|
neuer Laptop mit windows8 infiziert mit Trojaner Liebe Leute vom TrojanerBoard Ich bin PC Anfänger und bekam vor kurzem von meiner Familie einen Laptop zum Geburtstag. Wollte hauptsächlich skypen. Nichts Böses ahnend habe ich Freunde an meinen Laptop gelassen. Ich weiß nicht, was die gemacht haben, jedenfalls habe ichnun eine Menge Programme drauf, die ich nicht kenne und nicht weiß was ich damit soll und ausserdem kommen ständig Fehlermeldungen und Warnungen.... Ich bitte Euch mir zu helfen, meinen Laptop wieder sauber zu bekommen und alles Unnötige wieder loszuwerden. Im folgenden die Logfiles: Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.13.03 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16540 Sergej :: BEISPIEL-PC [Administrator] Schutz: Aktiviert 13.07.2013 14:07:59 MBAM-log-2013-07-13 (14-22-29).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 235230 Laufzeit: 6 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 2 C:\Users\Sergej\AppData\Roaming\WebCake\WebCakeDesktop.exe (PUP.WebCake) -> 8084 -> Keine Aktion durchgeführt. C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (PUP.WebCake) -> 2372 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 2 C:\Program Files (x86)\DealPly\DealPlyIE.dll (PUP.DealPly) -> Keine Aktion durchgeführt. C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (PUP.WebCake) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 17 HKCR\CLSID\{a6c63b7f-2171-47fa-ab34-e64c4737169d} (PUP.DealPly) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6C63B7F-2171-47FA-AB34-E64C4737169D} (PUP.DealPly) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6C63B7F-2171-47FA-AB34-E64C4737169D} (PUP.DealPly) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6C63B7F-2171-47FA-AB34-E64C4737169D} (PUP.DealPly) -> Keine Aktion durchgeführt. HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Keine Aktion durchgeführt. HKCR\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8} (PUP.WebCake) -> Keine Aktion durchgeführt. HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4} (PUP.WebCake) -> Keine Aktion durchgeführt. HKCR\WebCakeIEClient.Layers.1 (PUP.WebCake) -> Keine Aktion durchgeführt. HKCR\WebCakeIEClient.Layers (PUP.WebCake) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Keine Aktion durchgeführt. HKCR\WebCakeIEClient.Api (PUP.WebCake) -> Keine Aktion durchgeführt. HKCR\WebCakeIEClient.Api.1 (PUP.WebCake) -> Keine Aktion durchgeführt. HKCR\AppID\WebCakeIEClient.DLL (PUP.WebCake) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh (PUP.WebCake) -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\WebCake Desktop Updater (PUP.WebCake) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WebCake Desktop (PUP.WebCake) -> Daten: "C:\Users\Sergej\AppData\Roaming\WebCake\WebCakeDesktop.exe" -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} (PUP.WebCake) -> Keine Aktion durchgeführt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache (PUP.WebCake) -> Keine Aktion durchgeführt. Infizierte Dateien: 9 C:\Program Files (x86)\DealPly\DealPlyIE.dll (PUP.DealPly) -> Keine Aktion durchgeführt. C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (PUP.WebCake) -> Keine Aktion durchgeführt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico (PUP.WebCake) -> Keine Aktion durchgeführt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat (PUP.WebCake) -> Keine Aktion durchgeführt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe (PUP.WebCake) -> Keine Aktion durchgeführt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll (PUP.WebCake) -> Keine Aktion durchgeführt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll (PUP.WebCake) -> Keine Aktion durchgeführt. C:\Users\Sergej\AppData\Roaming\WebCake\WebCakeDesktop.exe (PUP.WebCake) -> Keine Aktion durchgeführt. C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (PUP.WebCake) -> Keine Aktion durchgeführt. (Ende) defogger_disable by jpshortstuff (23.02.10.1) Log created at 23:59 on 13/07/2013 (Sergej) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21798 IconResource=%SystemRoot%\system32\imageres.dll,-184 OTL logfile created on: 14.07.2013 13:46:58 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sergej\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,88 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 66,73% Memory free 4,57 Gb Paging File | 3,07 Gb Available in Paging File | 67,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287,62 Gb Total Space | 255,93 Gb Free Space | 88,98% Space Free | Partition Type: NTFS Computer Name: BEISPIEL-PC | User Name: Sergej | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.14 00:58:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sergej\Downloads\OTL.exe PRC - [2013.07.13 14:18:47 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.07.11 12:36:22 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2013.07.11 12:36:22 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe PRC - [2013.07.11 12:36:22 | 000,152,240 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe PRC - [2013.05.24 13:13:32 | 006,563,184 | ---- | M] (Systweak) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe PRC - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.07.18 00:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.07.18 00:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2012.06.27 22:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.06.25 20:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.05.22 18:21:28 | 000,222,368 | ---- | M] () -- C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe ========== Modules (No Company Name) ========== MOD - [2013.07.13 14:18:47 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.07.11 12:36:22 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2013.07.11 12:36:22 | 000,521,392 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\log4cplusU.dll MOD - [2013.07.11 12:36:22 | 000,145,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\SiteSafety.dll MOD - [2013.05.24 13:13:32 | 001,730,928 | ---- | M] () -- C:\Program Files (x86)\Advanced System Protector\aspsys.dll MOD - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe MOD - [2013.05.23 11:09:01 | 002,521,040 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll MOD - [2013.02.17 13:05:53 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\9c568999a0acf1b64d580553fe3b11f3\System.Web.Services.ni.dll MOD - [2013.02.17 13:05:42 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fe30f9017b763714b1372d77204cd3d0\System.Transactions.ni.dll MOD - [2013.02.17 13:05:41 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d9b1eab5c18e51eaf4acc4894df0f223\System.ServiceProcess.ni.dll MOD - [2013.02.17 13:05:28 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cf561d65486360afb324d26c80b9aac2\System.Configuration.ni.dll MOD - [2013.02.17 13:05:03 | 000,220,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\38b47b5452863bcadb6b731fe6c5198f\CustomMarshalers.ni.dll MOD - [2013.02.17 00:20:55 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll MOD - [2013.02.13 