:\Windows\PFRO.log
2015-04-17 02:34 - 2012-07-19 21:14 - 00000000 ____D () C:\Users\Garfield\AppData\Roaming\Skype
2015-04-17 01:33 - 2012-07-11 23:08 - 00000949 _____ () C:\Users\Garfield\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-17 01:14 - 2014-07-15 22:05 - 00000000 ____D () C:\Program Files\SearchProtect
2015-04-15 00:22 - 2013-08-15 15:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 00:14 - 2006-11-02 12:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-14 23:54 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-14 23:13 - 2008-03-06 10:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-14 23:11 - 2008-01-21 09:16 - 01543100 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 22:14 - 2012-07-11 23:08 - 00091976 _____ () C:\Users\Garfield\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-09 21:54 - 2008-06-24 22:01 - 00113664 _____ () C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-07 21:40 - 2013-11-13 23:15 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-07 21:38 - 2014-04-16 19:52 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-04-07 21:38 - 2008-03-03 19:27 - 00000000 ____D () C:\Program Files\Java
2015-04-07 20:56 - 2012-04-25 23:40 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-07 20:07 - 2011-05-20 14:13 - 00000863 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-01 23:25 - 2009-12-14 00:39 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2015-04-01 23:23 - 2010-06-12 18:23 - 00000000 ____D () C:\ProgramData\DivX
2015-04-01 23:23 - 2009-12-14 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-04-01 23:23 - 2009-12-14 00:39 - 00000000 ____D () C:\Program Files\DivX
2015-04-01 23:14 - 2014-08-20 21:50 - 00000000 ____D () C:\Users\Garfield\AppData\Local\Adobe
2015-04-01 23:12 - 2012-06-30 22:20 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-01 23:12 - 2011-05-16 21:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-01 21:36 - 2008-06-25 19:18 - 00000000 ____D () C:\Users\Nadine\Documents\Studium
2015-03-29 18:39 - 2008-07-02 22:21 - 00000000 ____D () C:\Users\Nadine\Documents\Sonstiges
2015-03-24 01:40 - 2013-04-21 17:51 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2012-08-08 18:46 - 2012-08-08 18:46 - 0783847 _____ () C:\Program Files\MozBackup-1.5.1-de.zip
2010-08-09 13:52 - 2010-08-09 13:52 - 0000016 ____H () C:\Program Files\mxfilerelatedcache.mxc2
2010-05-20 08:20 - 2010-05-25 18:53 - 4098825 _____ (Daniel Luedecke) C:\Program Files\Zettelkasten.exe
2010-08-09 13:52 - 2010-08-09 13:52 - 0000016 ____H () C:\Program Files\Common Files\mxfilerelatedcache.mxc2
2008-07-06 20:22 - 2008-07-06 20:22 - 0000016 ____H () C:\Users\Nadine\AppData\Roaming\mxfilerelatedcache.mxc2
2008-06-24 00:22 - 2008-07-02 22:45 - 0000278 _____ () C:\Users\Nadine\AppData\Roaming\wklnhst.dat
2010-06-04 19:00 - 2012-07-25 21:47 - 0001356 _____ () C:\Users\Nadine\AppData\Local\d3d9caps.dat
2008-06-24 22:01 - 2015-04-09 21:54 - 0113664 _____ () C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-07-06 20:22 - 2008-07-06 20:22 - 0000016 ____H () C:\Users\Nadine\AppData\Local\mxfilerelatedcache.mxc2
2008-07-06 20:22 - 2008-07-06 20:22 - 0000016 ____H () C:\ProgramData\mxfilerelatedcache.mxc2

Some content of TEMP:
====================
C:\Users\Garfield\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Garfield\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\Garfield\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Gast\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nadine\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
         
--- --- ---

--- --- ---


addition:

#FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-04-2015 01
Ran by Nadine at 2015-04-18 23:09:38
Running from C:\Users\Nadine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB5QDE8Q
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Cloud Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Cloud Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Cloud Antivirus Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4Free Video Converter 2 (HKLM\...\{7061301A-0D44-432F-859D-AF705DA2C81F}_is1) (Version:  - 4Free Studio)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen (HKLM\...\Adobe_061850775b1c6d22bf2a145678e05e0) (Version: 1.0 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Media Live Encoder 3.2 (HKLM\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Premiere Pro CS4 (HKLM\...\Adobe_26b63376f4efc354dae41af6b5e3343) (Version: 4 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Ashampoo Burning Studio 2010 Advanced (HKLM\...\Ashampoo Burning Studio 2010 Advanced_is1) (Version: 9.2.4 - ashampoo GmbH & Co. KG)
Avery Zweckform Assistent 3.1 (HKLM\...\InstallShield_{EB7A2041-6A16-4BAC-8079-43B985673C2C}) (Version: 3.1.0.2153 - Avery)
Avery Zweckform Assistent 3.1 (Version: 3.1.0.2153 - Avery) Hidden
Babbel Refresh (HKLM\...\com.babbel.babbelrefresh.3741A3FCE1D3EB805F84223A94DE5A5CFDAA610D.1) (Version: 0.6.17176 - Lesson Nine GmbH)
Babbel Refresh (Version: 0.6.17176 - Lesson Nine GmbH) Hidden
Bibliographix 7 (HKLM\...\Bibliographix 7_is1) (Version:  - Bibliographix GbR)
Bibliographix 8 (HKLM\...\Bibliographix 8_is1) (Version:  - Bibliographix GbR)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.02(T) - TOSHIBA CORPORATION)
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.175.0123 - Chicony Electronics Co.,Ltd.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version:  - )
Canon MP560 series Benutzerregistrierung (HKLM\...\Canon MP560 series Benutzerregistrierung) (Version:  - )
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.00 - TOSHIBA)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.6.0 - Conexant)
CrystalDiskInfo 6.3.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.3.2 - Crystal Dew World)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 14.0.0.10960 - Landesfinanzdirektion Thüringen)
ElsterFormular 2008/2009 (HKLM\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.3.2.0 - Steuerverwaltung des Bundes und der Länder)
Facebook Messenger 2.1.4590.0 (HKLM\...\{7BB5E925-A3DD-48C2-9A82-017AF5982FFE}) (Version: 2.1.4590.0 - Facebook)
Facebook Messenger 2.1.4814.0 (HKLM\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Flash Movie Player 1.5 (HKLM\...\Flash Movie Player) (Version: 1.5 - Eolsoft)
Free M4a to MP3 Converter 6.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter version 3.12.13.925 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.13.925 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.5 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Earth (HKLM\...\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}) (Version: 4.0.2737 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Guitar Pro 5.0 (HKLM\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179) (Version:  - )
HDMI Control Manager (HKLM\...\{CBDF64B0-8CAB-45C7-B3B2-4637C9F88769}) (Version: 1.6 - TOSHIBA)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Last.fm 1.5.4.27091 (HKLM\...\LastFM_is1) (Version:  - Last.fm)
MAGIX Digital Foto Maker SE 4.1.0.835 (D) (HKLM\...\MAGIX Digital Foto Maker SE D) (Version: 4.1.0.835 - MAGIX AG)
MAGIX Foto Suite 1.12.0.89 (D) (HKLM\...\MAGIX Foto Suite D) (Version: 1.12.0.89 - MAGIX AG)
MAGIX Online Druck Service 2.3.2.0 (D) (HKLM\...\MAGIX Online Druck Service D) (Version: 2.3.2.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.51.4.3 - Marvell)
Media Go (HKLM\...\{C6AC04F5-5916-4A02-BC36-AF5BC0A3CBD4}) (Version: 1.6.508 - Sony)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 36.0.4 (x86 de) (HKLM\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Firefox 37.0.1 (x86 de) (HKLM\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Müller Foto (HKLM\...\Müller Foto) (Version: 4.8.4 - CEWE COLOR AG u Co. OHG)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
Panda Cloud Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 02.03.00.0000 - Panda Security)
Panda Cloud Antivirus (Version: 6.06.00.0000 - Panda Security) Hidden
Panda Security Toolbar (HKLM\...\pandasecuritytb) (Version: 4.1.0.5 - Panda Security and Visicom Media Inc.)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
pdfsam (HKLM\...\pdfsam) (Version: 2.2.1 - )
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerTeacher Version 23.04.021 (HKU\S-1-5-21-2664316595-2851453375-3809740440-1000\...\PowerTeacher_is1) (Version: 23.04.021 - admigro media GmbH)
PrimoPDF -- by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5.0.0.19 - Nitro PDF Software)
RAR File Open Knife - Free Opener (HKLM\...\RAR File Open Knife - Free Opener) (Version: 3.30 - Philipp Winterberg)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
simple-fax.de Version 1 (HKLM\...\{7343767F-D225-4EB2-87B8-173451445F45}_is1) (Version: 1 - simple-fax.de)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Sony PC Companion 2.10.027 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.027 - Sony)
Sony USB Driver (HKLM\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version:  - )
Steuer-Spar-Erklärung 2011 (HKLM\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.7.0 - Synaptics)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.04 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM\...\{56995235-B76E-44A6-BA17-8FF13D3F907A}) (Version: 7.33 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.1.26 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.1.a - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.20.10 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 1.0.3.32 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}) (Version: 3.00.01.00 - TOSHIBA)
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 1.00.0012 - TOSHIBA)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}) (Version: 3.00.01.00 - TOSHIBA)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.14 - TOSHIBA Corporation)
TRDCReminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0014 - TOSHIBA)
TRDCReminder (Version: 1.00.0014 - TOSHIBA) Hidden
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.1 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 6.7.5 - Shark007)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Media Encoder 9-Reihe (HKLM\...\Windows Media Encoder 9) (Version:  - )
Yahoo Community Smartbar (HKLM\...\{1897D0E7-2AA7-421D-9B12-4B0CBC1AB7C7}) (Version: 1.133.66.11819 - Linkury Inc.) <==== ATTENTION
Zeugnisse und Referenzschreiben (HKLM\...\PI15040_HPR_AuR) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2664316595-2851453375-3809740440-1000_Classes\CLSID\{04FE3112-DB93-424D-B958-5E709395693F}\InprocServer32 -> C:\Users\Nadine\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
CustomCLSID: HKU\S-1-5-21-2664316595-2851453375-3809740440-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Nadine\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2664316595-2851453375-3809740440-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CustomCLSID: HKU\S-1-5-21-2664316595-2851453375-3809740440-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2664316595-2851453375-3809740440-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Nadine\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2664316595-2851453375-3809740440-1002_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2664316595-2851453375-3809740440-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garfield\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2664316595-2851453375-3809740440-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garfield\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2664316595-2851453375-3809740440-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garfield\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2664316595-2851453375-3809740440-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garfield\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => 
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2664316595-2851453375-3809740440-1000Core.job => C:\Users\Nadine\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2664316595-2851453375-3809740440-1000UA.job => C:\Users\Nadine\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf515dab198c8b.job => 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfebf1334e9f30.job => 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf515dab980b5b.job => 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfebf133c66740.job => 

==================== Loaded Modules (whitelisted) ==============

2008-03-03 19:15 - 2007-09-13 15:11 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2007-12-14 21:28 - 2007-12-14 21:28 - 04726784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2007-12-14 21:40 - 2007-12-14 21:40 - 00090112 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2008-03-03 20:07 - 2006-10-10 12:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2007-12-25 12:03 - 2007-12-25 12:03 - 00015184 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () c:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 18:55 - 2006-12-01 18:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2008-03-03 20:11 - 2007-12-29 10:06 - 00430080 _____ () C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
2008-06-23 17:32 - 2008-01-22 11:00 - 04624384 _____ () C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
2014-07-21 11:00 - 2014-07-21 11:00 - 03502080 _____ () C:\Program Files\VistaCodecPack\filters\ffdshow.ax

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2664316595-2851453375-3809740440-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nadine\Desktop\Facebook\Damen Motorrad.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Garfield^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe_ID0EYTHM => C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Garfield\AppData\Local\Smartbar\Application\Smartbar.exe startup
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: Desktop SMS => C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Facebook Update => "C:\Users\Garfield\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
MSCONFIG\startupreg: PhonostarTimer => C:\Program Files\phonostar\ps_timer.exe
MSCONFIG\startupreg: Picasa Media Detector => C:\Program Files\Picasa2\PicasaMediaDetector.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Accounts: =============================

Administrator (S-1-5-21-2664316595-2851453375-3809740440-500 - Administrator - Disabled)
Garfield (S-1-5-21-2664316595-2851453375-3809740440-1002 - Administrator - Enabled) => C:\Users\Garfield
Gast (S-1-5-21-2664316595-2851453375-3809740440-501 - Limited - Enabled) => C:\Users\Gast
Nadine (S-1-5-21-2664316595-2851453375-3809740440-1000 - Limited - Enabled) => C:\Users\Nadine

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2015 11:06:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST.exe, Version 18.4.2015.1 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 16ec
Anfangszeit: 01d07a1b6468be80
Zeitpunkt der Beendigung: 5

Error: (04/18/2015 11:02:41 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GARFIELD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/18/2015 11:02:41 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GARFIELD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/18/2015 11:02:38 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GARFIELD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/18/2015 11:02:38 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GARFIELD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/18/2015 11:02:37 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GARFIELD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/18/2015 11:02:37 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GARFIELD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/18/2015 11:02:35 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GARFIELD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/18/2015 11:02:35 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GARFIELD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/18/2015 11:02:34 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GARFIELD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (04/18/2015 11:00:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: TfFsMon
TfSysMon

Error: (04/18/2015 11:00:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (04/18/2015 11:00:04 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (04/18/2015 10:59:51 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (04/18/2015 10:34:48 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4F06EC22-F42D-40FD-8714-7CA84C3B1D-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/18/2015 10:19:47 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4F06EC22-F42D-40FD-8714-7CA84C3B1D-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/18/2015 09:46:44 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4F06EC22-F42D-40FD-8714-7CA84C3B1D-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/18/2015 09:39:23 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (04/18/2015 09:39:21 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (04/18/2015 09:38:43 PM) (Source: netbt) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.109
registriert werden. Der Computer mit IP-Adresse 192.168.2.1 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.


Microsoft Office Sessions:
=========================
Error: (04/02/2012 10:11:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 660 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (04/02/2012 10:00:36 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3973 seconds with 2160 seconds of active time.  This session ended with a crash.

Error: (06/09/2010 01:40:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10897 seconds with 2580 seconds of active time.  This session ended with a crash.

Error: (03/18/2010 06:48:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4099 seconds with 2940 seconds of active time.  This session ended with a crash.

Error: (10/11/2009 03:56:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 48 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/26/2009 06:44:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 2334 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (02/10/2009 11:30:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1457 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (02/10/2009 08:50:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/08/2009 01:21:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/08/2009 01:11:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-04-18 23:08:45.976
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-18 23:08:45.586
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-18 23:08:45.209
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-18 23:08:44.834
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-18 23:08:44.398
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\PSINProt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-18 23:08:44.024
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\PSINProt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-18 23:08:43.660
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\PSINProt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-18 23:08:43.293
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\PSINProt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-18 23:08:42.809
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\PSINProc.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-18 23:08:42.438
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\PSINProc.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 70%
Total physical RAM: 2037.67 MB
Available physical RAM: 599.3 MB
Total Pagefile: 7976.93 MB
Available Pagefile: 6073.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.9 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:117.54 GB) (Free:16.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Data) (Fixed) (Total:113.88 GB) (Free:101.86 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
--- --- ---

Alt 19.04.2015, 14:07   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt - Standard

Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt



Zitat:
Ran by Nadine (ATTENTION: The logged in user is not administrator) on NADINE-NOTEBOOK on 18-04-2015 23:08:11
Running from C:\Users\Nadine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB5QDE8Q
So wird das nix. 1. musst du Admin sein, 2. sollst du FRST auf den Desktop runterladen, Browser beenden, dann FRST vom Desktop aus (als Admin) doppelklicken.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.04.2015, 01:03   #13
Antigone1978
 
Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt - Standard

Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt



#
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-04-2015 01
Ran by Garfield (administrator) on NADINE-NOTEBOOK on 20-04-2015 00:52:55
Running from C:\Users\Garfield\Desktop
Loaded Profiles: Garfield (Available profiles: Nadine & Garfield & Gast)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(TOSHIBA Corporation.) C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
() C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_152_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-10-25] (Chicony)
HKLM\...\Run: [HDMICtrlMan] => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [716800 2008-01-25] (TOSHIBA Corporation.)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [32736 2013-10-19] (Panda Security, S.L.)
HKLM\...\Run: [Panda Security URL Filtering] => C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [235072 2013-09-26] (Visicom Media Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll [2007-09-13] (Intel Corporation)
HKU\S-1-5-21-2664316595-2851453375-3809740440-1002\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2007-12-29] ()
HKU\S-1-5-21-2664316595-2851453375-3809740440-1002\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2664316595-2851453375-3809740440-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2664316595-2851453375-3809740440-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL => C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-15]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-03-03]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-03-03]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garfield\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garfield\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garfield\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garfield\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
BootExecute: autocheck autochk /r \??\C:autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKU\S-1-5-21-2664316595-2851453375-3809740440-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2664316595-2851453375-3809740440-1002 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2664316595-2851453375-3809740440-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-07] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files\pandasecuritytb\pandasecurityDx.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-07] (Oracle Corporation)
BHO: No Name -> {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  ->  No File
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax [2009-07-16] ()
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Garfield\AppData\Roaming\Mozilla\Firefox\Profiles\49kpn2gd.default-1428431198362
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-01] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-05] (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll [2010-02-03] ( )
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files\Sony\Media Go\npmediago.dll [2010-09-14] (Sony Media Software and Services Inc)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2664316595-2851453375-3809740440-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll [2013-01-23] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-06]
FF HKU\S-1-5-21-2664316595-2851453375-3809740440-1002\...\Firefox\Extensions: [{BD4ACD0E-3854-3C2A-20FC-BC9B823C8DED}] - C:\Program Files\PassShow-soft\171.xpi