21:08:29 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2013.02.08 19:55:37 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll MOD - [2013.02.08 19:55:23 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8e9282974a23dfd1c27496da39f39472\System.Management.ni.dll MOD - [2013.02.08 19:55:22 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll MOD - [2013.02.08 19:55:20 | 006,656,512 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\9f2ef3b12133aba6b54bd22d3911109e\System.Data.ni.dll MOD - [2013.02.08 19:55:14 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\fb048f69c5b71baf063604bd1724b078\System.Core.ni.dll MOD - [2013.02.08 19:54:37 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll MOD - [2013.02.08 19:54:30 | 011,494,912 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll MOD - [2012.09.28 23:41:48 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2012.09.28 23:41:48 | 000,212,992 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2012.09.14 00:04:06 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.08.01 18:37:56 | 000,397,312 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll MOD - [2012.07.26 10:23:07 | 002,972,672 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012.07.26 10:23:07 | 000,970,752 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll MOD - [2012.07.26 10:23:07 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2012.07.26 10:23:07 | 000,258,048 | ---- | M] () -- C:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll MOD - [2012.07.26 10:23:07 | 000,069,120 | ---- | M] () -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2012.07.25 12:03:14 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.01.29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.11.06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.09.27 10:22:36 | 000,201,360 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService) SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.08.25 03:33:20 | 000,291,240 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Teco\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2012.07.28 19:20:44 | 000,458,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2012.07.28 00:35:00 | 000,053,384 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2012.04.21 00:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2009.07.28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV - [2013.07.13 14:18:47 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.07.11 12:36:22 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0) SRV - [2013.06.14 00:57:48 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.31 13:19:28 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack) SRV - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.26 11:42:28 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.08.14 15:36:04 | 000,114,656 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.18 00:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.07.18 00:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2012.06.27 22:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.06.25 20:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.05.22 18:21:28 | 000,222,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe -- (Updater Service for AMZN) SRV - [2011.10.14 00:38:46 | 000,156,672 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe -- (GFNEXSrv) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013.03.02 12:57:46 | 000,283,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.01.22 10:52:08 | 000,075,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.12.26 11:42:14 | 005,332,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.08.14 18:39:30 | 000,447,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.08.14 18:39:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2012.08.13 22:31:42 | 001,496,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTWlanE) DRV:64bit: - [2012.08.13 22:31:42 | 001,496,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTL8192Ce) DRV:64bit: - [2012.07.31 22:28:54 | 000,028,632 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Thotkey.sys -- (Thotkey) DRV:64bit: - [2012.07.31 21:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012.07.31 00:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.26 02:34:42 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2012.07.25 01:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2012.07.22 01:59:02 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2012.07.03 01:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.19 07:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.06.18 20:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2012.06.13 18:24:00 | 000,252,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2012.06.02 16:31:47 | 011,400,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNe64.sys -- (NETwNe64) DRV:64bit: - [2011.04.09 00:00:20 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\nuidfltr.sys -- (NuidFltr) DRV - [2009.09.12 00:11:46 | 000,014,344 | ---- | M] (PEGATRON) [Kernel | Auto | Running] -- C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys -- (PEGAGFN) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} IE:64bit: - HKLM\..\SearchScopes\{6AF3F0C9-793F-4EA7-87D1-489A10347C0B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} IE - HKLM\..\SearchScopes\{6AF3F0C9-793F-4EA7-87D1-489A10347C0B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-479101278-746428876-1552860082-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=D4A72016D8651EF8 IE - HKU\S-1-5-21-479101278-746428876-1552860082-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com IE - HKU\S-1-5-21-479101278-746428876-1552860082-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.com/websearch/ref=bit_bds-p12_serp_ie_us_display?ie=UTF8&tagbase=bds-p12&tbrId=v1_abb-channel-12_b6fe384816384c589b20f3d4ab34cb94_39_1006___ie_sp_ IE - HKU\S-1-5-21-479101278-746428876-1552860082-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-479101278-746428876-1552860082-1001\..\SearchScopes,DefaultScope = {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} IE - HKU\S-1-5-21-479101278-746428876-1552860082-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=D4A72016D8651EF8 IE - HKU\S-1-5-21-479101278-746428876-1552860082-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={8369E5AD-47C9-48D8-ADBE-A8FA70627647}&mid=f8e61a49a41247d39dcfa11d94adf757-de3698de8da96a75e80bc71b1f5d9e2440283d80&lang=de&ds=AVG&pr=pr&d=2013-02-08 17:55:14&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-479101278-746428876-1552860082-1001\..\SearchScopes\{B0955698-EEC7-490F-898C-006B307E0BD9}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647&CUI=UN17319400671167384 IE - HKU\S-1-5-21-479101278-746428876-1552860082-1001\..