Chrome: 
=======
CHR Profile: C:\Users\Garfield\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (avast! WebRep) - C:\Users\Garfield\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-08-06]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Garfield\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-08-06]
CHR HKLM\...\Chrome\Extension: [fknfdieimobmimhdkfkheeejenmdjhoe] - C:\Program Files\pandasecuritytb\chrome-newtab-search.crx [Not Found]
CHR HKU\S-1-5-21-2664316595-2851453375-3809740440-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-03-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140768 2013-10-03] (Panda Security, S.L.)
S3 npggsvc; C:\Windows\system32\GameMon.des [3453712 2009-12-16] (INCA Internet Co., Ltd.) [File not signed]
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [37344 2013-10-19] (Panda Security, S.L.)
R2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-04-18] (Absolute Software Corp.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation)
R3 CnxtHdAudAddService; C:\Windows\System32\drivers\CHDART.sys [187904 2008-02-01] (Conexant Systems Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-03-28] ()
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [84200 2013-05-29] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [126184 2013-05-29] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [107752 2013-05-29] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [124648 2013-05-29] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95464 2013-05-29] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61672 2013-05-29] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [106344 2013-05-29] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [287336 2013-05-29] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [161384 2013-05-29] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108904 2013-05-29] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [230376 2013-05-29] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [93928 2013-05-29] (Panda Security, S.L.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [145640 2013-10-17] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105704 2013-10-11] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [175848 2013-10-11] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114920 2013-10-11] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [127720 2013-10-11] (Panda Security, S.L.)
S3 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [97512 2013-10-11] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36560 2006-09-27] (Sonic Solutions) [File not signed]
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
S3 sonypvs1; C:\Windows\System32\DRIVERS\sonypvs1.sys [102220 2002-10-15] (Sony Corporation) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-08-15] (Duplex Secure Ltd.)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 00:51 - 2015-04-20 00:53 - 00020189 _____ () C:\Users\Garfield\Desktop\FRST.txt
2015-04-20 00:50 - 2015-04-20 00:50 - 01137664 _____ (Farbar) C:\Users\Garfield\Desktop\FRST.exe
2015-04-18 23:10 - 2015-04-18 23:10 - 00040427 _____ () C:\Users\Nadine\Desktop\Addition.txt
2015-04-18 23:10 - 2015-04-18 23:10 - 00036061 _____ () C:\Users\Nadine\Desktop\FRST.txt
2015-04-18 23:00 - 2015-04-18 23:00 - 00000108 _____ () C:\Windows\TempCloudAV0418210025_2788.csv
2015-04-18 11:33 - 2015-04-20 00:52 - 00000000 ____D () C:\FRST
2015-04-17 22:32 - 2015-04-17 22:32 - 00000000 _____ () C:\Users\Nadine\Downloads\install_flashplayer17x32ax_gtbd_chrd_dn_aaa_aih_exe.m8fit5e.partial
2015-04-17 22:29 - 2015-04-17 22:29 - 00000000 _____ () C:\Users\Nadine\Downloads\install_flashplayer17x32ax_gtbd_chrd_dn_aaa_aih_exe.t9pn83v.partial
2015-04-17 01:34 - 2015-04-17 01:34 - 00000000 ____D () C:\Users\Garfield\AppData\Local\Skype
2015-04-17 01:14 - 2015-04-17 01:33 - 00315316 _____ () C:\Windows\TempCloudAV0416231303_3052.csv
2015-04-15 19:54 - 2015-04-15 19:54 - 00000170 _____ () C:\Windows\TempCloudAV0415175410_3052.csv
2015-04-15 00:25 - 2015-04-15 04:26 - 00031545 _____ () C:\Windows\TempCloudAV0414222555_2968.csv
2015-04-15 00:22 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 00:05 - 2015-04-15 00:23 - 00328842 _____ () C:\Windows\TempCloudAV0414220538_3048.csv
2015-04-15 00:00 - 2015-04-15 00:00 - 00000694 _____ () C:\Users\Nadine\Desktop\cmd.exe.lnk
2015-04-14 23:13 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 23:12 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 23:12 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-14 23:12 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 23:12 - 2015-03-10 01:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 23:12 - 2015-03-10 01:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 23:12 - 2015-03-10 01:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 23:12 - 2015-03-10 01:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 23:12 - 2015-03-10 00:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 23:12 - 2015-03-10 00:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 23:12 - 2015-03-10 00:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 23:12 - 2015-03-10 00:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 23:12 - 2015-03-10 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-14 23:12 - 2015-03-10 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 23:12 - 2015-03-10 00:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-14 23:12 - 2015-03-10 00:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 23:12 - 2015-03-10 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 23:12 - 2015-03-10 00:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 23:12 - 2015-03-10 00:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 23:12 - 2015-03-10 00:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 23:12 - 2015-03-10 00:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 23:12 - 2015-03-10 00:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 23:12 - 2015-03-10 00:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 23:12 - 2015-03-10 00:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-14 23:12 - 2015-03-10 00:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-14 23:12 - 2015-03-10 00:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-14 23:12 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 23:12 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-12 22:14 - 2015-04-12 22:14 - 00000000 ____D () C:\Users\Garfield\AppData\Roaming\OpenCandy
2015-04-12 22:14 - 2015-04-12 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2015-04-12 22:14 - 2015-04-12 22:14 - 00000000 ____D () C:\Program Files\CrystalDiskInfo
2015-04-09 21:29 - 2015-04-10 00:46 - 00091787 _____ () C:\Windows\TempCloudAV0409192918_3096.csv
2015-04-07 21:39 - 2015-04-07 21:39 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-04-04 01:37 - 2015-04-07 20:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-04 01:12 - 2015-04-04 01:12 - 00000278 _____ () C:\Windows\TempCloudAV0403231252_3076.csv
2015-04-01 23:26 - 2015-04-01 23:26 - 00000170 _____ () C:\Windows\TempCloudAV0401212607_3064.csv
2015-04-01 23:13 - 2015-04-01 23:13 - 00957248 _____ (DivX, LLC) C:\Users\Nadine\Downloads\DivXInstaller_913.exe
2015-04-01 23:10 - 2015-04-07 20:07 - 00000851 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-01 23:06 - 2015-04-01 23:06 - 00243576 _____ () C:\Users\Nadine\Downloads\Firefox Setup Stub 37.0.exe
2015-03-31 20:29 - 2015-03-31 20:29 - 00000100 _____ () C:\Windows\TempCloudAV0331182931_3076.csv
2015-03-29 14:36 - 2015-03-29 15:11 - 00148265 _____ () C:\Windows\TempCloudAV0329123652_3020.csv
2015-03-24 21:53 - 2015-03-24 21:53 - 00001136 _____ () C:\Users\Nadine\Desktop\Freemake Video Converter.lnk
2015-03-22 19:53 - 2015-03-22 19:53 - 00000000 ____D () C:\Users\Nadine\AppData\Local\Mozilla Firefox
2015-03-22 18:34 - 2015-03-22 18:34 - 00000175 _____ () C:\Windows\TempCloudAV0322163358_3120.csv
2015-03-22 14:37 - 2015-03-22 14:42 - 00222205 _____ () C:\Windows\TempCloudAV0322123726_3436.csv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 00:46 - 2012-07-19 21:14 - 00000000 ____D () C:\Users\Garfield\AppData\Roaming\Skype
2015-04-20 00:46 - 2009-06-27 20:43 - 00000000 ___RD () C:\Program Files\Skype
2015-04-20 00:46 - 2009-06-27 20:43 - 00000000 ____D () C:\ProgramData\Skype
2015-04-20 00:44 - 2014-10-20 01:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfebf1334e9f30.job
2015-04-20 00:44 - 2014-04-06 08:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf515dab198c8b.job
2015-04-20 00:38 - 2008-06-23 17:31 - 01652730 _____ () C:\Windows\WindowsUpdate.log
2015-04-19 23:55 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-19 23:55 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-19 22:06 - 2013-04-21 17:51 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Skype
2015-04-19 18:46 - 2014-04-06 08:01 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf515dab980b5b.job
2015-04-19 18:27 - 2014-10-20 01:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfebf133c66740.job
2015-04-19 18:03 - 2012-08-02 22:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-19 17:55 - 2014-06-04 20:56 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-04-19 17:55 - 2014-03-17 22:10 - 00017408 _____ () C:\Windows\system32\rpcnetp.exe
2015-04-19 17:55 - 2012-08-08 19:53 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2664316595-2851453375-3809740440-1000UA.job
2015-04-19 17:55 - 2009-10-03 14:06 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-04-19 17:55 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-19 02:37 - 2006-11-02 15:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-19 02:33 - 2009-06-27 20:45 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Skype
2015-04-18 23:00 - 2012-08-08 19:53 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2664316595-2851453375-3809740440-1000Core.job
2015-04-18 11:38 - 2014-06-04 20:56 - 00078032 ____N (Absolute Software Corp.) C:\Windows\system32\rpcnet.exe
2015-04-17 21:11 - 2012-08-09 07:10 - 00679902 _____ () C:\Windows\PFRO.log
2015-04-17 01:33 - 2012-07-11 23:08 - 00000949 _____ () C:\Users\Garfield\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-17 01:14 - 2014-07-15 22:05 - 00000000 ____D () C:\Program Files\SearchProtect
2015-04-15 00:22 - 2013-08-15 15:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 00:14 - 2006-11-02 12:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-14 23:54 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-14 23:13 - 2008-03-06 10:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-14 23:11 - 2008-01-21 09:16 - 01543100 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 22:14 - 2012-07-11 23:08 - 00091976 _____ () C:\Users\Garfield\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-09 21:54 - 2008-06-24 22:01 - 00113664 _____ () C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-07 21:40 - 2013-11-13 23:15 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-07 21:38 - 2014-04-16 19:52 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-04-07 21:38 - 2008-03-03 19:27 - 00000000 ____D () C:\Program Files\Java
2015-04-07 20:56 - 2012-04-25 23:40 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-07 20:07 - 2011-05-20 14:13 - 00000863 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-01 23:25 - 2009-12-14 00:39 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2015-04-01 23:23 - 2010-06-12 18:23 - 00000000 ____D () C:\ProgramData\DivX
2015-04-01 23:23 - 2009-12-14 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-04-01 23:23 - 2009-12-14 00:39 - 00000000 ____D () C:\Program Files\DivX
2015-04-01 23:14 - 2014-08-20 21:50 - 00000000 ____D () C:\Users\Garfield\AppData\Local\Adobe
2015-04-01 23:12 - 2012-06-30 22:20 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-01 23:12 - 2011-05-16 21:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-01 21:36 - 2008-06-25 19:18 - 00000000 ____D () C:\Users\Nadine\Documents\Studium
2015-03-29 18:39 - 2008-07-02 22:21 - 00000000 ____D () C:\Users\Nadine\Documents\Sonstiges

==================== Files in the root of some directories =======

2012-08-08 18:46 - 2012-08-08 18:46 - 0783847 _____ () C:\Program Files\MozBackup-1.5.1-de.zip
2010-08-09 13:52 - 2010-08-09 13:52 - 0000016 ____H () C:\Program Files\mxfilerelatedcache.mxc2
2010-05-20 08:20 - 2010-05-25 18:53 - 4098825 _____ (Daniel Luedecke) C:\Program Files\Zettelkasten.exe
2010-08-09 13:52 - 2010-08-09 13:52 - 0000016 ____H () C:\Program Files\Common Files\mxfilerelatedcache.mxc2
2012-07-22 01:25 - 2012-09-09 13:02 - 0006144 _____ () C:\Users\Garfield\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-07-06 20:22 - 2008-07-06 20:22 - 0000016 ____H () C:\ProgramData\mxfilerelatedcache.mxc2

Some content of TEMP:
====================
C:\Users\Garfield\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Garfield\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\Garfield\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Gast\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nadine\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-19 18:07

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Sorry, da ist mir wohl ein Fehler unterlaufen. Hier noch die Addition-Datei:

#FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-04-2015 01
Ran by Garfield at 2015-04-20 00:54:40
Running from C:\Users\Garfield\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Cloud Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Cloud Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Cloud Antivirus Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4Free Video Converter 2 (HKLM\...\{7061301A-0D44-432F-859D-AF705DA2C81F}_is1) (Version:  - 4Free Studio)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen (HKLM\...\Adobe_061850775b1c6d22bf2a145678e05e0) (Version: 1.0 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Media Live Encoder 3.2 (HKLM\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Premiere Pro CS4 (HKLM\...\Adobe_26b63376f4efc354dae41af6b5e3343) (Version: 4 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Ashampoo Burning Studio 2010 Advanced (HKLM\...\Ashampoo Burning Studio 2010 Advanced_is1) (Version: 9.2.4 - ashampoo GmbH & Co. KG)
Avery Zweckform Assistent 3.1 (HKLM\...\InstallShield_{EB7A2041-6A16-4BAC-8079-43B985673C2C}) (Version: 3.1.0.2153 - Avery)
Avery Zweckform Assistent 3.1 (Version: 3.1.0.2153 - Avery) Hidden
Babbel Refresh (HKLM\...\com.babbel.babbelrefresh.3741A3FCE1D3EB805F84223A94DE5A5CFDAA610D.1) (Version: 0.6.17176 - Lesson Nine GmbH)
Babbel Refresh (Version: 0.6.17176 - Lesson Nine GmbH) Hidden
Bibliographix 7 (HKLM\...\Bibliographix 7_is1) (Version:  - Bibliographix GbR)
Bibliographix 8 (HKLM\...\Bibliographix 8_is1) (Version:  - Bibliographix GbR)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.02(T) - TOSHIBA CORPORATION)
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.175.0123 - Chicony Electronics Co.,Ltd.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version:  - )
Canon MP560 series Benutzerregistrierung (HKLM\...\Canon MP560 series Benutzerregistrierung) (Version:  - )
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.00 - TOSHIBA)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.6.0 - Conexant)
CrystalDiskInfo 6.3.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.3.2 - Crystal Dew World)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2664316595-2851453375-3809740440-1002\...\Dropbox) (Version: 2.4.7 - Dropbox, Inc.)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 14.0.0.10960 - Landesfinanzdirektion Thüringen)
ElsterFormular 2008/2009 (HKLM\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.3.2.0 - Steuerverwaltung des Bundes und der Länder)
Facebook Messenger 2.1.4590.0 (HKLM\...\{7BB5E925-A3DD-48C2-9A82-017AF5982FFE}) (Version: 2.1.4590.0 - Facebook)
Facebook Messenger 2.1.4814.0 (HKLM\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Flash Movie Player 1.5 (HKLM\...\Flash Movie Player) (Version: 1.5 - Eolsoft)
Free M4a to MP3 Converter 6.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter version 3.12.13.925 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.13.925 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.5 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Earth (HKLM\...\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}) (Version: 4.0.2737 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Guitar Pro 5.0 (HKLM\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179) (Version:  - )
HDMI Control Manager (HKLM\...\{CBDF64B0-8CAB-45C7-B3B2-4637C9F88769}) (Version: 1.6 - TOSHIBA)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Last.fm 1.5.4.27091 (HKLM\...\LastFM_is1) (Version:  - Last.fm)
MAGIX Digital Foto Maker SE 4.1.0.835 (D) (HKLM\...\MAGIX Digital Foto Maker SE D) (Version: 4.1.0.835 - MAGIX AG)
MAGIX Foto Suite 1.12.0.89 (D) (HKLM\...\MAGIX Foto Suite D) (Version: 1.12.0.89 - MAGIX AG)
MAGIX Online Druck Service 2.3.2.0 (D) (HKLM\...\MAGIX Online Druck Service D) (Version: 2.3.2.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.51.4.3 - Marvell)
Media Go (HKLM\...\{C6AC04F5-5916-4A02-BC36-AF5BC0A3CBD4}) (Version: 1.6.508 - Sony)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 36.0.4 (x86 de) (HKLM\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Firefox 37.0.1 (x86 de) (HKLM\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Müller Foto (HKLM\...\Müller Foto) (Version: 4.8.4 - CEWE COLOR AG u Co. OHG)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
Panda Cloud Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 02.03.00.0000 - Panda Security)
Panda Cloud Antivirus (Version: 6.06.00.0000 - Panda Security) Hidden
Panda Security Toolbar (HKLM\...\pandasecuritytb) (Version: 4.1.0.5 - Panda Security and Visicom Media Inc.)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
pdfsam (HKLM\...\pdfsam) (Version: 2.2.1 - )
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PrimoPDF -- by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5.0.0.19 - Nitro PDF Software)
RAR File Open Knife - Free Opener (HKLM\...\RAR File Open Knife - Free Opener) (Version: 3.30 - Philipp Winterberg)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
simple-fax.de Version 1 (HKLM\...\{7343767F-D225-4EB2-87B8-173451445F45}_is1) (Version: 1 - simple-fax.de)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sony PC Companion 2.10.027 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.027 - Sony)
Sony USB Driver (HKLM\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version:  - )
Steuer-Spar-Erklärung 2011 (HKLM\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.7.0 - Synaptics)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.04 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM\...\{56995235-B76E-44A6-BA17-8FF13D3F907A}) (Version: 7.33 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.1.26 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.1.a - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.20.10 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 1.0.3.32 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}) (Version: 3.00.01.00 - TOSHIBA)
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 1.00.0012 - TOSHIBA)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}) (Version: 3.00.01.00 - TOSHIBA)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.14 - TOSHIBA Corporation)
TRDCReminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0014 - TOSHIBA)
TRDCReminder (Version: 1.00.0014 - TOSHIBA) Hidden
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.1 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 6.7.5 - Shark007)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Media Encoder 9-Reihe (HKLM\...\Windows Media Encoder 9) (Version:  - )
Yahoo Community Smartbar (HKLM\...\{1897D0E7-2AA7-421D-9B12-4B0CBC1AB7C7}) (Version: 1.133.66.11819 - Linkury Inc.) <==== ATTENTION
Zeugnisse und Referenzschreiben (HKLM\...\PI15040_HPR_AuR) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2664316595-2851453375-3809740440-1002_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2664316595-2851453375-3809740440-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garfield\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2664316595-2851453375-3809740440-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garfield\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2664316595-2851453375-3809740440-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garfield\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2664316595-2851453375-3809740440-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garfield\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