\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}: "URL" = hxxp://www.amazon.com/websearch/ref=bit_bds-p12_serp_ie_us_display?ie=UTF8&tagbase=bds-p12&tbrId=v1_abb-channel-12_b6fe384816384c589b20f3d4ab34cb94_39_1006___ie_ds_&query={searchTerms} IE - HKU\S-1-5-21-479101278-746428876-1552860082-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.6.0.20130418072822 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.09 05:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sergej\AppData\Roaming\mozilla\Extensions [2013.07.11 13:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sergej\AppData\Roaming\mozilla\Firefox\Profiles\xfcgs317.default\extensions [2013.06.10 06:31:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Sergej\AppData\Roaming\mozilla\Firefox\Profiles\xfcgs317.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.07.11 13:01:25 | 000,248,009 | ---- | M] () (No name found) -- C:\Users\Sergej\AppData\Roaming\mozilla\firefox\profiles\xfcgs317.default\extensions\jid0-hjoQNmABq6jg91jHpQyvgJUouUP@jetpack.xpi [2013.06.09 05:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.06.10 06:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.13 14:18:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.06.09 05:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2013.06.09 05:40:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.06.09 05:40:23 | 000,000,000 | ---D | M] (GutscheinCodes.de GutscheinFinder) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\jid0-hjoQNmABq6jg91jHpQyvgJUouUP@jetpack O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O2 - BHO: (AlxHelper Class) - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search) O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Amazon Browser Bar) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-479101278-746428876-1552860082-1001\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SRS Premium Sound HD] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.) O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe () O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe File not found O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [ToshibaDynamicIconUtility] C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba) O4 - HKLM..\Run: [TPUReg] C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe (Pegatron Corporation) O4 - HKLM..\Run: [TPUReg(x86)] "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes File not found O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-21-479101278-746428876-1552860082-1001..\Run: [Hoolapp Android] "C:\Users\Sergej\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found O4 - Startup: C:\Users\Sergej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C8091E1-6928-4A23-8EC8-4AAB4621BB35}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.13 18:42:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.07.13 14:06:37 | 000,000,000 | ---D | C] -- C:\Users\Sergej\AppData\Roaming\Malwarebytes [2013.07.13 14:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.07.13 14:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.13 14:06:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.07.13 14:06:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.07.11 12:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2013.06.19 19:54:48 | 000,000,000 | ---D | C] -- C:\Users\Sergej\SyncFolder ========== Files - Modified Within 30 Days ========== [2013.07.14 13:38:00 | 000,000,318 | ---- | M] () -- C:\windows\tasks\Dealply.job [2013.07.14 13:19:55 | 001,745,416 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.07.14 13:19:55 | 000,753,134 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.07.14 13:19:55 | 000,710,244 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.07.14 13:19:55 | 000,155,826 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.07.14 13:19:55 | 000,132,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.07.14 13:15:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.07.14 13:14:37 | 000,001,426 | ---- | M] () -- C:\Users\Sergej\Desktop\Registry kostenlos entrümpeln!.lnk [2013.07.14 13:13:09 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.07.14 13:13:08 | 3336,331,264 | -HS- | M] () -- C:\hiberfil.sys [2013.07.14 12:57:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.07.13 23:57:58 | 000,000,000 | ---- | M] () -- C:\Users\Sergej\defogger_reenable [2013.07.13 15:02:13 | 000,000,302 | ---- | M] () -- C:\windows\tasks\RegClean Pro_DEFAULT.job [2013.07.13 14:06:34 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013.07.11 12:36:22 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys [2013.06.19 19:54:49 | 000,001,643 | ---- | M] () -- C:\Users\Sergej\Desktop\Sync Folder.lnk ========== Files Created - No Company Name ========== [2013.07.13 23:57:58 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\defogger_reenable [2013.07.13 14:06:34 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013.06.19 19:54:49 | 000,001,643 | ---- | C] () -- C:\Users\Sergej\Desktop\Sync Folder.lnk [2013.06.16 15:01:08 | 000,001,426 | ---- | C] () -- C:\Users\Sergej\Desktop\Registry kostenlos entrümpeln!.lnk [2013.02.08 23:04:17 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll [2012.12.26 11:42:16 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin [2012.12.26 11:42:12 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.11.30 20:39:57 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe [2012.08.06 06:36:22 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2012.07.25 22:22:56 | 000,733,840 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin [2012.07.25 22:22:56 | 000,492,340 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2012.04.20 23:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2013.06.09 05:34:14 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.15 14:05:18 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013.02.15 14:05:18 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2013.02.08 18:55:57 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\AVG2013 [2013.06.09 05:39:04 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\BabSolution [2013.06.09 05:37:49 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\Babylon [2013.06.09 05:38:26 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\Dealply [2013.06.09 05:38:19 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\HoolappForAndroid [2013.02.05 18:34:46 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\sMedio [2013.06.09 05:34:45 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\Systweak [2013.02.05 18:06:54 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\Toshiba [2013.02.08 18:55:21 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\TuneUp Software [2013.04.16 23:12:44 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\uTorrent [2013.07.13 17:05:21 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\WebCake ========== Purity Check ========== < End of report > OTL Extras logfile created on: 14.07.2013 01:51:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sergej\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,88 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 56,70% Memory free 4,57 Gb Paging File | 2,74 Gb Available in Paging File | 60,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287,62 Gb Total Space | 255,61 