24-03-2015 00:05:39 Geplanter Prüfpunkt
24-03-2015 20:41:35 Windows Update
25-03-2015 09:42:49 Geplanter Prüfpunkt
28-03-2015 15:50:34 Windows Update
29-03-2015 18:23:50 Geplanter Prüfpunkt
31-03-2015 20:39:36 Windows Update
04-04-2015 01:27:35 Windows Update
06-04-2015 23:28:07 Geplanter Prüfpunkt
07-04-2015 19:15:32 Windows Update
12-04-2015 04:54:46 Windows Update
14-04-2015 23:00:53 Windows Update
15-04-2015 00:12:40 Windows Update
15-04-2015 21:01:50 Geplanter Prüfpunkt
17-04-2015 02:10:37 Geplanter Prüfpunkt
18-04-2015 12:11:26 Geplanter Prüfpunkt
19-04-2015 18:54:48 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01A05143-B0C2-4905-B575-A36FCD1DAA37} - \GoogleUpdateTaskMachineUA1cf515dab980b5b No Task File <==== ATTENTION
Task: {107D7B29-2396-411B-849E-5B86378A21EE} - \FacebookUpdateTaskUserS-1-5-21-2664316595-2851453375-3809740440-1002UA No Task File <==== ATTENTION
Task: {299EA893-59C9-4D76-B07D-6ECBE9C9E395} - \{6463E9C6-909F-4400-A76A-9FEC76868939} No Task File <==== ATTENTION
Task: {2D1577F7-F53A-48B0-892A-9B225E7F2D53} - \GoogleUpdateTaskMachineCore1cf515dab198c8b No Task File <==== ATTENTION
Task: {3B549B1F-8CAD-423F-AA41-4E23E5F967DA} - \{612301BA-E9B6-4312-8E0E-5AB284FAC163} No Task File <==== ATTENTION
Task: {4E856265-3AC5-4E80-A05A-242574496AA8} - \Start Registry Reviver No Task File <==== ATTENTION
Task: {51EA0905-A6D1-470D-9956-6952EE4A17D4} - \{50152F2D-8907-4B98-AC06-F12526A88EF1} No Task File <==== ATTENTION
Task: {608C2992-80F1-4AA4-936E-B40D694B06CC} - \FacebookUpdateTaskUserS-1-5-21-2664316595-2851453375-3809740440-1000UA No Task File <==== ATTENTION
Task: {6C48739F-BFD7-4B95-88E0-D77EEB6A3FE3} - System32\Tasks\GoogleUpdateTaskMachineCore1cfebf1334e9f30 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {7100ADCE-4B88-4950-BB8A-9710760972E2} - \User_Feed_Synchronization-{AFD538A8-C38F-4FDD-8CFE-E718F690C13F} No Task File <==== ATTENTION
Task: {7C6A8F44-3476-4671-9DC8-5A3E36F99CC6} - \FacebookUpdateTaskUserS-1-5-21-2664316595-2851453375-3809740440-1000Core No Task File <==== ATTENTION
Task: {909705B7-A22D-4BAA-8512-FA66FB8DF579} - System32\Tasks\GoogleUpdateTaskMachineUA1cfebf133c66740 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {9117AA70-A1F1-4695-93BE-BBFAAB6787DD} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Nadine => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {934C9165-8D7C-4674-BA9D-D139B89890EF} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {A7396178-5402-4B11-9BC8-869650779D39} - \{A4398CC7-3700-4296-823E-B483A0C1FFCC} No Task File <==== ATTENTION
Task: {AEBCC427-C9F2-44F1-8ECA-73F51A5F7FAF} - \{8ACEB8AC-AF52-4820-B23D-F2441FE4E4C5} No Task File <==== ATTENTION
Task: {B174CE48-E27A-40C8-924E-DB9F9AE6C58B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B5317334-0310-424F-BEC3-6DED0974CE5C} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {B9A1F851-6864-4097-A969-EFEC2E9F8CEA} - \{78DE5A38-18EC-434A-9E3B-114889FF1627} No Task File <==== ATTENTION
Task: {BDB73AA1-CC4B-44C8-AC96-91948F6C7AA5} - \FacebookUpdateTaskUserS-1-5-21-2664316595-2851453375-3809740440-1002Core No Task File <==== ATTENTION
Task: {C4BD635B-80D2-4582-B05B-AD4335DFB1AE} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {E534E1CF-7E03-4589-AF05-2331ABA5BE1B} - \{7DC96C0E-0AA4-424D-B1CC-41C84AA5CB57} No Task File <==== ATTENTION
Task: {E71EEBBA-F3D4-4B26-BF66-3510F9B86F64} - \Game_Booster_Startup No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2664316595-2851453375-3809740440-1000Core.job => C:\Users\Nadine\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2664316595-2851453375-3809740440-1000UA.job => C:\Users\Nadine\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf515dab198c8b.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfebf1334e9f30.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf515dab980b5b.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfebf133c66740.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2009-10-12 12:19 - 2009-07-31 03:44 - 00176235 _____ () C:\Windows\System32\Primomonnt.dll
2012-12-23 00:05 - 2012-06-21 07:25 - 00094208 _____ () C:\Windows\System32\redmon32.dll
2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2013-04-12 19:23 - 2013-04-12 19:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Cloud Antivirus\SQLite3.dll
2008-03-03 19:15 - 2007-09-13 15:11 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2007-12-14 21:28 - 2007-12-14 21:28 - 04726784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2007-12-14 21:40 - 2007-12-14 21:40 - 00090112 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2008-03-03 20:07 - 2006-10-10 12:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2007-12-25 12:03 - 2007-12-25 12:03 - 00015184 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () c:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 18:55 - 2006-12-01 18:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2008-03-03 20:11 - 2007-12-29 10:06 - 00430080 _____ () C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
2008-06-23 17:32 - 2008-01-22 11:00 - 04624384 _____ () C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
2014-07-21 11:00 - 2014-07-21 11:00 - 03502080 _____ () C:\Program Files\VistaCodecPack\filters\ffdshow.ax

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2664316595-2851453375-3809740440-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Garfield^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe_ID0EYTHM => C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Garfield\AppData\Local\Smartbar\Application\Smartbar.exe startup
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: Desktop SMS => C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Facebook Update => "C:\Users\Garfield\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
MSCONFIG\startupreg: PhonostarTimer => C:\Program Files\phonostar\ps_timer.exe
MSCONFIG\startupreg: Picasa Media Detector => C:\Program Files\Picasa2\PicasaMediaDetector.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Accounts: =============================

Administrator (S-1-5-21-2664316595-2851453375-3809740440-500 - Administrator - Disabled)
Garfield (S-1-5-21-2664316595-2851453375-3809740440-1002 - Administrator - Enabled) => C:\Users\Garfield
Gast (S-1-5-21-2664316595-2851453375-3809740440-501 - Limited - Enabled) => C:\Users\Gast
Nadine (S-1-5-21-2664316595-2851453375-3809740440-1000 - Limited - Enabled) => C:\Users\Nadine

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2015 00:52:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST.exe, Version 19.4.2015.1 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 32d0
Anfangszeit: 01d07af3507b5d4b
Zeitpunkt der Beendigung: 3

Error: (04/20/2015 00:46:37 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GARFIELD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\FONTS\SEGOE-UI-LIGHT-CYRILLIC.EOT> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/20/2015 00:46:37 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GARFIELD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\FONTS\SEGOE-UI-LIGHT-CYRILLIC.EOT> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/20/2015 00:46:37 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GARFIELD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\FONTS\SEGOE-UI-LIGHT-ARABIC.WOFF> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/20/2015 00:46:37 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GARFIELD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\FONTS\SEGOE-UI-LIGHT-ARABIC.WOFF> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/20/2015 00:46:37 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GARFIELD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\FONTS\SEGOE-UI-LIGHT-ARABIC.EOT> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/20/2015 00:46:37 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GARFIELD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\FONTS\SEGOE-UI-LIGHT-ARABIC.EOT> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/20/2015 00:46:36 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GARFIELD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\FONTS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/20/2015 00:46:36 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GARFIELD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\FONTS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/20/2015 00:46:36 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GARFIELD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\CSS\LOGIN.CSS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (04/20/2015 00:44:35 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (04/20/2015 00:37:16 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4F06EC22-F42D-40FD-8714-7CA84C3B1D-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/19/2015 10:16:02 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4F06EC22-F42D-40FD-8714-7CA84C3B1D-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/19/2015 10:15:17 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (04/19/2015 10:15:16 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (04/19/2015 10:13:36 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (04/19/2015 10:13:26 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (04/19/2015 10:06:31 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (04/19/2015 10:05:23 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (04/19/2015 10:05:13 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.


Microsoft Office Sessions:
=========================
Error: (04/02/2012 10:11:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 660 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (04/02/2012 10:00:36 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3973 seconds with 2160 seconds of active time.  This session ended with a crash.

Error: (06/09/2010 01:40:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10897 seconds with 2580 seconds of active time.  This session ended with a crash.

Error: (03/18/2010 06:48:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4099 seconds with 2940 seconds of active time.  This session ended with a crash.

Error: (10/11/2009 03:56:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 48 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/26/2009 06:44:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 2334 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (02/10/2009 11:30:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1457 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (02/10/2009 08:50:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/08/2009 01:21:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/08/2009 01:11:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-04-20 00:53:30.903
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-20 00:53:30.490
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-20 00:53:30.125
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-20 00:53:29.764
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-20 00:53:29.360
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\PSINProt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-20 00:53:28.992
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\PSINProt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-20 00:53:28.597
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\PSINProt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-20 00:53:28.221
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\PSINProt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-20 00:53:27.766
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\PSINProc.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-20 00:53:27.401
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\PSINProc.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 62%
Total physical RAM: 2037.67 MB
Available physical RAM: 758.57 MB
Total Pagefile: 7974.91 MB
Available Pagefile: 6428.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.5 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:117.54 GB) (Free:15.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:113.88 GB) (Free:101.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 6718169A)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=117.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=113.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---

... ich meinte, Fehler unterlaufen in der letzten Ausführung mit frst usw.
Die letzten eingfügten Dateien sind jetzt so ausgeführt, wie du es geschrieben hattest.
Danke.

Alt 20.04.2015, 01:07   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt - Standard

Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt



Adware/Junkware/Toolbars entfernen

1. Schritt: Malwarebytes

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.04.2015, 01:35   #15
Antigone1978
 
Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt - Standard

Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 20.04.2015
Suchlauf-Zeit: 23:45:03
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.20.06
Rootkit Datenbank: v2015.04.20.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Garfield

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 420588
Verstrichene Zeit: 28 Min, 19 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 5
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-2664316595-2851453375-3809740440-1000\SOFTWARE\APPDATALOW\SOFTWARE\DVDVideoSoftTB_DE, In Quarantäne, [d4026e006525d4621577419d758e659b], 
PUP.Optional.PassShow.A, HKU\S-1-5-21-2664316595-2851453375-3809740440-1002\SOFTWARE\APPDATALOW\SOFTWARE\PassShow, In Quarantäne, [12c4ff6f87032a0c5edce0fce61d7e82], 
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-2664316595-2851453375-3809740440-1002\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [bc1a1d512466191dbba15d83c043d828], 
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-2664316595-2851453375-3809740440-1002\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [389e630b6822f4426170d21bd82b15eb], 
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-2664316595-2851453375-3809740440-501\SOFTWARE\APPDATALOW\SOFTWARE\DVDVideoSoftTB_DE, In Quarantäne, [16c0a8c6b8d29c9a474528b6d132916f], 

Registrierungswerte: 3
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-2664316595-2851453375-3809740440-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}, In Quarantäne, [c412fe70583204329f67f34c39cafa06], 
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-2664316595-2851453375-3809740440-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}, ò?¦apos;짲ä¬?֮췢ó?½¬, In Quarantäne, [c412fe70583204329f67f34c39cafa06]
PUP.Optional.PassShow.A, HKU\S-1-5-21-2664316595-2851453375-3809740440-1002\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{BD4ACD0E-3854-3C2A-20FC-BC9B823C8DED}, C:\Program Files\PassShow-soft\171.xpi, In Quarantäne, [eee89ed05a304bebe7bdd31fe1220ef2]

Registrierungsdaten: 2
PUP.Optional.HelperBar.A, HKU\S-1-5-21-2664316595-2851453375-3809740440-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ddecc05a-aa62-2493-af7b-4c1b75834dd2&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=15/08/2013&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ddecc05a-aa62-2493-af7b-4c1b75834dd2&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=15/08/2013&type=hp1000),Ersetzt,[efe7f678f496ba7c99bbe2173ec718e8]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-2664316595-2851453375-3809740440-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ddecc05a-aa62-2493-af7b-4c1b75834dd2&searchtype=hp&fr=linkury-tb&installDate=15/08/2013&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ddecc05a-aa62-2493-af7b-4c1b75834dd2&searchtype=hp&fr=linkury-tb&installDate=15/08/2013&type=hp1000),Ersetzt,[8e485a14e3a7162043112acfb15446ba]

Ordner: 4
PUP.Optional.OpenCandy, C:\Users\Garfield\AppData\Roaming\OpenCandy, In Quarantäne, [d105c7a74c3eb086d665157933d01ae6], 
PUP.Optional.OpenCandy, C:\Users\Garfield\AppData\Roaming\OpenCandy\46AC02F0F0DB4BA39F636FB5480141D6, In Quarantäne, [d105c7a74c3eb086d665157933d01ae6], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main, In Quarantäne, [b91d89e53f4bf640df87f5c126ddfa06], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin, In Quarantäne, [b91d89e53f4bf640df87f5c126ddfa06], 

Dateien: 1
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe, In Quarantäne, [b91d89e53f4bf640df87f5c126ddfa06], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.201 - Bericht erstellt 21/04/2015 um 00:54:51
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-20.1 [Server]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : Garfield - NADINE-NOTEBOOK
# Gestarted von : C:\Users\Garfield\Desktop\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\SearchProtect
Ordner Gelöscht : C:\Users\Garfield\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\Garfield\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
Datei Gelöscht : C:\Users\Garfield\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aipfmkinhleccnodemkoofnnofpbbpac_0.localstorage
Datei Gelöscht : C:\Users\Garfield\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_icmlaeflemplmjndnaapfdbbnpncnbda_0.localstorage
Datei Gelöscht : C:\Users\Garfield\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_icmlaeflemplmjndnaapfdbbnpncnbda_0.localstorage-journal

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\48A0552292E14244E8F3980FD3D01541
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\503398D5204CBDD48A5EE476D0CFCFEC
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5BDF578D2C71DDC4997692F83B0A5C75
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\67909B00FA069BE4E80548738FE558FB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\698B1BCDAEA97B945AE4001A96F1E755
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E6611210321F8640B41F98B10A8BD0A
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ADFBDCA3E069A47B07ECC2CED1E2B2
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9ED6CAB2F119182EB7D8CE7156DC0915
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A3D6A80A87E22324A91C14AEBDF78525
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B2F30BE10C5A9DD43A593262265CA298
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB525538DB364CE4495200ECDA84942C
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5B4758C25396ECF468E04F8E063287FF

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16636


-\\ Mozilla Firefox v37.0.1 (x86 de)


-\\ Google Chrome v42.0.2311.90

[C:\Users\Garfield\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\Garfield\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ddecc05a-aa62-2493-af7b-4c1b75834dd2&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=15/08/2013&type=hp1000
[C:\Users\Garfield\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Extension] : amfclgbdpgndipgoegfpkkgobahigbcl
[C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ddecc05a-aa62-2493-af7b-4c1b75834dd2&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=15/08/2013&type=hp1000
[C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\Nadine\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ddecc05a-aa62-2493-af7b-4c1b75834dd2&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=15/08/2013&type=hp1000

*************************

AdwCleaner[R0].txt - [5246 Bytes] - [21/04/2015 00:39:35]
AdwCleaner[S0].txt - [5126 Bytes] - [21/04/2015 00:54:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5185  Bytes] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.9 (04.19.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Garfield on 21.04.2015 at  1:12:01,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.04.2015 at  1:14:37,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015
Ran by Garfield (administrator) on NADINE-NOTEBOOK on 21-04-2015 01:19:50
Running from C:\Users\Garfield\Desktop
Loaded Profiles: Garfield (Available profiles: Nadine & Garfield & Gast)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_152_ActiveX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-10-25] (Chicony)
HKLM\...\Run: [HDMICtrlMan] => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [716800 2008-01-25] (TOSHIBA Corporation.)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [32736 2013-10-19] (Panda Security, S.L.)
HKLM\...\Run: [Panda Security URL Filtering] => C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [235072 2013-09-26] (Visicom Media Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll [2007-09-13] (Intel Corporation)
HKU\S-1-5-21-2664316595-2851453375-3809740440-1002\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2007-12-29] ()
HKU\S-1-5-21-2664316595-2851453375-3809740440-1002\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2664316595-2851453375-3809740440-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2664316595-2851453375-3809740440-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-15]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-03-03]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-03-03]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garfield\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garfield\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garfield\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garfield\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
BootExecute: autocheck autochk /r \??\C:autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
HKU\S-1-5-21-2664316595-2851453375-3809740440-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2664316595-2851453375-3809740440-1002 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2664316595-2851453375-3809740440-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-07] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-07] (Oracle Corporation)
BHO: No Name -> {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  ->  No File
Toolbar: HKLM - No Name - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax [2009-07-16] ()
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Garfield\AppData\Roaming\Mozilla\Firefox\Profiles\49kpn2gd.default-1428431198362
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-01] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-05] (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll [2010-02-03] ( )
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files\Sony\Media Go\npmediago.dll [2010-09-14] (Sony Media Software and Services Inc)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2664316595-2851453375-3809740440-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll [2013-01-23] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-06]