Gb Free Space | 88,87% Space Free | Partition Type: NTFS Computer Name: BEISPIEL-PC | User Name: Sergej | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak) Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak) Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1EB29181-02C4-41F7-B5BA-F67183B510F9}" = lport=2869 | protocol=6 | dir=in | app=system | "{26A58B8A-702B-4582-A537-343EB145FC6E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2F964D0E-B7F2-498F-A868-49E0355B97B1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3BA68C32-E5C1-4215-99A4-00DCB4A1545B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3D3DA2FD-58D1-4318-B901-A684ECB32444}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{43B25A73-FB72-481E-8036-98A2B80FBA17}" = lport=139 | protocol=6 | dir=in | app=system | "{45415C1C-0FBE-4440-9E2C-7A05A4ABF164}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4C3AEDD9-774D-46FF-8537-E67A6F0BC5E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{53EAB84F-5B3C-4157-86B7-B16D3947509A}" = rport=137 | protocol=17 | dir=out | app=system | "{720B1482-5C30-4473-AFDD-DAFEED616CC9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7CEA4838-77E9-400E-A546-24C1196DD83C}" = rport=445 | protocol=6 | dir=out | app=system | "{85CBED3C-E3EE-4A0C-971F-3677F4B16958}" = rport=139 | protocol=6 | dir=out | app=system | "{87BD7EA0-831A-4380-9BED-F61493DCE1F8}" = lport=137 | protocol=17 | dir=in | app=system | "{9356B3FC-89AF-4BD8-A35A-F8F28BD8489E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{94E98A23-EB7B-4262-AA86-EA62D2681077}" = rport=10243 | protocol=6 | dir=out | app=system | "{A097BCC4-FCDD-44D8-AB4F-3D6412620F91}" = lport=10243 | protocol=6 | dir=in | app=system | "{A5737847-2F9A-4515-9164-523774F6B3A1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B7099463-85CA-493A-BDF6-340FF6E203ED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CC9F86B6-5C58-4621-8F7B-612409C3187C}" = rport=138 | protocol=17 | dir=out | app=system | "{D92BBB4B-E5AC-4305-B889-07751701C5F6}" = lport=445 | protocol=6 | dir=in | app=system | "{EB0ADD69-5054-4AF4-8281-A3926F7735D1}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{026E6B26-6170-4BA5-99C1-95E0AC60B321}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{06DF2791-47E1-4B2E-9444-04B4F80CA595}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{08556F04-EC11-40B1-AC5E-C6F4F19E2F53}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{09CF5D0B-39CD-4FCF-941D-3C3E316DEBC2}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{0E5A3B5F-041D-41CB-B8D7-522D572320F8}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{1366829B-E9A5-4238-BB8F-469C8BC6F5E4}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{1A539C39-524D-4DFE-9F71-6A98548D10B0}" = dir=out | name=skitch | "{1F86915F-9C82-43C3-9094-8B2089879F22}" = protocol=6 | dir=out | app=system | "{22D24A35-00F8-4DDC-A717-B7B23556D79A}" = dir=out | name=toshiba places | "{262871BE-D61E-4937-9C0B-D867B6DCBDBE}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{28EE584B-B325-4AD1-9A55-30A77AC42CED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2C28C349-F563-463A-8545-7C0D20A3B95E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{2ECF870A-2C8A-4BC2-8B2A-A6FAEE4F38E4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{31CCCB35-903B-45BD-B88F-B2A2AE205052}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{34AA01C9-0636-435C-92EA-01C65E9F255E}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{36624B97-B31D-4AF0-AA4C-F23CE3440D12}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe | "{36D8C785-5118-4354-BAFF-BDD59FD20AB4}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{4832272D-71E5-454B-A9CE-2E96A659D233}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{53B9BC36-A71C-49E6-97CE-84A279CF0B11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{550BAE16-FB19-4670-BEED-5DBC1904D787}" = dir=out | name=windows_ie_ac_001 | "{565AE877-DEF0-42F2-8CF4-7A3DCA7E222E}" = dir=in | name=toshiba media player by smedio truelink+ | "{596C81D4-9D6D-4CE1-9FC7-B4E715585CEB}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{5E494BBA-7F84-45C8-AB83-208B3621213C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{62D21028-0F9C-470F-87EC-CF7670F67D60}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{63BFAE2A-17DC-428A-A4A1-C7488D59FD7F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{66A761B5-6D46-4AAC-A0AC-078528591070}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{682F5CE3-F4CA-43A5-A9BA-894338C77FCD}" = dir=out | name=amazon for windows | "{68F3AECF-5E02-4A20-A32B-189E4B345481}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{6DC2CE93-6385-4A8C-AA9E-7EDFDE4F3A76}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{718F6051-DDEB-4F81-9945-81D061DB2235}" = dir=in | name=amazon for windows | "{7C41C974-5B13-4930-822A-A7AA8E353A57}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{7DC994F4-CA0D-4122-A98B-EBB1A537408A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7E78878B-9814-431C-BAE5-D5BF44E811F3}" = protocol=17 | dir=in | app=c:\users\sergej\appdata\roaming\utorrent\utorrent.exe | "{7F4C10F4-4A95-44C9-B201-933EEB5A2571}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{86B43163-5005-4D1A-BB0C-F9B25571042C}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{8D115207-0356-4F3D-91EA-117384346295}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{8DCCE572-253E-4093-B683-00FD1D272BED}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{8EC4EAD8-9E57-4DF2-AF89-84826FA69196}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{96A48C17-E79C-4CCB-91CF-BCE6EBE13625}" = dir=out | name=evernote | "{9BD9F9AF-D1D5-4094-BBC3-2DAFFB3A1D9E}" = dir=out | name=microsoft solitaire collection | "{A5286AD1-946D-4A66-896C-66C423B72AF6}" = protocol=6 | dir=in | app=c:\users\sergej\appdata\roaming\utorrent\utorrent.exe | "{AA6B1443-B465-45AA-823E-21161381C0EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AC630C85-5C3B-4E4D-8C73-36011FFC82E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B1F09020-642F-48ED-90EF-B17D000F2864}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe | "{B6D740C6-C25F-4255-9DB3-26CE9E1ADEAD}" = dir=in | name=evernote | "{B72BEB75-65ED-4485-9CD4-C9B86C523F20}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B775AC22-81EE-488B-B714-040BD5C0EA28}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C6D601C4-CD61-4800-BAB4-A13D31BDD528}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{C7029AA2-E558-464A-BB06-D4D0DC0AC050}" = dir=out | name=fresh paint | "{C9F00AF6-E6E7-428D-A1BE-B3A18EEA95AC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CC739E65-46A4-4DDD-A116-E4648CFC0C91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CD98F524-5574-4C3D-8C42-1A0F0AE619D5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D016E3E9-0C83-4B14-A1AD-46041EBCD792}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{DD9C86CD-B7C1-4521-A05B-D3A3468C56CB}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{DF02CE99-04D5-4CFD-B9FA-42E144B110E8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E30D6A36-9A85-4092-BD02-AEA8F58D8E64}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{E850725C-7FB4-457D-A37B-D8932EA26C62}" = dir=out | name=toshiba media player by smedio truelink+ | "{EAFE3D3E-83BF-446F-B29E-DABC9AFDBEF4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F6DE5E62-6E92-4144-A78E-6FCD399813BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FCFD9942-144B-44BD-9D3B-9B9D6CA812E1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FFBB8209-C359-443A-B41E-1275FB755F15}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{16562A90-71BC-41A0-B890-D91B0C267120}" = TOSHIBA Function Key "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{5944B9D4-3C2A-48DE-931E-26B31714A2F7}" = TOSHIBA eco Utility "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{94F03B8E-CB73-4653-AFE9-79112C01FED2}" = Premium Sound HD "{95CCACF0-010D-45F0-82BF-858643D8BC02}" = TOSHIBA Desktop Assist "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor "{B8C8422F-01F1-4791-B084-047AAFF9BFCC}" = TOSHIBA Service Station "{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00 "{C991A8C4-307C-4FDD-8AAE-A1BF44881E95}" = Toshiba Places Icon Utility "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client "{FF07604E-C860-40E9-A230-E37FA41F103A}" = TOSHIBA VIDEO PLAYER "Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center "MyPC Backup" = MyPC Backup "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0071820F-09B0-4998-8320-F89629DCBC99}" = Nero BackItUp "{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media "{05A55927-DB9B-4E26-BA44-828EBFF829F0}" = TOSHIBA System Settings "{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM) "{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM) "{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher "{1001266B-D4BB-46D9-B023-2612A8CE3A31}" = Nero BurnRights "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender "{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.1 "{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic "{1E6A96A1-2BAB-43EF-8087-30437593C66C}" = TOSHIBA System Driver "{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM) "{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM) "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player "{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}" = Toshiba Password Utility "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games) "{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience) "{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89505A66-35F0-4401-B3AD-D077051F8698}" = Qtrax Player "{8E7EABFA-BF37-4824-B792-4220C9E04233}" = Nero BurnRights Help (CHM) "{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007 "{90120000-001B-0000-0000-0000000FF1CE}_WORD_{DC634275-88D7-4D22-AD26-F2938A2DE3A1}" = "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = TOSHIBA Manuals "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver "{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player "{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent "{BA8958DC-ADD7-41E5-8436-5883C7E871C7}" = Nero 12 Essentials Toshiba "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components "{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM) "{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM) "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F76F5214-83A8-4030-80C9-1EF57391D72A}" = Toshiba TEMPRO "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package "00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon Browser Bar" = Amazon Browser Bar "AVG Secure Search" = AVG Security Toolbar "DealPly" = DealPly (remove only) "delta" = Delta toolbar "Delta Chrome Toolbar" = Delta Chrome Toolbar "InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}" = Toshiba Password Utility "Intel AppUp(SM) center 33268" = Intel AppUp(SM) center "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "RegClean Pro_is1" = RegClean Pro "uTorrent" = µTorrent "uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar "VLC media player" = VLC media player 2.0.5 "WildTangent toshiba Master Uninstall" = WildTangent Games "WinRAR archiver" = WinRAR 4.20 (32-Bit) "WORD" = Microsoft Office Word 2007 "WTA-3ae14f2c-48d4-48e3-85b4-be0b25a4f51f" = Bejeweled 3 "WTA-4ec09505-a014-445d-b315-db39fe179380" = Magic Academy "WTA-54a02dc0-6152-478c-9b7c-baed4dcd2fd6" = Peggle Nights "WTA-64ac0b84-c4b3-43bd-acda-d3283bc07ca5" = Chuzzle Deluxe "WTA-88409b28-08b0-42a0-ac16-1d6ceadc8363" = Polar Bowler "WTA-88da5b44-4bf8-4b76-a5f6-b68ff2c8f0d7" = Empress of the Deep - The Darkest Secret "WTA-8b2ce66a-e478-4f4e-84ff-702e850ab91d" = Island Tribe "WTA-e6417452-df21-4c82-ad53-aedb30704fc5" = Jewel Quest Solitaire 2 "WTA-f6f58a30-7bba-4ff2-9830-7813a35563c8" = Aloha TriPeaks "WTA-fbf8362f-4e0f-406a-b673-3c1d2907d6ac" = Virtual Villagers 4 - The Tree of Life "WTA-fedca21a-905d-40cc-a1b4-5dd20c42842f" = Plants vs. Zombies - Game of the Year ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "2895333232.portal.qtrax.com" = Qtrax Player "Dealply" = Dealply "Hoolapp For Android" = Hoolapp For Android ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 14.06.2013 14:26:12 | Computer Name = Beispiel-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000e7aa2 ID des fehlerhaften Prozesses: 0x120c Startzeit der fehlerhaften Anwendung: 0x01ce692ca2a4c9e0 Pfad der fehlerhaften Anwendung: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Pfad des fehlerhaften Moduls: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Berichtskennung: e39aff94-d51f-11e2-be8c-7054d2491ea4 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 14.06.2013 15:35:11 | Computer Name = Beispiel-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 17.06.2013 16:21:01 | Computer Name = Beispiel-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 18.06.2013 05:05:54 | Computer Name = Beispiel-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000e7aa2 ID des fehlerhaften Prozesses: 0x3058 Startzeit der fehlerhaften Anwendung: 0x01ce6c0308258e77 Pfad der fehlerhaften Anwendung: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Pfad des fehlerhaften Moduls: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Berichtskennung: 47aef73b-d7f6-11e2-be8c-7054d2491ea4 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 18.06.2013 07:15:34 | Computer Name = Beispiel-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000096 Fehleroffset: 0x000e7b63 ID des fehlerhaften Prozesses: 0x1258 Startzeit der fehlerhaften Anwendung: 0x01ce6c1526090b03 Pfad der fehlerhaften Anwendung: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Pfad des fehlerhaften Moduls: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Berichtskennung: 64cc8da1-d808-11e2-be8d-7054d2491ea4 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 18.06.2013 07:15:34 | Computer Name = Beispiel-PC | Source = Application Error | ID = 1005 Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder der Datenträger fehlt. Das Programm Hoolapp.exe wurde wegen dieses Fehlers geschlossen. Programm: Hoolapp.exe Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1. Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE. 4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche Daten Fehlerwert: 00000000 Datenträgertyp: 0 Error - 19.06.2013 13:51:33 | Computer Name = Beispiel-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000096 Fehleroffset: 0x000e7b63 ID des fehlerhaften Prozesses: 0x9d0 Startzeit der fehlerhaften Anwendung: 0x01ce6d15a1b52c68 Pfad der fehlerhaften Anwendung: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Pfad des fehlerhaften Moduls: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Berichtskennung: e0a5fc4f-d908-11e2-be8d-7054d2491ea4 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 19.06.2013 13:51:33 | Computer Name = Beispiel-PC | Source = Application Error | ID = 1005 Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder der Datenträger fehlt. Das Programm Hoolapp.exe wurde wegen dieses Fehlers geschlossen. Programm: Hoolapp.exe Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1. Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE. 4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche Daten Fehlerwert: 00000000 Datenträgertyp: 0 Error - 19.06.2013 14:20:08 | Computer Name = Beispiel-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000e7ad8 ID des fehlerhaften Prozesses: 0x12c0 Startzeit der fehlerhaften Anwendung: 0x01ce6d19a0256699 Pfad der fehlerhaften Anwendung: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Pfad des fehlerhaften Moduls: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Berichtskennung: dea888b5-d90c-11e2-be8e-7054d2491ea4 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 21.06.2013 15:09:17 | Computer Name = Beispiel-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000e7ad8 ID des fehlerhaften Prozesses: 0x1be0 Startzeit der fehlerhaften Anwendung: 0x01ce6eb2d1423b24 Pfad der fehlerhaften Anwendung: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Pfad des fehlerhaften Moduls: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Berichtskennung: 1123db87-daa6-11e2-be8e-7054d2491ea4 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: [ System Events ] Error - 10.06.2013 00:29:22 | Computer Name = Beispiel-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 14.06.2013 14:24:25 | Computer Name = Beispiel-PC | Source = Service Control Manager | ID = 7043 Description = Der Dienst AVGIDSAgent konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error - 14.06.2013 14:25:23 | Computer Name = Beispiel-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 14.06.2013 14:25:23 | Computer Name = Beispiel-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 18.06.2013 07:14:55 | Computer Name = Beispiel-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 18.06.2013 07:14:55 | Computer Name = Beispiel-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 19.06.2013 13:54:50 | Computer Name = Beispiel-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Computer Backup (MyPC Backup)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 19.06.2013 14:18:41 | Computer Name = Beispiel-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 19.06.2013 14:19:36 | Computer Name = Beispiel-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 19.06.2013 14:19:39 | Computer Name = Beispiel-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 < End of report > Gmer funktioniert nicht. Erscheint transparent nach dem öffnen und sofort ist die Maus verschwunden und das Ladezeichen bleibt starr und nichts mehr reagiert - nur ausschalten und neu starten..... Ich hoffe, ich habe soweit alles richtig gemacht und dass Ihr mir helfen könnt. Liebe Grüße und Danke im Vorraus Doma |
hi, Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
|
Hi - geklappt: FRST Logfile: FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013--- --- --- Danke Dir für Deine Bemühung.... :daumenhoc |
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte. |
Hallo Schrauber hier die logfiles, die du "bestellt" hast. Die adware cleaner logfile habe ich zweimal erstellt. zu allererst und dann nochmal nach dem JRT. Ich habe allerdings die logfile vom ersten Mal nicht mehr gefunden und somit nochmal eins gemacht. Denke es ist ok?! Code: # AdwCleaner v2.305 - Datei am 16/07/2013 um 13:29:39 erstelltCode: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Code: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-07-2013 02FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-07-2013 02Lieben Gruß und vielen Dank für deine Hilfe und deine gute Anleitung..... ;) |
Deinstalliere alles was du nicht brauchst und nicht kennst. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? |
Code: ESETSmartInstaller@High as downloader log:Code: Results of screen317's Security Check version 0.99.69 Ran by Sergej (administrator) on 16-07-2013 21:02:16 Running from C:\Users\Sergej\Downloads Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\windows\system32\WLANExt.exe () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Microsoft Corporation) C:\windows\system32\dashost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe () C:\Users\Sergej\Downloads\SecurityCheck.exe (Microsoft Corporation) C:\windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe (Farbar) C:\Users\Sergej\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] - [x] HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13196432 2012-09-27] (Realtek Semiconductor) HKLM\...\Run: [TCrdMain] - %ProgramFiles%\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] () HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation) HKLM\...\Run: [SRS Premium Sound HD] - "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h [223245 2012-07-27] () HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [x] HKCU\...\Run: [Hoolapp Android] - "C:\Users\Sergej\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized [1209392 2013-01-18] () HKLM-x32\...\Run: [Intel AppUp(SM) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-08-02] (Intel Corporation) HKLM-x32\...\Run: [ToshibaDynamicIconUtility] - "C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe" [1498624 2012-08-09] (Toshiba) HKLM-x32\...\Run: [TPUReg(x86)] - "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes [x] HKLM-x32\...\Run: [TPUReg] - "C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe" /Retimes [6884352 2012-08-23] (Pegatron Corporation) HKLM-x32\...\Run: [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.) AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll [4408368 2013-04-29] () Startup: C:\Users\Sergej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com HKCU SearchScopes: DefaultScope {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} URL = SearchScopes: HKCU - {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} URL = Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Sergej\AppData\Roaming\Mozilla\Firefox\Profiles\xfcgs317.default FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Extension: Yahoo! Toolbar - C:\Users\Sergej\AppData\Roaming\Mozilla\Firefox\Profiles\xfcgs317.