Chrome: 
=======
CHR Profile: C:\Users\Garfield\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Garfield\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-08-06]
CHR HKLM\...\Chrome\Extension: [fknfdieimobmimhdkfkheeejenmdjhoe] - C:\Program Files\pandasecuritytb\chrome-newtab-search.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
S2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140768 2013-10-03] (Panda Security, S.L.)
S3 npggsvc; C:\Windows\system32\GameMon.des [3453712 2009-12-16] (INCA Internet Co., Ltd.) [File not signed]
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [37344 2013-10-19] (Panda Security, S.L.)
S2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-04-18] (Absolute Software Corp.)
S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation)
R3 CnxtHdAudAddService; C:\Windows\System32\drivers\CHDART.sys [187904 2008-02-01] (Conexant Systems Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-03-28] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [84200 2013-05-29] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [126184 2013-05-29] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [107752 2013-05-29] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [124648 2013-05-29] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95464 2013-05-29] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61672 2013-05-29] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [106344 2013-05-29] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [287336 2013-05-29] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [161384 2013-05-29] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108904 2013-05-29] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [230376 2013-05-29] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [93928 2013-05-29] (Panda Security, S.L.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [145640 2013-10-17] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105704 2013-10-11] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [175848 2013-10-11] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114920 2013-10-11] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [127720 2013-10-11] (Panda Security, S.L.)
S3 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [97512 2013-10-11] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36560 2006-09-27] (Sonic Solutions) [File not signed]
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
S3 sonypvs1; C:\Windows\System32\DRIVERS\sonypvs1.sys [102220 2002-10-15] (Sony Corporation) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-08-15] (Duplex Secure Ltd.)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-21 01:18 - 2015-04-21 01:18 - 01139200 _____ (Farbar) C:\Users\Garfield\Desktop\FRST.exe
2015-04-21 01:14 - 2015-04-21 01:16 - 00001156 _____ () C:\Users\Garfield\Desktop\JRT.txt
2015-04-21 01:12 - 2015-04-21 01:12 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-NADINE-NOTEBOOK-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-04-21 01:12 - 2015-04-21 01:12 - 00000000 ____D () C:\RegBackup
2015-04-21 01:11 - 2015-04-21 01:11 - 02684539 _____ (Thisisu) C:\Users\Garfield\Desktop\JRT.exe
2015-04-21 01:05 - 2015-04-21 01:05 - 00005265 _____ () C:\Users\Garfield\Desktop\AdwCleaner[S0].txt
2015-04-21 00:57 - 2015-04-21 01:19 - 00024064 _____ () C:\Windows\TempCloudAV0420225731_2212.csv
2015-04-21 00:39 - 2015-04-21 00:55 - 00000000 ____D () C:\AdwCleaner
2015-04-21 00:37 - 2015-04-21 00:37 - 02217984 _____ () C:\Users\Garfield\Desktop\AdwCleaner_4.201.exe
2015-04-21 00:30 - 2015-04-21 00:30 - 00004444 _____ () C:\Users\Garfield\Desktop\mbam.txt
2015-04-20 23:06 - 2015-04-21 00:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-20 22:56 - 2015-04-20 22:56 - 00000904 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-20 22:56 - 2015-04-20 22:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-20 22:56 - 2015-04-20 22:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-04-20 22:56 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-20 22:56 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-20 22:56 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-20 22:31 - 2015-04-20 22:32 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Garfield\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-20 22:17 - 2015-04-20 22:27 - 04232305 _____ (Malwarebytes Corporation ) C:\Users\Garfield\Downloads\mbam-setup-2.1.4.1018.exe.knzafxo.partial
2015-04-20 22:16 - 2015-04-20 22:17 - 02879041 _____ (Malwarebytes Corporation ) C:\Users\Garfield\Desktop\mbam-setup-2.1.4.1018.exe.qzoy5ra.partial
2015-04-20 21:48 - 2015-04-21 00:21 - 01406186 _____ () C:\Windows\TempCloudAV0420194818_2860.csv
2015-04-20 00:54 - 2015-04-20 00:56 - 00044296 _____ () C:\Users\Garfield\Desktop\Addition.txt
2015-04-20 00:51 - 2015-04-21 01:19 - 00018316 _____ () C:\Users\Garfield\Desktop\FRST.txt
2015-04-18 23:10 - 2015-04-18 23:10 - 00040427 _____ () C:\Users\Nadine\Desktop\Addition.txt
2015-04-18 23:10 - 2015-04-18 23:10 - 00036061 _____ () C:\Users\Nadine\Desktop\FRST.txt
2015-04-18 23:00 - 2015-04-18 23:00 - 00000108 _____ () C:\Windows\TempCloudAV0418210025_2788.csv
2015-04-18 11:33 - 2015-04-21 01:19 - 00000000 ____D () C:\FRST
2015-04-17 22:32 - 2015-04-17 22:32 - 00000000 _____ () C:\Users\Nadine\Downloads\install_flashplayer17x32ax_gtbd_chrd_dn_aaa_aih_exe.m8fit5e.partial
2015-04-17 22:29 - 2015-04-17 22:29 - 00000000 _____ () C:\Users\Nadine\Downloads\install_flashplayer17x32ax_gtbd_chrd_dn_aaa_aih_exe.t9pn83v.partial
2015-04-17 01:34 - 2015-04-17 01:34 - 00000000 ____D () C:\Users\Garfield\AppData\Local\Skype
2015-04-17 01:14 - 2015-04-17 01:33 - 00315316 _____ () C:\Windows\TempCloudAV0416231303_3052.csv
2015-04-15 19:54 - 2015-04-15 19:54 - 00000170 _____ () C:\Windows\TempCloudAV0415175410_3052.csv
2015-04-15 00:25 - 2015-04-15 04:26 - 00031545 _____ () C:\Windows\TempCloudAV0414222555_2968.csv
2015-04-15 00:22 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 00:05 - 2015-04-15 00:23 - 00328842 _____ () C:\Windows\TempCloudAV0414220538_3048.csv
2015-04-15 00:00 - 2015-04-15 00:00 - 00000694 _____ () C:\Users\Nadine\Desktop\cmd.exe.lnk
2015-04-14 23:13 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 23:12 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 23:12 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-14 23:12 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 23:12 - 2015-03-10 01:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 23:12 - 2015-03-10 01:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 23:12 - 2015-03-10 01:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 23:12 - 2015-03-10 01:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 23:12 - 2015-03-10 00:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 23:12 - 2015-03-10 00:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 23:12 - 2015-03-10 00:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 23:12 - 2015-03-10 00:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 23:12 - 2015-03-10 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-14 23:12 - 2015-03-10 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 23:12 - 2015-03-10 00:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-14 23:12 - 2015-03-10 00:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 23:12 - 2015-03-10 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 23:12 - 2015-03-10 00:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 23:12 - 2015-03-10 00:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 23:12 - 2015-03-10 00:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 23:12 - 2015-03-10 00:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 23:12 - 2015-03-10 00:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 23:12 - 2015-03-10 00:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 23:12 - 2015-03-10 00:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-14 23:12 - 2015-03-10 00:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-14 23:12 - 2015-03-10 00:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-14 23:12 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 23:12 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-12 22:14 - 2015-04-12 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2015-04-12 22:14 - 2015-04-12 22:14 - 00000000 ____D () C:\Program Files\CrystalDiskInfo
2015-04-09 21:29 - 2015-04-10 00:46 - 00091787 _____ () C:\Windows\TempCloudAV0409192918_3096.csv
2015-04-07 21:39 - 2015-04-07 21:39 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-04-04 01:37 - 2015-04-07 20:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-04 01:12 - 2015-04-04 01:12 - 00000278 _____ () C:\Windows\TempCloudAV0403231252_3076.csv
2015-04-01 23:26 - 2015-04-01 23:26 - 00000170 _____ () C:\Windows\TempCloudAV0401212607_3064.csv
2015-04-01 23:13 - 2015-04-01 23:13 - 00957248 _____ (DivX, LLC) C:\Users\Nadine\Downloads\DivXInstaller_913.exe
2015-04-01 23:10 - 2015-04-07 20:07 - 00000851 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-01 23:06 - 2015-04-01 23:06 - 00243576 _____ () C:\Users\Nadine\Downloads\Firefox Setup Stub 37.0.exe
2015-03-31 20:29 - 2015-03-31 20:29 - 00000100 _____ () C:\Windows\TempCloudAV0331182931_3076.csv
2015-03-29 14:36 - 2015-03-29 15:11 - 00148265 _____ () C:\Windows\TempCloudAV0329123652_3020.csv
2015-03-24 21:53 - 2015-03-24 21:53 - 00001136 _____ () C:\Users\Nadine\Desktop\Freemake Video Converter.lnk
2015-03-22 19:53 - 2015-03-22 19:53 - 00000000 ____D () C:\Users\Nadine\AppData\Local\Mozilla Firefox
2015-03-22 18:34 - 2015-03-22 18:34 - 00000175 _____ () C:\Windows\TempCloudAV0322163358_3120.csv
2015-03-22 14:37 - 2015-03-22 14:42 - 00222205 _____ () C:\Windows\TempCloudAV0322123726_3436.csv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-21 01:14 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-21 01:14 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-21 01:03 - 2008-06-23 17:31 - 01700887 _____ () C:\Windows\WindowsUpdate.log
2015-04-21 01:01 - 2012-08-02 22:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-21 00:57 - 2014-10-20 01:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfebf1334e9f30.job
2015-04-21 00:57 - 2014-06-04 20:56 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-04-21 00:57 - 2014-04-06 08:01 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf515dab980b5b.job
2015-04-21 00:57 - 2014-04-06 08:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf515dab198c8b.job
2015-04-21 00:57 - 2014-03-17 22:10 - 00017408 _____ () C:\Windows\system32\rpcnetp.exe
2015-04-21 00:57 - 2012-08-09 07:10 - 00681800 _____ () C:\Windows\PFRO.log
2015-04-21 00:57 - 2009-10-03 14:06 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-04-21 00:57 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-21 00:55 - 2006-11-02 15:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-21 00:26 - 2014-10-20 01:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfebf133c66740.job
2015-04-21 00:23 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Web
2015-04-20 22:58 - 2012-08-08 19:53 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2664316595-2851453375-3809740440-1000UA.job
2015-04-20 22:28 - 2012-07-19 21:14 - 00000000 ____D () C:\Users\Garfield\AppData\Roaming\Skype
2015-04-20 00:46 - 2009-06-27 20:43 - 00000000 ___RD () C:\Program Files\Skype
2015-04-20 00:46 - 2009-06-27 20:43 - 00000000 ____D () C:\ProgramData\Skype
2015-04-19 22:06 - 2013-04-21 17:51 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Skype
2015-04-19 02:33 - 2009-06-27 20:45 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Skype
2015-04-18 23:00 - 2012-08-08 19:53 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2664316595-2851453375-3809740440-1000Core.job
2015-04-18 11:38 - 2014-06-04 20:56 - 00078032 ____N (Absolute Software Corp.) C:\Windows\system32\rpcnet.exe
2015-04-17 01:33 - 2012-07-11 23:08 - 00000949 _____ () C:\Users\Garfield\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-15 00:22 - 2013-08-15 15:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 00:14 - 2006-11-02 12:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-14 23:54 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-14 23:13 - 2008-03-06 10:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-14 23:11 - 2008-01-21 09:16 - 01543100 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 22:14 - 2012-07-11 23:08 - 00091976 _____ () C:\Users\Garfield\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-09 21:54 - 2008-06-24 22:01 - 00113664 _____ () C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-07 21:40 - 2013-11-13 23:15 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-07 21:38 - 2014-04-16 19:52 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-04-07 21:38 - 2008-03-03 19:27 - 00000000 ____D () C:\Program Files\Java
2015-04-07 20:56 - 2012-04-25 23:40 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-07 20:07 - 2011-05-20 14:13 - 00000863 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-01 23:25 - 2009-12-14 00:39 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2015-04-01 23:23 - 2010-06-12 18:23 - 00000000 ____D () C:\ProgramData\DivX
2015-04-01 23:23 - 2009-12-14 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-04-01 23:23 - 2009-12-14 00:39 - 00000000 ____D () C:\Program Files\DivX
2015-04-01 23:14 - 2014-08-20 21:50 - 00000000 ____D () C:\Users\Garfield\AppData\Local\Adobe
2015-04-01 23:12 - 2012-06-30 22:20 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-01 23:12 - 2011-05-16 21:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-01 21:36 - 2008-06-25 19:18 - 00000000 ____D () C:\Users\Nadine\Documents\Studium
2015-03-29 18:39 - 2008-07-02 22:21 - 00000000 ____D () C:\Users\Nadine\Documents\Sonstiges

==================== Files in the root of some directories =======

2012-08-08 18:46 - 2012-08-08 18:46 - 0783847 _____ () C:\Program Files\MozBackup-1.5.1-de.zip
2010-08-09 13:52 - 2010-08-09 13:52 - 0000016 ____H () C:\Program Files\mxfilerelatedcache.mxc2
2010-05-20 08:20 - 2010-05-25 18:53 - 4098825 _____ (Daniel Luedecke) C:\Program Files\Zettelkasten.exe
2010-08-09 13:52 - 2010-08-09 13:52 - 0000016 ____H () C:\Program Files\Common Files\mxfilerelatedcache.mxc2
2012-07-22 01:25 - 2012-09-09 13:02 - 0006144 _____ () C:\Users\Garfield\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-07-06 20:22 - 2008-07-06 20:22 - 0000016 ____H () C:\ProgramData\mxfilerelatedcache.mxc2

Some content of TEMP:
====================
C:\Users\Garfield\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Garfield\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\Garfield\AppData\Local\Temp\Quarantine.exe
C:\Users\Garfield\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Garfield\AppData\Local\Temp\sqlite3.dll
C:\Users\Gast\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nadine\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-21 01:05

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-04-2015
Ran by Garfield at 2015-04-21 01:30:09
Running from C:\Users\Garfield\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Cloud Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Cloud Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Cloud Antivirus Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4Free Video Converter 2 (HKLM\...\{7061301A-0D44-432F-859D-AF705DA2C81F}_is1) (Version:  - 4Free Studio)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen (HKLM\...\Adobe_061850775b1c6d22bf2a145678e05e0) (Version: 1.0 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Media Live Encoder 3.2 (HKLM\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Premiere Pro CS4 (HKLM\...\Adobe_26b63376f4efc354dae41af6b5e3343) (Version: 4 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Ashampoo Burning Studio 2010 Advanced (HKLM\...\Ashampoo Burning Studio 2010 Advanced_is1) (Version: 9.2.4 - ashampoo GmbH & Co. KG)
Avery Zweckform Assistent 3.1 (HKLM\...\InstallShield_{EB7A2041-6A16-4BAC-8079-43B985673C2C}) (Version: 3.1.0.2153 - Avery)
Avery Zweckform Assistent 3.1 (Version: 3.1.0.2153 - Avery) Hidden
Babbel Refresh (HKLM\...\com.babbel.babbelrefresh.3741A3FCE1D3EB805F84223A94DE5A5CFDAA610D.1) (Version: 0.6.17176 - Lesson Nine GmbH)
Babbel Refresh (Version: 0.6.17176 - Lesson Nine GmbH) Hidden
Bibliographix 7 (HKLM\...\Bibliographix 7_is1) (Version:  - Bibliographix GbR)
Bibliographix 8 (HKLM\...\Bibliographix 8_is1) (Version:  - Bibliographix GbR)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.02(T) - TOSHIBA CORPORATION)
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.175.0123 - Chicony Electronics Co.,Ltd.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version:  - )
Canon MP560 series Benutzerregistrierung (HKLM\...\Canon MP560 series Benutzerregistrierung) (Version:  - )
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.00 - TOSHIBA)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.6.0 - Conexant)
CrystalDiskInfo 6.3.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.3.2 - Crystal Dew World)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2664316595-2851453375-3809740440-1002\...\Dropbox) (Version: 2.4.7 - Dropbox, Inc.)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 14.0.0.10960 - Landesfinanzdirektion Thüringen)
ElsterFormular 2008/2009 (HKLM\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.3.2.0 - Steuerverwaltung des Bundes und der Länder)
Facebook Messenger 2.1.4590.0 (HKLM\...\{7BB5E925-A3DD-48C2-9A82-017AF5982FFE}) (Version: 2.1.4590.0 - Facebook)
Facebook Messenger 2.1.4814.0 (HKLM\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Flash Movie Player 1.5 (HKLM\...\Flash Movie Player) (Version: 1.5 - Eolsoft)
Free M4a to MP3 Converter 6.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter version 3.12.13.925 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.13.925 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.5 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Earth (HKLM\...\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}) (Version: 4.0.2737 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Guitar Pro 5.0 (HKLM\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179) (Version:  - )
HDMI Control Manager (HKLM\...\{CBDF64B0-8CAB-45C7-B3B2-4637C9F88769}) (Version: 1.6 - TOSHIBA)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Last.fm 1.5.4.27091 (HKLM\...\LastFM_is1) (Version:  - Last.fm)
MAGIX Digital Foto Maker SE 4.1.0.835 (D) (HKLM\...\MAGIX Digital Foto Maker SE D) (Version: 4.1.0.835 - MAGIX AG)
MAGIX Foto Suite 1.12.0.89 (D) (HKLM\...\MAGIX Foto Suite D) (Version: 1.12.0.89 - MAGIX AG)
MAGIX Online Druck Service 2.3.2.0 (D) (HKLM\...\MAGIX Online Druck Service D) (Version: 2.3.2.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.51.4.3 - Marvell)
Media Go (HKLM\...\{C6AC04F5-5916-4A02-BC36-AF5BC0A3CBD4}) (Version: 1.6.508 - Sony)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 36.0.4 (x86 de) (HKLM\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Firefox 37.0.1 (x86 de) (HKLM\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Müller Foto (HKLM\...\Müller Foto) (Version: 4.8.4 - CEWE COLOR AG u Co. OHG)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
Panda Cloud Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 02.03.00.0000 - Panda Security)
Panda Cloud Antivirus (Version: 6.06.00.0000 - Panda Security) Hidden
Panda Security Toolbar (HKLM\...\pandasecuritytb) (Version: 4.1.0.5 - Panda Security and Visicom Media Inc.)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
pdfsam (HKLM\...\pdfsam) (Version: 2.2.1 - )
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PrimoPDF -- by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5.0.0.19 - Nitro PDF Software)
RAR File Open Knife - Free Opener (HKLM\...\RAR File Open Knife - Free Opener) (Version: 3.30 - Philipp Winterberg)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
simple-fax.de Version 1 (HKLM\...\{7343767F-D225-4EB2-87B8-173451445F45}_is1) (Version: 1 - simple-fax.de)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sony PC Companion 2.10.027 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.027 - Sony)
Sony USB Driver (HKLM\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version:  - )
Steuer-Spar-Erklärung 2011 (HKLM\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.7.0 - Synaptics)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.04 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM\...\{56995235-B76E-44A6-BA17-8FF13D3F907A}) (Version: 7.33 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.1.26 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.1.a - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.20.10 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 1.0.3.32 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}) (Version: 3.00.01.00 - TOSHIBA)
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 1.00.0012 - TOSHIBA)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}) (Version: 3.00.01.00 - TOSHIBA)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.14 - TOSHIBA Corporation)
TRDCReminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0014 - TOSHIBA)
TRDCReminder (Version: 1.00.0014 - TOSHIBA) Hidden
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.1 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 6.7.5 - Shark007)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Media Encoder 9-Reihe (HKLM\...\Windows Media Encoder 9) (Version:  - )
Yahoo Community Smartbar (HKLM\...\{1897D0E7-2AA7-421D-9B12-4B0CBC1AB7C7}) (Version: 1.133.66.11819 - Linkury Inc.) <==== ATTENTION
Zeugnisse und Referenzschreiben (HKLM\...\PI15040_HPR_AuR) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2664316595-2851453375-3809740440-1002_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2664316595-2851453375-3809740440-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garfield\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2664316595-2851453375-3809740440-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garfield\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2664316595-2851453375-3809740440-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garfield\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2664316595-2851453375-3809740440-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garfield\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================
         
So, geschafft. Hoffe, ich habe alles richtig gemacht bei den Schritten.

Geändert von Antigone1978 (21.04.2015 um 01:09 Uhr)

Antwort

Themen zu Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt
aktuelle, angezeigt, beschädigt, deinstallieren, fehlermeldung, firefox, gelaufen, laptop, laufwerk, lesezeichen, lösung, manager, mozilla, neu, nicht mehr, problem, programm, prozess, schei, schonmal, task manager, unbedingt, versucht, überprüfen, öffnet



Ähnliche Themen: Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt


  1. Mozilla Firefox öffnet nach gewisser Zeit immer neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 05.09.2015 (3)
  2. Abgebrochener Download, bin ich nun infiziert?
    Plagegeister aller Art und deren Bekämpfung - 21.06.2014 (1)
  3. Hilfe : Dateien nach Partitionswiederherstellung beschädigt
    Alles rund um Windows - 18.02.2014 (0)
  4. Nach dem ersten Start von Mozilla Firefox laufen zwei bis drei akustische Werbespots - Windows 7, 64bit
    Log-Analyse und Auswertung - 10.02.2014 (9)
  5. DVD-RW Laufwerk funktzuniert nur wen es nach im ist.
    Netzwerk und Hardware - 18.01.2014 (1)
  6. Windows 7: qv06 als Startseite/Tab im Mozilla Firefox (nach download von softonic)
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (9)
  7. Nach Verschlüsselungs-Trojaner Fotos beschädigt
    Plagegeister aller Art und deren Bekämpfung - 28.07.2012 (1)
  8. Nach Trojaner Daten beschädigt?
    Plagegeister aller Art und deren Bekämpfung - 09.06.2012 (5)
  9. (2x) Nach Systemwiederherstellung öffnen sich einige Programme nicht mehr, wie Mozilla Firefox usw.
    Mülltonne - 19.03.2012 (1)
  10. Datenträger C ist beschädigt Firefox spielt keine videos mehr ab !
    Plagegeister aller Art und deren Bekämpfung - 20.12.2011 (1)
  11. Nach Trojaner, Cd Laufwerk weg...
    Plagegeister aller Art und deren Bekämpfung - 09.11.2010 (1)
  12. Mozilla Firefox stürzt andauernd ab entweder beim starten oder nach einer Stunde
    Alles rund um Windows - 28.03.2010 (8)
  13. Mozilla Firefox
    Alles rund um Windows - 17.05.2009 (0)
  14. System beschädigt nach Viren/Trojaner-Befall
    Plagegeister aller Art und deren Bekämpfung - 18.01.2009 (4)
  15. Rechner stürzt nach ca. 10 Minuten mit bluescreen ab, Fehlermeldung ist beschädigt
    Log-Analyse und Auswertung - 26.11.2008 (0)
  16. MP3s nach Trojaner beschädigt
    Plagegeister aller Art und deren Bekämpfung - 18.09.2008 (5)
  17. IE pop-ups mit mozilla firefox
    Log-Analyse und Auswertung - 31.08.2007 (4)

Zum Thema Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt - Hallo, ich habe scheinbar ein Problem mit meinem Laufwerk C und Mozilla Firefox. Da Firefox nicht vernünftig gelaufen war, hatte ich das Programm restaurieren lassen. Da ich dachte, es wäre - Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt...
Archiv
Du betrachtest: Laufwerk C nach abgebrochener Mozilla Firefox Restaurierung beschädigt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.