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK Chrome: ======= CHR Extension: (DealPly Shopping ) - C:\Users\Sergej\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci\3.5.0.0_0 ==================== Services (Whitelisted) ================= S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.) R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-05-31] (Just Develop It) R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-14] () R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-09-27] (Realtek Semiconductor) S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH) R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-11] (AVG Secure Search) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\system32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-06-27] (AVG Technologies CZ, s.r.o.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation) R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-12] (PEGATRON) S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation ) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-16 20:46 - 2013-07-16 20:46 - 00891022 _____ C:\Users\Sergej\Downloads\SecurityCheck.exe 2013-07-16 16:09 - 2013-07-16 16:09 - 00000000 ____D C:\Program Files (x86)\ESET 2013-07-16 15:44 - 2013-07-16 15:44 - 02347384 _____ (ESET) C:\Users\Sergej\Downloads\esetsmartinstaller_enu.exe 2013-07-16 13:40 - 2013-07-16 13:40 - 00026111 _____ C:\Users\Sergej\Downloads\Addition.txt 2013-07-16 13:38 - 2013-07-16 13:38 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (2).exe 2013-07-16 13:37 - 2013-07-16 13:37 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (1).exe 2013-07-16 13:29 - 2013-07-16 13:31 - 00001040 _____ C:\AdwCleaner[S2].txt 2013-07-16 13:14 - 2013-07-16 13:14 - 00002880 _____ C:\Users\Sergej\Desktop\JRT.txt 2013-07-16 13:10 - 2013-07-16 13:10 - 00000000 ____D C:\windows\ERUNT 2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511.exe 2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511(1).exe 2013-07-16 00:03 - 2013-07-16 00:03 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT.exe 2013-07-15 20:49 - 2013-07-15 20:50 - 00025313 _____ C:\AdwCleaner[S1].txt 2013-07-15 20:38 - 2013-07-15 20:38 - 00662345 _____ C:\Users\Sergej\Downloads\adwcleaner.exe 2013-07-14 16:38 - 2013-07-14 16:38 - 00000000 ____D C:\FRST 2013-07-14 16:37 - 2013-07-14 16:37 - 01777839 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64.exe 2013-07-14 16:22 - 2013-07-14 16:22 - 01218214 _____ (Farbar) C:\Users\Sergej\Downloads\FRST.exe 2013-07-14 16:10 - 2013-07-14 16:11 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(2).exe 2013-07-14 15:53 - 2013-07-14 15:53 - 00000983 _____ C:\Users\Public\Desktop\AVG 2013.lnk 2013-07-14 15:52 - 2013-07-14 15:53 - 00003716 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml 2013-07-14 15:51 - 2013-07-14 15:51 - 00000000 ____D C:\Program Files (x86)\AVG 2013-07-14 15:47 - 2013-07-14 15:49 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(1).exe 2013-07-14 13:13 - 2013-07-14 13:13 - 00003436 _____ C:\windows\System32\Tasks\BrowserDefendert 2013-07-14 13:08 - 2013-07-14 13:08 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163(1).exe 2013-07-14 02:31 - 2013-07-14 02:31 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163.exe 2013-07-14 01:10 - 2013-07-14 01:53 - 00074566 _____ C:\Users\Sergej\Downloads\Extras.Txt 2013-07-14 01:09 - 2013-07-14 13:52 - 00110344 _____ C:\Users\Sergej\Downloads\OTL.Txt 2013-07-14 00:58 - 2013-07-14 00:58 - 00602112 _____ (OldTimer Tools) C:\Users\Sergej\Downloads\OTL.exe 2013-07-13 23:57 - 2013-07-13 23:59 - 00000474 _____ C:\Users\Sergej\Downloads\defogger_disable.log 2013-07-13 23:57 - 2013-07-13 23:57 - 00000000 _____ C:\Users\Sergej\defogger_reenable 2013-07-13 23:54 - 2013-07-13 23:54 - 00050477 _____ C:\Users\Sergej\Downloads\Defogger.exe 2013-07-13 18:47 - 2013-07-13 18:48 - 104943936 _____ C:\Users\Sergej\Downloads\avira3737_free_antivirus_de.exe 2013-07-13 18:35 - 2013-07-13 18:37 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461.exe 2013-07-13 14:06 - 2013-07-13 14:06 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\Malwarebytes 2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-13 14:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2013-07-13 13:49 - 2013-07-13 13:49 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sergej\Downloads\mbam-setup-1.75.0.1300.exe 2013-06-27 00:46 - 2013-06-27 00:46 - 00248632 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgwfpa.sys 2013-06-19 19:55 - 2013-06-19 19:55 - 00004034 _____ C:\windows\System32\Tasks\LaunchApp 2013-06-19 19:54 - 2013-06-19 19:54 - 00001643 _____ C:\Users\Sergej\Desktop\Sync Folder.lnk 2013-06-19 19:54 - 2013-06-19 19:54 - 00000000 ____D C:\Users\Sergej\SyncFolder 2013-06-16 15:01 - 2013-07-14 15:01 - 00001426 _____ C:\Users\Sergej\Desktop\Registry kostenlos entrümpeln!.lnk ==================== One Month Modified Files and Folders ======= 2013-07-16 21:00 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru 2013-07-16 20:57 - 2013-06-09 06:03 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-07-16 20:46 - 2013-07-16 20:46 - 00891022 _____ C:\Users\Sergej\Downloads\SecurityCheck.exe 2013-07-16 16:09 - 2013-07-16 16:09 - 00000000 ____D C:\Program Files (x86)\ESET 2013-07-16 15:44 - 2013-07-16 15:44 - 02347384 _____ (ESET) C:\Users\Sergej\Downloads\esetsmartinstaller_enu.exe 2013-07-16 13:44 - 2013-02-05 18:11 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-479101278-746428876-1552860082-1001 2013-07-16 13:40 - 2013-07-16 13:40 - 00026111 _____ C:\Users\Sergej\Downloads\Addition.txt 2013-07-16 13:39 - 2012-08-01 18:38 - 00753134 _____ C:\windows\system32\perfh007.dat 2013-07-16 13:39 - 2012-08-01 18:38 - 00155826 _____ C:\windows\system32\perfc007.dat 2013-07-16 13:39 - 2012-07-26 09:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI 2013-07-16 13:38 - 2013-07-16 13:38 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (2).exe 2013-07-16 13:37 - 2013-07-16 13:37 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (1).exe 2013-07-16 13:32 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-07-16 13:31 - 2013-07-16 13:29 - 00001040 _____ C:\AdwCleaner[S2].txt 2013-07-16 13:31 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI 2013-07-16 13:14 - 2013-07-16 13:14 - 00002880 _____ C:\Users\Sergej\Desktop\JRT.txt 2013-07-16 13:12 - 2013-02-08 18:50 - 00000000 ____D C:\ProgramData\MFAData 2013-07-16 13:10 - 2013-07-16 13:10 - 00000000 ____D C:\windows\ERUNT 2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511.exe 2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511(1).exe 2013-07-16 00:03 - 2013-07-16 00:03 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT.exe 2013-07-15 20:50 - 2013-07-15 20:49 - 00025313 _____ C:\AdwCleaner[S1].txt 2013-07-15 20:38 - 2013-07-15 20:38 - 00662345 _____ C:\Users\Sergej\Downloads\adwcleaner.exe 2013-07-14 16:38 - 2013-07-14 16:38 - 00000000 ____D C:\FRST 2013-07-14 16:37 - 2013-07-14 16:37 - 01777839 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64.exe 2013-07-14 16:22 - 2013-07-14 16:22 - 01218214 _____ (Farbar) C:\Users\Sergej\Downloads\FRST.exe 2013-07-14 16:11 - 2013-07-14 16:10 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(2).exe 2013-07-14 15:53 - 2013-07-14 15:53 - 00000983 _____ C:\Users\Public\Desktop\AVG 2013.lnk 2013-07-14 15:53 - 2013-07-14 15:52 - 00003716 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml 2013-07-14 15:53 - 2013-02-08 18:54 - 00000000 ____D C:\ProgramData\AVG2013 2013-07-14 15:53 - 2013-02-08 18:50 - 00000000 ____D C:\Users\Sergej\AppData\Local\Avg2013 2013-07-14 15:52 - 2013-02-08 18:54 - 00000000 ___HD C:\$AVG 2013-07-14 15:52 - 2012-07-26 10:12 - 00000000 ___HD C:\windows\ELAMBKUP 2013-07-14 15:51 - 2013-07-14 15:51 - 00000000 ____D C:\Program Files (x86)\AVG 2013-07-14 15:49 - 2013-07-14 15:47 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(1).exe 2013-07-14 15:01 - 2013-06-16 15:01 - 00001426 _____ C:\Users\Sergej\Desktop\Registry kostenlos entrümpeln!.lnk 2013-07-14 15:01 - 2013-06-09 05:32 - 00003108 _____ C:\windows\System32\Tasks\RegClean Pro 2013-07-14 13:52 - 2013-07-14 01:09 - 00110344 _____ C:\Users\Sergej\Downloads\OTL.Txt 2013-07-14 13:14 - 2013-06-09 05:35 - 00003120 _____ C:\windows\System32\Tasks\Advanced System Protector_startup 2013-07-14 13:13 - 2013-07-14 13:13 - 00003436 _____ C:\windows\System32\Tasks\BrowserDefendert 2013-07-14 13:08 - 2013-07-14 13:08 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163(1).exe 2013-07-14 02:31 - 2013-07-14 02:31 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163.exe 2013-07-14 01:53 - 2013-07-14 01:10 - 00074566 _____ C:\Users\Sergej\Downloads\Extras.Txt 2013-07-14 00:58 - 2013-07-14 00:58 - 00602112 _____ (OldTimer Tools) C:\Users\Sergej\Downloads\OTL.exe 2013-07-14 00:04 - 2012-09-11 07:42 - 00016426 _____ C:\windows\PFRO.log 2013-07-13 23:59 - 2013-07-13 23:57 - 00000474 _____ C:\Users\Sergej\Downloads\defogger_disable.log 2013-07-13 23:57 - 2013-07-13 23:57 - 00000000 _____ C:\Users\Sergej\defogger_reenable 2013-07-13 23:57 - 2013-02-05 18:03 - 00000000 ____D C:\Users\Sergej 2013-07-13 23:54 - 2013-07-13 23:54 - 00050477 _____ C:\Users\Sergej\Downloads\Defogger.exe 2013-07-13 18:48 - 2013-07-13 18:47 - 104943936 _____ C:\Users\Sergej\Downloads\avira3737_free_antivirus_de.exe 2013-07-13 18:37 - 2013-07-13 18:35 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461.exe 2013-07-13 17:05 - 2013-06-09 05:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-07-13 16:34 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF 2013-07-13 14:18 - 2013-06-09 05:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-13 14:06 - 2013-07-13 14:06 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\Malwarebytes 2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-13 13:49 - 2013-07-13 13:49 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sergej\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-13 12:43 - 2013-02-05 18:02 - 01350728 _____ C:\windows\WindowsUpdate.log 2013-07-13 12:31 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent 2013-07-11 19:08 - 2013-02-08 22:28 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\Skype 2013-07-11 12:38 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\ELAM 2013-07-11 12:36 - 2013-02-08 18:55 - 00045856 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys 2013-06-27 15:02 - 2013-05-18 09:07 - 00000000 ____D C:\Users\Sergej\AppData\Local\Nero 2013-06-27 00:46 - 2013-06-27 00:46 - 00248632 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgwfpa.sys 2013-06-21 22:19 - 2013-06-09 05:39 - 00003398 _____ C:\windows\System32\Tasks\EPUpdater 2013-06-19 19:55 - 2013-06-19 19:55 - 00004034 _____ C:\windows\System32\Tasks\LaunchApp 2013-06-19 19:55 - 2013-06-09 05:34 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2013-06-19 19:54 - 2013-06-19 19:54 - 00001643 _____ C:\Users\Sergej\Desktop\Sync Folder.lnk 2013-06-19 19:54 - 2013-06-19 19:54 - 00000000 ____D C:\Users\Sergej\SyncFolder ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-11 14:01 ==================== End Of Log Was meinst Du? Problem behoben? Vielen Dank für Deine Mühe. Gruß, Doma |
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Hast Du denn noch Probleme? :) |
Hallo Schrauber Ich habe nun den Scan gemacht, aber die Verbindung zum Internet nicht getrennt. Hier aber die Kopie Code: Getting user folders.Gruß Doma |
Ich aber, er is weg, ich will nur wissen ob Du noch irgendwelche Probleme merkst :) Lösch bitte AdwCleaner und lad ihn neu, lass laufen und poste das Logfile, zusammen mit einem frischen FRST log :) |
Vielen vlelen Dank!!!! :)))) Ich freu mich sehr! Es kommen auch keine Meldungen mehr über vorhandene Bedrohungen. Hier die logfile von adw.cleaner und eine frische frst...! ;) FRST Logfile: FRST Logfile: FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02--- --- --- --- --- --- ************************* AdwCleaner[R1].txt - [776 octets] - [17/07/2013 14:56:10] AdwCleaner[S1].txt - [25313 octets] - [15/07/2013 20:49:32] AdwCleaner[S2].txt - [1040 octets] - [16/07/2013 13:29:39] ########## EOF - C:\AdwCleaner[R1].txt - [956 octets] ########## Code: # AdwCleaner v2.305 - Datei am 17/07/2013 um 14:56:10 erstelltLieben Gruß, Doma Code: # AdwCleaner v2.305 - Datei am 17/07/2013 um 14:56:10 erstelltFRST Logfile: FRST Logfile: FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02--- --- --- --- --- --- Lieber Schrauber, falls dies nun doppelt beantwortet ist, sorry, aber anscheinend hat die letzte Sendung nicht geklappt. Also ganz herzlichst Dankeschön :knuddel: für deine kompetente Unterstützung. :daumenhoc Ich glaube auch der Virus ist weg. Echt :abklatsch: super!!! Vielleicht hast du noch einen abschließenden Tip für mich...? Was soll ich z.B. unbedingt wieder löschen von den Programmen ? Alles Gute Gruß, Doma Code: # AdwCleaner v2.305 - Datei am 17/07/2013 um 14:56:10 erstelltFRST Logfile: FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02--- --- --- Lieber Schrauber ich freu mich riesig, der Virus ist weg!!! Ganz herzlichen Dank Dir für Deine kompetente Hlfe. Echt super !!! Respekt!!! Gibts noch eine Kontrolle? Und darf ich mich wieder an dich wenden wenn ich ein Problem habe mit dem LT? Alles Gute Ganz liebe Grüße Doma |
Klar darfst Du das :) Fertig und aufräumen :) Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann. |
Hallo Schrauber! Ganz herzlichen Dank für deine wertvollen Tips. Werde sie mir alle zu Herzen nehmen und vor allem auf den LT laden. Ich freu mich sehr dass ich mich an Dich wenden darf wenn was ist, so hoff ich doch dass das so schnell nicht mehr nötig sein wird !!! ;) Dieses DelFix ist wirklich genial!. Hab ich gemacht und alles ist weg! :) Wie stell ich sicher mit windows 8 dass das System automatisch updatet??? Du beschreibst xp, vista und w7....;) So denn nochmals ganz ganz vielen Dank für deine Hilfe. Ich danke Dir auch für Deine guten Wünsche.... Dir wünsche ich alles alles Liebe und Gute! Liebe Grüße Doma |
|
| Alle Zeitangaben in WEZ +1. Es ist jetzt 07:32 Uhr. |
Copyright ©2000-2025, Trojaner-Board
